Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

C:windows/syswow64/dllhost.exe blocked websites [Solved]

syswow64 dllhost.exe *32 com surrogate

  • This topic is locked This topic is locked

#1
malonej89

malonej89

    Member

  • Member
  • PipPip
  • 12 posts

My malwarebytes has recently kept blocking websites from my c:/windows/syswow64/dllhost.exe and the popups seem to happen constantly.  I look at my processes in my task manager and there are a lot of dllhost.exe *32 - com surrogate processes running.  I'm positive I have some kind of infection on my laptop at this point.  I have a HP g60, 64-bit, running windows 7.  Assistance to clean up this matter would be greatly appreciated.  Thanks for the help


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi username

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....


Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
malonej89

malonej89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hey thanks for getting back to me I really appreciate the help with this.

 

Here is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by John (administrator) on JOHN-PC on 03-11-2014 19:04:28
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxdbcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-562402938-736828387-837565867-1000\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-05-14] ()
HKU\S-1-5-21-562402938-736828387-837565867-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-562402938-736828387-837565867-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-562402938-736828387-837565867-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...&q={searchTerms}
SearchScopes: HKCU - {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL =
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sa.rockfin.c...SetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8B9D6E50-F3EF-4FFD-8073-301D07DBACAA}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{F164E3CD-773E-4A8D-B0A1-AE794A7D7C92}: [NameServer] 208.69.150.250,208.69.150.252

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-10]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-03]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-10-15&gen=cnet&ent=hp&u=469A5A81C468764B0676A8543DFA47AD
CHR StartupUrls: Default -> "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-10-15&gen=cnet&ent=hp&u=469A5A81C468764B0676A8543DFA47AD", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> securesearch
CHR DefaultSearchURL: Default -> http://securedsearch...&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-06]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-06]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-06]
CHR HKLM-x32\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - C:\Users\John\AppData\Local\Giant Savings\Chrome\Giant Savings.crx []
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3063576 2010-07-14] (Bradford Networks)
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 lxdb_device; C:\Windows\system32\lxdbcoms.exe [566192 2007-02-02] ( )
R2 lxdb_device; C:\Windows\SysWOW64\lxdbcoms.exe [537520 2007-02-02] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Sendoriv1; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-07-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-07-10] (BitDefender LLC)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [26624 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U0 sr; No ImagePath
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 19:04 - 2014-11-03 19:05 - 00017464 _____ () C:\Users\John\Desktop\FRST.txt
2014-11-03 19:03 - 2014-11-03 19:04 - 00000000 ____D () C:\FRST
2014-11-03 18:58 - 2014-11-03 18:58 - 02114560 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-10-25 10:17 - 2014-10-25 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-25 10:15 - 2014-10-25 10:15 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-25 10:06 - 2014-10-26 02:32 - 00014962 _____ () C:\Windows\CUAppUsage.Dat
2014-10-25 03:51 - 2014-10-25 03:51 - 00000000 ____D () C:\Users\John\AppData\Local\SFPC_Auto_Updater
2014-10-25 03:32 - 2011-09-05 10:14 - 00205512 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\cumon.sys
2014-10-25 03:29 - 2014-10-25 03:29 - 629145600 ____H () C:\fileimage.dat
2014-10-25 03:28 - 2011-09-05 10:14 - 00019568 _____ () C:\Windows\system32\Drivers\evdd.sys
2014-10-25 03:21 - 2014-10-25 03:21 - 00001001 _____ () C:\Users\Public\Desktop\COMODO Programs Manager.lnk
2014-10-25 03:21 - 2014-10-25 03:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-10-25 03:21 - 2014-10-25 03:21 - 00000000 ____D () C:\Program Files\COMODO
2014-10-25 03:20 - 2014-10-25 03:20 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-10-25 03:10 - 2014-10-25 03:10 - 00000000 ____D () C:\Users\John\AppData\Local\IsolatedStorage
2014-10-25 03:09 - 2014-10-25 03:09 - 00003558 _____ () C:\Windows\System32\Tasks\Secure Fast PC Autorun
2014-10-25 03:08 - 2014-10-25 03:08 - 00003992 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-10-25 03:08 - 2014-10-25 03:08 - 00000000 ____D () C:\Users\John\AppData\Local\Developerts_LLC
2014-10-25 03:07 - 2014-10-25 03:34 - 00000000 ____D () C:\Users\John\AppData\Roaming\Developerts LLC USA
2014-10-15 16:53 - 2014-10-15 16:53 - 00000000 ____D () C:\Users\John\AppData\Roaming\Lavasoft
2014-10-15 04:17 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 04:17 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 04:17 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 04:17 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 04:17 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 04:17 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 04:17 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 04:17 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 04:17 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 04:17 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 04:17 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 04:17 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 04:16 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 04:16 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 04:16 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 04:16 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 04:16 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 04:16 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 04:16 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 04:16 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 04:16 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 04:16 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 04:16 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 04:16 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 04:16 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 04:16 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 04:16 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 04:16 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 04:16 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 04:16 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 04:16 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 04:16 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 04:16 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 04:16 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 04:16 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 04:16 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 04:16 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 04:16 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 04:16 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 04:16 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 04:15 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 04:15 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 04:15 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 04:15 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 04:15 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 04:15 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 04:15 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 04:15 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 04:15 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 04:15 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 04:15 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 04:15 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 04:15 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 04:15 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 04:15 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 04:15 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 04:15 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 04:15 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 04:15 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 04:15 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 04:15 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 04:15 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 04:15 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 04:15 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 04:15 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 04:15 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 04:15 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 04:15 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 04:15 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 04:15 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 04:15 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 04:15 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 04:15 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 04:15 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 04:15 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 04:15 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 04:15 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 04:15 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 04:15 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 04:15 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 04:15 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 04:15 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 04:15 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 04:15 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 04:15 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 04:15 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 04:15 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 04:15 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 04:15 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 04:15 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 04:15 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 04:15 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 04:15 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 04:15 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 04:15 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 04:15 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 04:15 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 04:15 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 04:15 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 04:15 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 04:14 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 04:14 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 04:14 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 04:14 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 04:14 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 04:14 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 04:14 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 04:14 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 04:14 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 04:14 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 04:13 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 04:13 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 23:52 - 2014-10-14 23:52 - 00000000 ____D () C:\ProgramData\BitDefender
2014-10-14 23:43 - 2014-10-14 23:43 - 00000000 ____D () C:\Users\John\AppData\Roaming\LavasoftStatistics
2014-10-14 23:43 - 2014-07-10 13:09 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2014-10-14 23:42 - 2014-11-02 09:09 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-10-14 23:42 - 2014-10-14 23:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-14 23:40 - 2014-10-14 23:40 - 00000000 ____D () C:\Program Files\Lavasoft
2014-10-14 23:39 - 2014-10-14 23:39 - 00000000 ____D () C:\Users\John\AppData\Roaming\SecureSearch
2014-10-14 23:38 - 2014-10-15 17:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-10-14 23:34 - 2014-10-14 23:34 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-10-12 22:41 - 2014-11-03 18:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 22:31 - 2014-10-25 03:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 22:31 - 2014-10-25 00:29 - 00001058 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-12 22:31 - 2014-10-12 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-12 22:31 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-12 22:31 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-12 22:22 - 2014-11-02 18:29 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn
2014-10-12 22:22 - 2014-11-02 18:29 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job
2014-10-04 13:32 - 2014-10-04 14:15 - 00000000 ____D () C:\Users\John\Desktop\CITY AND COLOUR - DISCOGRAPHY (2004-13) [CHANNEL NEO]

