Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Left over malware? [Solved]

Started by EMLMOL , Dec 15 2014 02:29 PM

  • This topic is locked This topic is locked

#1
EMLMOL
Posted 15 December 2014 - 02:29 PM

EMLMOL

    New Member

  • Member
  • Pip
  • 8 posts

Hello,

 

I contracted some malware which hogged all of the CPU by opening new processes continuously which I could see in the task manager. I ran Kaspersky, superantispyware, adaware, and spybot until they said things were clean. There are no longer any random processes popping up but I keep getting some script error. It states: "unable to open registry key "KHCU\software\classes\clid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32\a" for reading".

 

If I disable all the startup programs and services in msconfig I seem to not get the error but otherwise it is there. The error will also pop up any time I open the file-explorer in Windows 7.

 

Please help. How do I get rid of this error?

 

Thanks.

 

___________________________

OTL Extras logfile created on: 12/15/2014 3:14:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 46.38% Memory free
8.00 Gb Paging File | 5.34 Gb Available in Paging File | 66.81% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 21.81 Gb Free Space | 18.29% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 87.94 Gb Free Space | 18.88% Space Free | Partition Type: NTFS
Drive G: | 1396.92 Gb Total Space | 467.95 Gb Free Space | 33.50% Space Free | Partition Type: FAT32
 
Computer Name: DESKTOP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F9AA6B-B31C-4AC1-88FB-F0923403196E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0167E62E-43D9-421A-8E7D-03456B820601}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{078D04DC-F4FD-47A8-8153-3A4816E69EFF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{09AC72E4-40E8-4C48-B4CA-2940BA652EE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0F26EF55-E736-40CD-A40E-6162555162DC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1DDA774D-6432-4242-A8E9-ADE3EC814D74}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1E94251A-E086-4ED5-9429-A59F235B964B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2630DF95-EE98-4CF8-8536-9CCC249F9161}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2EA1CF4C-4881-428A-9EB8-4EC449E450F7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{309564C4-2322-4765-9732-3BB2D63D4B01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{31FAEAD6-DB3F-41A4-89AE-76EE97019411}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{352B3EF1-D556-407D-A6E7-F8B37052CDAF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{429EE166-C2E7-4BD2-98E6-F98DAA6C8696}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{44548D36-3F50-4775-AD32-EE5F57365F5D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{493F73E2-6423-4266-AE10-CEA2D9FC5405}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4EA207D5-6B77-4630-B5FD-E6E4FE557D54}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe | 
"{4FC4F6CF-51CD-420E-9AAA-49EDD79DAAAC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{51E6393F-A983-46F9-97B4-1D6E321B09D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60AD1144-7207-416B-9FCC-A10E08520D96}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{619A2248-EF6B-43B5-8593-8C52FB1D7B5D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{69EF633E-350C-40B2-8805-D300852AE399}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8248976F-8875-459C-942A-BFDFF94B7E47}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{90826971-407B-4086-9A08-B61436A174E7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9D234522-EAB4-4A74-A60E-FCC8B722D508}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9F0473CD-0E12-4C14-848D-9395C6F6A9FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1F1E922-9938-4D3F-A6B2-080A15462AD4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe | 
"{A3F29CF1-799C-484B-8C97-76978930922D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B68B135C-566D-42C0-A93D-A60E7CD71CEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5FDF47B-70A1-46D5-91C9-4A0D4638FB2E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{D86349CC-C862-44A1-B822-EC822F22EA29}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E8631CA2-3B7A-4F5B-879F-B3849BBD3CA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035DA005-FF9D-4421-813F-FA75526C6F4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{05E31F4E-534C-44E5-9247-F8E1845F10C9}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe | 
"{06ACE439-22E9-48AD-A82F-77AF85D9C181}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0EC02DF6-D92E-45FA-9307-32759EBCCB73}" = protocol=1 | dir=in | [email protected],-28543 | 
"{13DA5BCE-9928-4946-8