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 19:01 - 2009-07-14 00:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 18:59 - 2013-05-25 20:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 18:40 - 2011-04-17 23:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 18:31 - 2009-11-14 13:33 - 01835433 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 22:34 - 2011-04-17 23:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 18:25 - 2010-01-10 14:50 - 00000000 ____D () C:\Users\John\AppData\Roaming\HP Support Assistant
2014-11-02 18:25 - 2009-12-18 21:03 - 00000000 ____D () C:\Users\John\AppData\Roaming\HpUpdate
2014-11-02 09:15 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 09:15 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 09:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 09:06 - 2009-07-13 23:51 - 00213374 _____ () C:\Windows\setupact.log
2014-11-01 23:33 - 2010-01-11 21:58 - 00000021 _____ () C:\ProgramData\hpqp.txt
2014-10-28 05:34 - 2010-07-07 16:55 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 23:36 - 2012-08-12 13:54 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2014-10-27 18:54 - 2010-01-04 22:01 - 01033116 _____ () C:\Windows\PFRO.log
2014-10-26 02:33 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-25 13:20 - 2009-12-18 21:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-25 13:19 - 2009-12-18 21:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-25 12:40 - 2009-08-17 15:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-25 12:33 - 2009-11-14 13:56 - 00000290 _____ () C:\ProgramData\hpqp.ini
2014-10-25 12:33 - 2009-08-17 14:52 - 00000000 ____D () C:\ProgramData\Temp
2014-10-25 12:29 - 2009-12-18 20:50 - 00000000 ____D () C:\Users\John
2014-10-25 12:27 - 2013-12-29 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-25 12:27 - 2010-03-07 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2014-10-25 12:27 - 2010-03-07 17:14 - 00000000 ____D () C:\ProgramData\AOL
2014-10-25 12:26 - 2011-03-23 11:47 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.6
2014-10-25 12:26 - 2010-03-07 17:14 - 00000000 ____D () C:\Program Files (x86)\AOL 9.5
2014-10-25 12:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-25 12:24 - 2009-12-18 21:54 - 00000000 ____D () C:\Users\John\AppData\Local\AOL
2014-10-25 12:23 - 2010-09-16 16:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-25 11:32 - 2010-03-07 17:16 - 00000000 ____D () C:\Users\John\AppData\Roaming\AOL
2014-10-25 10:34 - 2010-01-13 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-25 10:26 - 2009-08-17 13:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-25 10:25 - 2009-08-17 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-25 10:25 - 2009-08-17 15:15 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-10-25 02:58 - 2011-05-08 15:10 - 00000000 ____D () C:\Program Files (x86)\Your Uninstaller 2008
2014-10-25 02:55 - 2011-07-06 23:04 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-21 18:35 - 2011-04-17 23:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 18:35 - 2011-04-17 23:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 16:05 - 2013-12-29 23:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-16 05:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:48 - 2009-07-13 23:45 - 00442528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:42 - 2014-05-11 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 21:28 - 2012-12-16 19:16 - 00000000 ____D () C:\Windows\Minidump
2014-10-13 21:56 - 2014-03-12 12:11 - 00000000 ____D () C:\Users\John\AppData\Roaming\Spotify
2014-10-13 21:54 - 2014-03-12 12:12 - 00000000 ____D () C:\Users\John\AppData\Local\Spotify
2014-10-12 22:31 - 2010-06-09 16:08 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-10-12 22:31 - 2010-06-09 16:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-12 22:23 - 2011-03-23 00:21 - 00000000 ____D () C:\Users\John\Documents\Youcam

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\cf2e053d-b648-4703-9130-daec179889a5.exe
C:\Users\John\AppData\Local\Temp\feedback.dll
C:\Users\John\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\John\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\uninst.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 01:17

==================== End Of Log ============================

 

Here is the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by John at 2014-11-03 19:05:44
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
3 Days - Zoo Mystery (x32 Version: 2.2.0.95 - WildTangent) Hidden
ACL Desktop Education Edition (HKLM-x32\...\{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}) (Version: 9.0.0.243 - ACL Software)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 1.5.1.0 - )
Bigfoot: Chasing Shadows (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Book of Legends (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brunhilda and the Dark Crystal (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
COMODO Programs Manager (HKLM\...\{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}) (Version: 1.3_build_30 - COMODO)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
Cruise Clues: Caribbean Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deep Blue Sea 2: The Amulet of Light (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Dream Chronicles - The Book of Air Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dream Chronicles: The Book of Water Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
E.P.I.C.: Wishmaster Adventures (x32 Version: 3.0.2.32 - WildTangent) Hidden
Escape From Paradise (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape the Lost Kingdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape Whisper Valley™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Exorcist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fallen Shadows (x32 Version: 2.2.0.98 - WildTangent) Hidden
Family Feud 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Family Feud Hollywood Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Forgotten Places - Lost Circus (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Hide and Secret (x32 Version: 2.2.0.95 - WildTangent) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
House of 1000 Doors: The Palm of Zoroaster (x32 Version: 2.2.0.110 - WildTangent) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Immortal Lovers (x32 Version: 2.2.0.95 - WildTangent) Hidden
Infected: The Twin Vaccine Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Insider Tales - The Secret of Casanova (x32 Version: 2.2.0.95 - WildTangent) Hidden
Insider Tales - The Stolen Venus (x32 Version: 2.2.0.95 - WildTangent) Hidden
Insider Tales - Vanished in Rome (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jack the Ripper - Letters from [bleep] (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Mysteries 2 Trail of the Midnight Heart (x32 Version: 2.2.0.95 - WildTangent) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.0.0.17289 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.4.9429 - Juniper Networks)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.0.0.17289 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
King Arthur (x32 Version: 2.2.0.97 - WildTangent) Hidden
Lexmark 840 Series (HKLM\...\Lexmark 840 Series) (Version:  - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Little Shop of Treasures 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Love and Death - Bitten (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 Trial (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 Trial (HKLM-x32\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Data Mining Add-Ins for Office 2007 (HKLM-x32\...\{508DC644-7B1B-47E1-BE60-F3F68CDF6871}) (Version: 9.00.3154.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Murder Island: Secret of Tantalus (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mushroom Age (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mystery Masterpiece - The Moonstone (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Nightfall Mysteries: Curse of the Opera (x32 Version: 2.2.0.95 - WildTangent) Hidden
NightShift Legacy - The Jaguar's Eye (x32 Version: 2.2.0.95 - WildTangent) Hidden
Oddly Enough: Pied Piper (x32 Version: 2.2.0.98 - WildTangent) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Paige Harper and the Tome of Mystery (x32 Version: 2.2.0.95 - WildTangent) Hidden
Phantasmat (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pocahontas - Princess of the Powhatan (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Real Crimes - Jack the Ripper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Robin's Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Secrets of the Dragon Wheel (x32 Version: 2.2.0.95 - WildTangent) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Snark Busters - Welcome to the Club (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
The Clockwork Man - The Hidden World (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Conjurer (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Dream Voyagers (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Inquisitor (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Magician's Handbook 2: BlackLore (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Magician's Handbook: Cursed Valley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Time Riddles: The Mansion (x32 Version: 2.2.0.95 - WildTangent) Hidden
Trivia Gems (x32 Version: 2.2.0.95 - WildTangent) Hidden
Twisted Lands: Origin (x32 Version: 3.0.2.32 - WildTangent) Hidden
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version:  - )
Unsolved Mystery Club®: Ancient Astronauts® Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vampire Saga - Pandora's Box (x32 Version: 2.2.0.95 - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
White Haven Mysteries Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.6.14 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Youda Legend: The Golden Bird of Paradise (x32 Version: 3.0.2.32 - WildTangent) Hidden
Youda Mystery: The Stanwick Legacy (x32 Version: 2.2.0.110 - WildTangent) Hidden
Your Uninstaller! 2008 Version 6.0 (HKLM-x32\...\Your Uninstaller! 2008_is1) (Version: 6.0 - URSoft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-562402938-736828387-837565867-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-562402938-736828387-837565867-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

==================== Restore Points  =========================

25-10-2014 07:53:46 Before uninstall PowerDirector
25-10-2014 08:07:32 PerforMax Cleaner
25-10-2014 08:12:50 Before uninstalling PerforMax Cleaner
25-10-2014 08:13:36 PerforMax Cleaner
25-10-2014 08:38:16 PerforMax Cleaner
25-10-2014 08:41:41 PerforMax Cleaner
25-10-2014 08:45:26 Configured PowerDirector
25-10-2014 15:12:21 AA11
25-10-2014 15:18:31 Removed Java™ 6 Update 14 (64-bit)
25-10-2014 15:23:18 Configured LabelPrint
25-10-2014 15:28:41 Removed Microsoft Office Professional 2007 Trial
25-10-2014 15:35:23 Removed muvee Reveal
25-10-2014 15:39:09 Removed Java 7 Update 71
25-10-2014 15:43:07 Removed Microsoft Office Visio Professional 2007 Trial
25-10-2014 15:49:45 Removed Microsoft Office Professional 2007 Trial
25-10-2014 17:15:54 Restore Operation
25-10-2014 17:36:08 Removed Java 7 Update 71
26-10-2014 23:00:15 Windows Backup
29-10-2014 01:14:43 Windows Update
03-11-2014 03:36:44 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0141198C-504B-47D8-8E1A-C111E4A9109F} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\John\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-10-02] () <==== ATTENTION
Task: {2895ECBB-0ADA-4D8B-A5B0-9F200540FDD8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {38BF8483-7C49-44F9-867E-229B754FF7B6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-562402938-736828387-837565867-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {42052DF6-7EFA-41A7-A0C0-05BED4C97D30} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {43F1CC10-1BC3-4FE7-BD2F-1EB3F4889FE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {488B2215-51E2-4F2A-8E77-C72573B82EC4} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {85BF21E7-0D37-4ABC-BBD3-67CB2FCA7A56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {9365861C-98A9-4B18-A855-1426B9C92239} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {A8C63555-87B7-45F5-855E-AA6604B1ADC3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A8C761A3-5EEA-43E1-BD4E-92B0D8B9FDEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1B7742B-A99C-4F3B-8440-BB22557FEA6D} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {E0994B93-0010-4777-8EA4-0D823483AB33} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-562402938-736828387-837565867-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FADED668-7290-49D4-B1A4-2F248EE0C504} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe <==== ATTENTION
Task: {FFC9590D-01C7-4BEB-96C2-42FC4AB98B8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-10-15 13:03 - 2014-10-15 13:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2011-07-06 23:04 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-09-05 10:11 - 2011-09-05 10:11 - 00116032 _____ () C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
2014-10-15 12:37 - 2014-10-15 12:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 13:04 - 2014-10-15 13:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-07-10 13:09 - 2014-10-15 00:45 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
2014-07-10 13:09 - 2014-10-15 00:45 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
2014-07-10 13:09 - 2014-10-15 00:45 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
2014-07-10 13:09 - 2014-10-15 00:45 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
2014-10-15 13:03 - 2014-10-15 13:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
AlternateDataStreams: C:\ProgramData\Temp:2520CFF2
AlternateDataStreams: C:\ProgramData\Temp:B3D74A13
AlternateDataStreams: C:\ProgramData\Temp:FED25C29

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-562402938-736828387-837565867-500 - Administrator - Disabled)
Guest (S-1-5-21-562402938-736828387-837565867-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-562402938-736828387-837565867-1002 - Limited - Enabled)
John (S-1-5-21-562402938-736828387-837565867-1000 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2014 07:01:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/03/2014 07:01:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/03/2014 06:06:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66640725

Error: (11/03/2014 06:06:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66640725

Error: (11/03/2014 06:06:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/03/2014 06:06:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66639727

Error: (11/03/2014 06:06:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66639727

Error: (11/03/2014 06:06:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/03/2014 06:06:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66638713

Error: (11/03/2014 06:06:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66638713

System errors:
=============
Error: (11/03/2014 06:59:39 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/03/2014 06:59:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/02/2014 09:06:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sendoriv1 service failed to start due to the following error:
%%2

Error: (11/02/2014 09:06:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BBUpdate service failed to start due to the following error:
%%1053

Error: (11/02/2014 09:06:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.

Error: (11/02/2014 09:06:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:42:29 AM on ‎11/‎2/‎2014 was unexpected.

Error: (10/31/2014 04:11:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (10/31/2014 04:11:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (10/27/2014 11:56:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 06:55:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sendoriv1 service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (05/10/2014 04:30:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 504230 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (05/18/2013 02:15:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 292367 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (03/02/2013 01:21:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 871787 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (02/26/2011 06:41:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/10/2010 07:19:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 229 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (11/10/2010 07:15:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 942 seconds with 780 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 63%
Total physical RAM: 3003.19 MB
Available physical RAM: 1110.18 MB
Total Pagefile: 6004.56 MB
Available Pagefile: 3566.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.98 GB) (Free:166.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:1.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 135C058F)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Malonej89,

I have examined your logs and your have Poweliks (you knew this) along with Zero Access and some other malware. Let's get busy before this gets worse...

First, the warning about Zero Access ....

You have a backdoor infection!

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately and use this system online as little as possible. If you do any banking or other financial transactions on this PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan(s) has(have) been identified and can be killed(removed), because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That said, I can still help you clean out the malware as best as I can without going that route, so I have included the steps to remove what the logs show. If you decide that you do want to do a format and reinstall of Windows, please let me know that in your next post.


Second, Please uninstall a program ....

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Viewpoint Media Player

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.



Third, a FRST Fix script run ....

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-562402938-736828387-837565867-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2\n. ATTENTION! ====> ZeroAccess?
C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2\n.
C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2
HKU\S-1-5-21-562402938-736828387-837565867-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - C:\Users\John\AppData\Local\Giant Savings\Chrome\Giant Savings.crx []
C:\Users\John\AppData\Local\Giant Savings
S2 Sendoriv1; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U0 sr; No ImagePath
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2014-10-25 03:51 - 2014-10-25 03:51 - 00000000 ____D () C:\Users\John\AppData\Local\SFPC_Auto_Updater
2014-10-25 03:10 - 2014-10-25 03:10 - 00000000 ____D () C:\Users\John\AppData\Local\IsolatedStorage
2014-10-25 03:09 - 2014-10-25 03:09 - 00003558 _____ () C:\Windows\System32\Tasks\Secure Fast PC Autorun
2014-10-25 03:08 - 2014-10-25 03:08 - 00003992 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-10-25 03:08 - 2014-10-25 03:08 - 00000000 ____D () C:\Users\John\AppData\Local\Developerts_LLC
2014-10-25 03:07 - 2014-10-25 03:34 - 00000000 ____D () C:\Users\John\AppData\Roaming\Developerts LLC USA
C:\Users\John\AppData\Local\Temp\cf2e053d-b648-4703-9130-daec179889a5.exe
C:\Users\John\AppData\Local\Temp\feedback.dll
C:\Users\John\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\John\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\uninst.dll
CustomCLSID: HKU\S-1-5-21-562402938-736828387-837565867-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-562402938-736828387-837565867-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
Task: {0141198C-504B-47D8-8E1A-C111E4A9109F} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\John\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-10-02] () <==== ATTENTION
C:\Users\John\AppData\Roaming\Developerts LLC USA
Task: {FADED668-7290-49D4-B1A4-2F248EE0C504} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe <==== ATTENTION
C:\Program Files (x86)\Developerts LLC
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
AlternateDataStreams: C:\ProgramData\Temp:2520CFF2
AlternateDataStreams: C:\ProgramData\Temp:B3D74A13
AlternateDataStreams: C:\ProgramData\Temp:FED25C29
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
EmptyTemp:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait. This script should have FRST close your desktop, remove the malware it can and reboot your system. (I just wanted to let you know what should happen so you would be ready for it and not worry.) If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Fourth, A RogueKiller scan ....
  • Download RogueKiller (by tigzy) on to your desktop
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until the Prescan has finished ...
  • Click on Scan. Once finished, click on Report
Please post the contents of the RKreport.txt in your next Reply.


Fifth, a follow up FRST64 scan ....

We need to check that FRST script did it's work properly.

If you still have a Addition.txt log file on your desktop, please delete it now.

Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator".

The tool will start to run.
When the tool opens click Yes to disclaimer. (if it does)

Select Additional.txt in the Optional Scans section of FRST64.

Press Scan button.

It will make two logs (FRST.txt and Addition.txt) on your Desktop. Please post the contents of these logs in a reply post here.


Things to reply with next .... (a handy list for you)
  • Did the uninstall happen without errors?
  • The Fixlog.txt log file text from the FRST script run.
  • The RogueKiller report log (RKreport.txt) text.
  • The fresh FRST.txt and Addition.txt log files text.
  • Any questions or concerns you have about your system so far.
  • How is your system running now?

  • 0

#5
malonej89

malonej89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

All in all my system is definitely running faster at this point.  Hopefully this has fixed the issue.  I did some research and read how bad the zeroaccess Trojan can be.  Again your help with this is really appreciated.  The uninstall of viewpoint media player went without error.  Here are the logs.

 

fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by John at 2014-11-05 00:24:32 Run:1
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-562402938-736828387-837565867-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2\n. ATTENTION! ====> ZeroAccess?
C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2\n.
C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2
HKU\S-1-5-21-562402938-736828387-837565867-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - C:\Users\John\AppData\Local\Giant Savings\Chrome\Giant Savings.crx []
C:\Users\John\AppData\Local\Giant Savings
S2 Sendoriv1; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U0 sr; No ImagePath
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2014-10-25 03:51 - 2014-10-25 03:51 - 00000000 ____D () C:\Users\John\AppData\Local\SFPC_Auto_Updater
2014-10-25 03:10 - 2014-10-25 03:10 - 00000000 ____D () C:\Users\John\AppData\Local\IsolatedStorage
2014-10-25 03:09 - 2014-10-25 03:09 - 00003558 _____ () C:\Windows\System32\Tasks\Secure Fast PC Autorun
2014-10-25 03:08 - 2014-10-25 03:08 - 00003992 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-10-25 03:08 - 2014-10-25 03:08 - 00000000 ____D () C:\Users\John\AppData\Local\Developerts_LLC
2014-10-25 03:07 - 2014-10-25 03:34 - 00000000 ____D () C:\Users\John\AppData\Roaming\Developerts LLC USA
C:\Users\John\AppData\Local\Temp\cf2e053d-b648-4703-9130-daec179889a5.exe
C:\Users\John\AppData\Local\Temp\feedback.dll
C:\Users\John\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\John\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\uninst.dll
CustomCLSID: HKU\S-1-5-21-562402938-736828387-837565867-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-562402938-736828387-837565867-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
Task: {0141198C-504B-47D8-8E1A-C111E4A9109F} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\John\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-10-02] () <==== ATTENTION
C:\Users\John\AppData\Roaming\Developerts LLC USA
Task: {FADED668-7290-49D4-B1A4-2F248EE0C504} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe <==== ATTENTION
C:\Program Files (x86)\Developerts LLC
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
AlternateDataStreams: C:\ProgramData\Temp:2520CFF2
AlternateDataStreams: C:\ProgramData\Temp:B3D74A13
AlternateDataStreams: C:\ProgramData\Temp:FED25C29
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
EmptyTemp:
end

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-562402938-736828387-837565867-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
"C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2\n." => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-562402938-736828387-837565867-1000\$708e671f3545291506c06082039c15b2 => Moved successfully.
"HKU\S-1-5-21-562402938-736828387-837565867-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-562402938-736828387-837565867-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}" => Key deleted successfully.
"HKCR\CLSID\{397CFBAF-01FE-4A0D-950E-041F4905DC38}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}" => Key deleted successfully.
"HKCR\CLSID\{397CFBAF-01FE-4A0D-950E-041F4905DC38}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj" => Key deleted successfully.
"C:\Users\John\AppData\Local\Giant Savings\Chrome\Giant Savings.crx" => File/Directory not found.
"C:\Users\John\AppData\Local\Giant Savings" => File/Directory not found.
Sendoriv1 => Service deleted successfully.
RtsUIR => Service deleted successfully.
sr => Service deleted successfully.
USBCCID => Service deleted successfully.
C:\Users\John\AppData\Local\SFPC_Auto_Updater => Moved successfully.
C:\Users\John\AppData\Local\IsolatedStorage => Moved successfully.
C:\Windows\System32\Tasks\Secure Fast PC Autorun => Moved successfully.
C:\Windows\System32\Tasks\Secure Fast PC Auto Updater => Moved successfully.
C:\Users\John\AppData\Local\Developerts_LLC => Moved successfully.
C:\Users\John\AppData\Roaming\Developerts LLC USA => Moved successfully.
C:\Users\John\AppData\Local\Temp\cf2e053d-b648-4703-9130-daec179889a5.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\feedback.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\uninst.dll => Moved successfully.
"HKU\S-1-5-21-562402938-736828387-837565867-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKU\S-1-5-21-562402938-736828387-837565867-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0141198C-504B-47D8-8E1A-C111E4A9109F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0141198C-504B-47D8-8E1A-C111E4A9109F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Secure Fast PC Auto Updater not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Auto Updater" => Key deleted successfully.
"C:\Users\John\AppData\Roaming\Developerts LLC USA" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FADED668-7290-49D4-B1A4-2F248EE0C504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FADED668-7290-49D4-B1A4-2F248EE0C504}" => Key deleted successfully.
C:\Windows\System32\Tasks\Secure Fast PC Autorun not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Autorun" => Key deleted successfully.
"C:\Program Files (x86)\Developerts LLC" => File/Directory not found.
C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully.
C:\ProgramData\Temp => ":2520CFF2" ADS removed successfully.
C:\ProgramData\Temp => ":B3D74A13" ADS removed successfully.
C:\ProgramData\Temp => ":FED25C29" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => Key deleted successfully.
EmptyTemp: => Removed 1.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

RKreport.txt

 

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : John [Administrator]
Mode : Scan -- Date : 11/05/2014  00:43:06

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B9D6E50-F3EF-4FFD-8073-301D07DBACAA} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F164E3CD-773E-4A8D-B0A1-AE794A7D7C92} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8B9D6E50-F3EF-4FFD-8073-301D07DBACAA} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F164E3CD-773E-4A8D-B0A1-AE794A7D7C92} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8B9D6E50-F3EF-4FFD-8073-301D07DBACAA} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F164E3CD-773E-4A8D-B0A1-AE794A7D7C92} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 9 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetConnectW : Unknown @ 0x2a90450
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoW : Unknown @ 0x2a904d0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoA : Unknown @ 0x2a904b0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x2a90430
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x2a904f0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x2a90510
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFileExW : Unknown @ 0x2a90530
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpOpenRequestW : Unknown @ 0x2a90470
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpSendRequestW : Unknown @ 0x2a90490

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 ATA Device +++++
--- User ---
[MBR] 2b46a27b2b3e7c92e5a9f46aaa944528
[BSP] 6911f7ab74d4895f89189076d3f0233b : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 292848 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 600162304 | Size: 12196 MB
User = LL1 ... OK
User = LL2 ... OK

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by John (administrator) on JOHN-PC on 05-11-2014 00:45:32
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxdbcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-562402938-736828387-837565867-1000\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-05-14] ()
HKU\S-1-5-21-562402938-736828387-837565867-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sa.rockfin.c...SetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8B9D6E50-F3EF-4FFD-8073-301D07DBACAA}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{F164E3CD-773E-4A8D-B0A1-AE794A7D7C92}: [NameServer] 208.69.150.250,208.69.150.252

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-10]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-03]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-10-15&gen=cnet&ent=hp&u=469A5A81C468764B0676A8543DFA47AD
CHR StartupUrls: Default -> "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-10-15&gen=cnet&ent=hp&u=469A5A81C468764B0676A8543DFA47AD", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> securesearch
CHR DefaultSearchURL: Default -> http://securedsearch...&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-06]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-06]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-06]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3063576 2010-07-14] (Bradford Networks)
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 lxdb_device; C:\Windows\system32\lxdbcoms.exe [566192 2007-02-02] ( )
R2 lxdb_device; C:\Windows\SysWOW64\lxdbcoms.exe [537520 2007-02-02] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-07-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-07-10] (BitDefender LLC)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-05] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [26624 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 00:43 - 2014-11-05 00:43 - 00004578 _____ () C:\Users\John\Desktop\RKreport.txt
2014-11-05 00:35 - 2014-11-05 00:35 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-05 00:35 - 2014-11-05 00:35 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-05 00:34 - 2014-11-05 00:34 - 14670424 _____ () C:\Users\John\Desktop\RogueKiller.exe
2014-11-05 00:28 - 2014-11-05 00:28 - 00000148 _____ () C:\lxdb.log
2014-11-03 19:04 - 2014-11-05 00:46 - 00015620 _____ () C:\Users\John\Desktop\FRST.txt
2014-11-03 19:03 - 2014-11-05 00:45 - 00000000 ____D () C:\FRST
2014-11-03 18:58 - 2014-11-03 18:58 - 02114560 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-10-25 10:17 - 2014-10-25 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-25 10:15 - 2014-10-25 10:15 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-25 10:06 - 2014-11-05 00:28 - 00014804 _____ () C:\Windows\CUAppUsage.Dat
2014-10-25 03:32 - 2011-09-05 10:14 - 00205512 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\cumon.sys
2014-10-25 03:29 - 2014-10-25 03:29 - 629145600 ____H () C:\fileimage.dat
2014-10-25 03:28 - 2011-09-05 10:14 - 00019568 _____ () C:\Windows\system32\Drivers\evdd.sys
2014-10-25 03:21 - 2014-10-25 03:21 - 00001001 _____ () C:\Users\Public\Desktop\COMODO Programs Manager.lnk
2014-10-25 03:21 - 2014-10-25 03:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-10-25 03:21 - 2014-10-25 03:21 - 00000000 ____D () C:\Program Files\COMODO
2014-10-25 03:20 - 2014-10-25 03:20 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-10-15 16:53 - 2014-10-15 16:53 - 00000000 ____D () C:\Users\John\AppData\Roaming\Lavasoft
2014-10-15 04:17 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 04:17 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 04:17 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 04:17 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 04:17 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 04:17 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 04:17 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 04:17 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 04:17 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 04:17 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 04:17 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 04:17 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 04:17 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 04:16 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 04:16 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 04:16 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 04:16 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 04:16 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 04:16 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 04:16 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 04:16 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 04:16 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 04:16 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 04:16 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 04:16 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 04:16 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 04:16 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 04:16 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 04:16 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 04:16 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 04:16 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 04:16 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 04:16 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 04:16 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 04:16 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 04:16 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 04:16 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 04:16 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 04:16 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 04:16 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 04:16 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 04:16 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 04:16 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 04:15 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 04:15 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 04:15 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 04:15 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 04:15 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 04:15 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 04:15 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 04:15 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 04:15 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 04:15 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 04:15 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 04:15 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 04:15 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 04:15 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 04:15 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 04:15 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 04:15 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 04:15 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 04:15 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 04:15 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 04:15 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 04:15 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 04:15 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 04:15 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 04:15 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 04:15 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 04:15 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 04:15 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 04:15 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 04:15 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 04:15 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 04:15 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 04:15 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 04:15 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 04:15 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 04:15 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 04:15 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 04:15 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 04:15 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 04:15 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 04:15 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 04:15 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 04:15 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 04:15 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 04:15 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 04:15 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 04:15 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 04:15 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 04:15 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 04:15 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 04:15 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 04:15 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 04:15 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 04:15 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 04:15 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 04:15 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 04:15 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 04:15 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 04:15 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 04:15 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 04:14 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 04:14 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 04:14 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 04:14 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 04:14 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 04:14 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 04:14 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 04:14 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 04:14 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 04:14 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 04:14 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 04:13 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 04:13 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 23:52 - 2014-10-14 23:52 - 00000000 ____D () C:\ProgramData\BitDefender
2014-10-14 23:43 - 2014-10-14 23:43 - 00000000 ____D () C:\Users\John\AppData\Roaming\LavasoftStatistics
2014-10-14 23:43 - 2014-07-10 13:09 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2014-10-14 23:42 - 2014-11-05 00:31 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-10-14 23:42 - 2014-10-14 23:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-14 23:40 - 2014-10-14 23:40 - 00000000 ____D () C:\Program Files\Lavasoft
2014-10-14 23:39 - 2014-10-14 23:39 - 00000000 ____D () C:\Users\John\AppData\Roaming\SecureSearch
2014-10-14 23:38 - 2014-10-15 17:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-10-14 23:34 - 2014-10-14 23:34 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-10-12 22:41 - 2014-11-05 00:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 22:31 - 2014-10-25 03:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 22:31 - 2014-10-25 00:29 - 00001058 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-12 22:31 - 2014-10-12 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-12 22:31 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-12 22:31 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-12 22:22 - 2014-11-04 20:05 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job
2014-10-12 22:22 - 2014-11-02 18:29 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 00:40 - 2011-04-17 23:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 00:38 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 00:38 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 00:36 - 2009-07-14 00:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 00:35 - 2009-11-14 13:33 - 01879324 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 00:30 - 2011-04-17 23:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 00:29 - 2010-01-04 22:01 - 01033468 _____ () C:\Windows\PFRO.log
2014-11-05 00:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 00:29 - 2009-07-13 23:51 - 00213486 _____ () C:\Windows\setupact.log
2014-11-05 00:18 - 2012-08-12 13:54 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2014-11-04 23:59 - 2013-05-25 20:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 18:25 - 2010-01-10 14:50 - 00000000 ____D () C:\Users\John\AppData\Roaming\HP Support Assistant
2014-11-02 18:25 - 2009-12-18 21:03 - 00000000 ____D () C:\Users\John\AppData\Roaming\HpUpdate
2014-11-01 23:33 - 2010-01-11 21:58 - 00000021 _____ () C:\ProgramData\hpqp.txt
2014-10-28 05:34 - 2010-07-07 16:55 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 02:33 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-25 13:20 - 2009-12-18 21:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-25 13:19 - 2009-12-18 21:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-25 12:40 - 2009-08-17 15:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-25 12:33 - 2009-11-14 13:56 - 00000290 _____ () C:\ProgramData\hpqp.ini
2014-10-25 12:33 - 2009-08-17 14:52 - 00000000 ____D () C:\ProgramData\Temp
2014-10-25 12:29 - 2009-12-18 20:50 - 00000000 ____D () C:\Users\John
2014-10-25 12:27 - 2013-12-29 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-25 12:27 - 2010-03-07 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2014-10-25 12:27 - 2010-03-07 17:14 - 00000000 ____D () C:\ProgramData\AOL
2014-10-25 12:26 - 2011-03-23 11:47 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.6
2014-10-25 12:26 - 2010-03-07 17:14 - 00000000 ____D () C:\Program Files (x86)\AOL 9.5
2014-10-25 12:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-25 12:24 - 2009-12-18 21:54 - 00000000 ____D () C:\Users\John\AppData\Local\AOL
2014-10-25 12:23 - 2010-09-16 16:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-25 11:32 - 2010-03-07 17:16 - 00000000 ____D () C:\Users\John\AppData\Roaming\AOL
2014-10-25 10:34 - 2010-01-13 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-25 10:26 - 2009-08-17 13:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-25 10:25 - 2009-08-17 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-25 10:25 - 2009-08-17 15:15 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-10-25 02:58 - 2011-05-08 15:10 - 00000000 ____D () C:\Program Files (x86)\Your Uninstaller 2008
2014-10-25 02:55 - 2011-07-06 23:04 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-21 18:35 - 2011-04-17 23:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 18:35 - 2011-04-17 23:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 16:05 - 2013-12-29 23:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-16 05:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:48 - 2009-07-13 23:45 - 00442528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:42 - 2014-05-11 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 02:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 21:28 - 2012-12-16 19:16 - 00000000 ____D () C:\Windows\Minidump
2014-10-13 21:56 - 2014-03-12 12:11 - 00000000 ____D () C:\Users\John\AppData\Roaming\Spotify
2014-10-13 21:54 - 2014-03-12 12:12 - 00000000 ____D () C:\Users\John\AppData\Local\Spotify
2014-10-12 22:31 - 2010-06-09 16:08 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-10-12 22:31 - 2010-06-09 16:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-12 22:23 - 2011-03-23 00:21 - 00000000 ____D () C:\Users\John\Documents\Youcam

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 01:17

==================== End Of Log ============================

 

 

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by John at 2014-11-05 00:47:24
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
3 Days - Zoo Mystery (x32 Version: 2.2.0.95 - WildTangent) Hidden
ACL Desktop Education Edition (HKLM-x32\...\{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}) (Version: 9.0.0.243 - ACL Software)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 1.5.1.0 - )
Bigfoot: Chasing Shadows (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Book of Legends (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brunhilda and the Dark Crystal (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
COMODO Programs Manager (HKLM\...\{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}) (Version: 1.3_build_30 - COMODO)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
Cruise Clues: Caribbean Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deep Blue Sea 2: The Amulet of Light (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Dream Chronicles - The Book of Air Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dream Chronicles: The Book of Water Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
E.P.I.C.: Wishmaster Adventures (x32 Version: 3.0.2.32 - WildTangent) Hidden
Escape From Paradise (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape the Lost Kingdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape Whisper Valley™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Exorcist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fallen Shadows (x32 Version: 2.2.0.98 - WildTangent) Hidden
Family Feud 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Family Feud Hollywood Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Forgotten Places - Lost Circus (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Hide and Secret (x32 Version: 2.2.0.95 - WildTangent) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
House of 1000 Doors: The Palm of Zoroaster (x32 Version: 2.2.0.110 - WildTangent) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Immortal Lovers (x32 Version: 2.2.0.95 - WildTangent) Hidden
Infected: The Twin Vaccine Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Insider Tales - The Secret of Casanova (x32 Version: 2.2.0.95 - WildTangent) Hidden
Insider Tales - The Stolen Venus (x32 Version: 2.2.0.95 - WildTangent) Hidden
Insider Tales - Vanished in Rome (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jack the Ripper - Letters from [bleep] (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Mysteries 2 Trail of the Midnight Heart (x32 Version: 2.2.0.95 - WildTangent) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.0.0.17289 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.4.9429 - Juniper Networks)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.0.0.17289 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
King Arthur (x32 Version: 2.2.0.97 - WildTangent) Hidden
Lexmark 840 Series (HKLM\...\Lexmark 840 Series) (Version:  - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Little Shop of Treasures 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Love and Death - Bitten (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 Trial (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 Trial (HKLM-x32\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Data Mining Add-Ins for Office 2007 (HKLM-x32\...\{508DC644-7B1B-47E1-BE60-F3F68CDF6871}) (Version: 9.00.3154.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Murder Island: Secret of Tantalus (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mushroom Age (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mystery Masterpiece - The Moonstone (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Nightfall Mysteries: Curse of the Opera (x32 Version: 2.2.0.95 - WildTangent) Hidden
NightShift Legacy - The Jaguar's Eye (x32 Version: 2.2.0.95 - WildTangent) Hidden
Oddly Enough: Pied Piper (x32 Version: 2.2.0.98 - WildTangent) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Paige Harper and the Tome of Mystery (x32 Version: 2.2.0.95 - WildTangent) Hidden
Phantasmat (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pocahontas - Princess of the Powhatan (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Real Crimes - Jack the Ripper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Robin's Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Secrets of the Dragon Wheel (x32 Version: 2.2.0.95 - WildTangent) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Snark Busters - Welcome to the Club (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
The Clockwork Man - The Hidden World (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Conjurer (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Dream Voyagers (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Inquisitor (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Magician's Handbook 2: BlackLore (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Magician's Handbook: Cursed Valley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Time Riddles: The Mansion (x32 Version: 2.2.0.95 - WildTangent) Hidden
Trivia Gems (x32 Version: 2.2.0.95 - WildTangent) Hidden
Twisted Lands: Origin (x32 Version: 3.0.2.32 - WildTangent) Hidden
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version:  - )
Unsolved Mystery Club®: Ancient Astronauts® Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vampire Saga - Pandora's Box (x32 Version: 2.2.0.95 - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
White Haven Mysteries Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.6.14 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Youda Legend: The Golden Bird of Paradise (x32 Version: 3.0.2.32 - WildTangent) Hidden
Youda Mystery: The Stanwick Legacy (x32 Version: 2.2.0.110 - WildTangent) Hidden
Your Uninstaller! 2008 Version 6.0 (HKLM-x32\...\Your Uninstaller! 2008_is1) (Version: 6.0 - URSoft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

25-10-2014 07:53:46 Before uninstall PowerDirector
25-10-2014 08:07:32 PerforMax Cleaner
25-10-2014 08:12:50 Before uninstalling PerforMax Cleaner
25-10-2014 08:13:36 PerforMax Cleaner
25-10-2014 08:38:16 PerforMax Cleaner
25-10-2014 08:41:41 PerforMax Cleaner
25-10-2014 08:45:26 Configured PowerDirector
25-10-2014 15:12:21 AA11
25-10-2014 15:18:31 Removed Java™ 6 Update 14 (64-bit)
25-10-2014 15:23:18 Configured LabelPrint
25-10-2014 15:28:41 Removed Microsoft Office Professional 2007 Trial
25-10-2014 15:35:23 Removed muvee Reveal
25-10-2014 15:39:09 Removed Java 7 Update 71
25-10-2014 15:43:07 Removed Microsoft Office Visio Professional 2007 Trial
25-10-2014 15:49:45 Removed Microsoft Office Professional 2007 Trial
25-10-2014 17:15:54 Restore Operation
25-10-2014 17:36:08 Removed Java 7 Update 71
26-10-2014 23:00:15 Windows Backup
29-10-2014 01:14:43 Windows Update
03-11-2014 03:36:44 Windows Backup
05-11-2014 04:32:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2895ECBB-0ADA-4D8B-A5B0-9F200540FDD8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {38BF8483-7C49-44F9-867E-229B754FF7B6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-562402938-736828387-837565867-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {42052DF6-7EFA-41A7-A0C0-05BED4C97D30} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {43F1CC10-1BC3-4FE7-BD2F-1EB3F4889FE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {488B2215-51E2-4F2A-8E77-C72573B82EC4} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {85BF21E7-0D37-4ABC-BBD3-67CB2FCA7A56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {9365861C-98A9-4B18-A855-1426B9C92239} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {A8C63555-87B7-45F5-855E-AA6604B1ADC3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A8C761A3-5EEA-43E1-BD4E-92B0D8B9FDEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1B7742B-A99C-4F3B-8440-BB22557FEA6D} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {E0994B93-0010-4777-8EA4-0D823483AB33} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-562402938-736828387-837565867-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FFC9590D-01C7-4BEB-96C2-42FC4AB98B8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-09-05 10:11 - 2011-09-05 10:11 - 00116032 _____ () C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
2014-10-15 12:37 - 2014-10-15 12:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 13:04 - 2014-10-15 13:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2014-10-14 23:43 - 2014-07-10 13:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-07-10 13:09 - 2014-10-15 00:45 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
2014-07-10 13:09 - 2014-10-15 00:45 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
2014-07-10 13:09 - 2014-10-15 00:45 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
2014-07-10 13:09 - 2014-10-15 00:45 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
2014-10-15 13:03 - 2014-10-15 13:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2011-07-06 23:04 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-562402938-736828387-837565867-500 - Administrator - Disabled)
Guest (S-1-5-21-562402938-736828387-837565867-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-562402938-736828387-837565867-1002 - Limited - Enabled)
John (S-1-5-21-562402938-736828387-837565867-1000 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2014 00:36:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2014 00:36:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/05/2014 00:33:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b707b
Faulting module name: IEUI.dll, version: 11.0.9600.17344, time stamp: 0x541b8669
Exception code: 0xc0000005
Fault offset: 0x0000000000008564
Faulting process id: 0xc20
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/05/2014 00:20:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2014 00:20:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/04/2014 11:33:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/04/2014 11:33:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/04/2014 11:19:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 738

Start Time: 01cff8af9188a7f7

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/04/2014 08:10:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/04/2014 08:10:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (11/05/2014 00:35:46 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/05/2014 00:29:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BBUpdate service failed to start due to the following error:
%%1053

Error: (11/05/2014 00:29:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.

Error: (11/05/2014 00:29:16 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:28:34 AM on ‎11/‎5/‎2014 was unexpected.

Error: (11/05/2014 00:25:09 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/05/2014 00:24:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/05/2014 00:24:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/05/2014 00:24:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/05/2014 00:24:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Health Check Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/05/2014 00:24:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (05/10/2014 04:30:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 504230 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (05/18/2013 02:15:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 292367 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (03/02/2013 01:21:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 871787 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (02/26/2011 06:41:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/10/2010 07:19:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 229 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (11/10/2010 07:15:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 942 seconds with 780 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 77%
Total physical RAM: 3003.19 MB
Available physical RAM: 668.86 MB
Total Pagefile: 6004.56 MB
Available Pagefile: 3929.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.98 GB) (Free:170.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:1.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 135C058F)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

malonej89,

Thank you for the update and logs. It looks like the ZA & Poweliks were dispatched in the Fixlist script run but I will verify that by examining the logs more closely.

In the meantime, please run the AdwCleaner scan >>>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


  • 0

#7
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

One other question, malonej89; is the Lavasoft security software the free version or the paid suite? 

 

I am just trying to make sure there is a firewall running on your system; the scan logs show the Lavasoft FW is disabled (which is the case for the Free version) so I just wanted to check that either Lavasoft is the free version and Windows Firewall is turned on or that Lavasoft is the paid version and you need to activate the FW in Lavasoft.


  • 0

#8
malonej89

malonej89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

The Lavasoft security is the free version.  I'm showing that my windows firewall is active.  Here is the log for adwcleaner.

 

# AdwCleaner v3.311 - Report created 05/11/2014 at 21:16:06
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\Components\AskSearch.js
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\searchplugins\Askcom.xml
File Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\user.js
Folder Found : C:\Program Files (x86)\1ClickDownload
Folder Found : C:\Program Files (x86)\BearShare Applications
Folder Found : C:\Program Files (x86)\Search Toolbar
Folder Found : C:\ProgramData\Alawar Entertainment
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\John\AppData\Local\PackageAware
Folder Found : C:\Users\John\AppData\LocalLow\Conduit
Folder Found : C:\Users\John\AppData\LocalLow\HPAppData
Folder Found : C:\Users\John\AppData\LocalLow\Smartbar
Folder Found : C:\Users\John\AppData\Roaming\Alawar Entertainment
Folder Found : C:\Users\John\AppData\Roaming\iWin
Folder Found : C:\Users\John\AppData\Roaming\SecureSearch

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=TJ&userid=9f06f628-eca4-740f-617f-c28e21489dbf&searchtype=sc&installDate=07/10/2013 )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\LyricsSay-1
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\Bitberry
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\InstalledThirdPartyPrograms
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{01AD9322-02FF-4F4F-AC52-92FDA5AE65F0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156652}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2
Key Found : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152252}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156652}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\prefs.js ]

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [18105 octets] - [05/11/2014 21:16:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18166 octets] ##########


  • 0

#9
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Wow, a lot found "under the hood" (so to speak). Let's get AdwCleaner to clean and the Junkware Removal Tool to see what else is there. And we need to check that the OS services are running properly.

First , run a Junkware Removal Tool scan >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


Next, Re-run AdwCleaner

Close all open windows and browsers.
  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
Finally, Run a Farbar Service Scanner log
Please download Farbar Service Scanner to your desktop and double click on the file to run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Logs to reply with, please >>>>
  • The JRT.txt log file.
  • The AdwCleaner[S0].txt log file.
  • The FSS.txt log file.

  • 0

#10
malonej89

malonej89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on Fri 11/07/2014 at 18:19:51.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2233703
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2504091
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422152252}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466156652}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422152252}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466156652}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2233703
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466156652}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-IronSource_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-IronSource_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466156652}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-IronSource_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-IronSource_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Alawar Entertainment
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\John\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\John\appdata\locallow\oovootb"
Successfully deleted: [Folder] "C:\Users\John\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\bearshare applications"
Successfully deleted: [Folder] "C:\Program Files (x86)\search toolbar"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{386ACC33-5876-4A65-8877-189B307132EB}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{4E0B83A0-45B3-4220-B859-17277C895FAF}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{64944798-E1B6-4413-9BBB-FEF7644374DC}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{9A2CF512-2DEE-4E8A-9A76-13445195040E}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{C6C8FE1F-62D2-4114-81CE-834429ABC8D0}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{CD08652C-BA02-474E-803A-14CEF409EA9D}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{D963DF38-C312-4A98-BEE6-1307680C5FEF}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E655E145-7B73-4A68-B661-9C5B6ED2F723}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E76B9188-B23E-4AF7-89EC-21D7AC97F232}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{EB6363D1-C4A9-48F5-91F2-177413171037}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{F2A5C97A-8885-4FCC-A756-62D59872D294}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{F3316746-DB9B-44FE-A20F-EB37617EF2EA}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{F744A789-813C-4E1D-A678-B4F5EFB875C4}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/07/2014 at 18:31:02.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

ADWcleaner.txt

 

# AdwCleaner v3.311 - Report created 07/11/2014 at 18:45:56
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Users\John\AppData\Local\PackageAware
Folder Deleted : C:\Users\John\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\John\AppData\Roaming\SecureSearch
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\searchplugins\Askcom.xml
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2
Key Deleted : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01AD9322-02FF-4F4F-AC52-92FDA5AE65F0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsSay-1
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\prefs.js ]

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [18391 octets] - [05/11/2014 21:16:06]
AdwCleaner[R1].txt - [16729 octets] - [07/11/2014 18:42:00]
AdwCleaner[S0].txt - [16315 octets] - [07/11/2014 18:45:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16376 octets] ##########

 

 

 

FSS.txt

 

Farbar Service Scanner Version: 21-07-2014
Ran by John (administrator) on 07-11-2014 at 18:52:26
Running from "C:\Users\John\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****


  • 0

Advertisements


#11
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Looks like the minor Junkware and Adware is now gone. The system services have survived fine. Let's move to more sinister lurking malware.


Malwarebytes' Anti-Malware
Please Launch Malwarebytes' Anti-Malware from your desktop icon or the start menu item. Notice that I want this to scan your system but I will be reviewing the log to manually remove anything it finds.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

MBAMfoundMalwarescan_zpsafe36848.png
Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please Copy and Paste the report file to a post here; I will review the file and script what needs to be removed.


  • 0

#12
malonej89

malonej89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Malwarebytes didn't detect any issues.  Does it still save a log somewhere?


  • 0

#13
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Yes it does.  You can find a log in History > Application Logs.

 

You don't have to post one; I will take your word for it that MBAM did not detect anything.


  • 0

#14
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Let's get a second opinion on virus ....

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here. Also, please note that this scan can take a while to run.

  • Please go here to run the scan and click on Run ESET Online Scanner
  • abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps
  • The next screen will be the ESET Online Scanner installer
  • Getinstallerpopup_zps569f8772.png
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and select Save File
  • downloadsave_zpsb758563f.png
  • Save the file to your desktop; you should see a file like this when the download is finished
  • desktopfile_zps98a1ee89.png Double click on this to start the installation of the ESET Online Scanner
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • TOU_zps4ecd3406.png
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Enable detection of potentially unwanted applications is selected.
  • Now click on Advanced Settings and configure the options as follows:
    • Remove found threats is Not checked
    • Scan archives is checked
    • Scan for potentially unsafe applications is checked
    • Enable Anti-Stealth Technology is checked
  • Now click on: Start
  • Loadsettings_2014-08-23_zps3f2d0c88.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • Downloadingsignatures_zps36c38587.png
  • When completed the Online Scan will begin automatically.
  • Scanningdisplay_zpsec3aac14.png
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if any malware was detected, the summary screen will show a warning.
  • Threatsfound_zpsfe95fb4e.png
  • On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
  • Exporttotextfile_zps16cb487f.png
  • Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
  • UninstallcheckedandFinish_zps6fb26ad8.pn
  • Use Notepad to open the logfile you save on your desktop.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


  • 0

#15
malonej89

malonej89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I can't get this program to download.  After clicking on the "Run ESET Online Scanner" it sends me to a different screen than you state.  It sends me to a form where I need to accept the terms, so I scroll all the way down and check "Yes, I accept the terms of use" and click start.  After that it states "An add-on for this website failed to run".  I have the real time protection disabled on both my Ad-Adware & MalwareBytes when I'm trying to download, but it still won't download.  Is there anything that you can think of that I'm missing?

 

 


  • 0






Similar Topics


Also tagged with one or more of these keywords: syswow64, dllhost.exe *32, com surrogate

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP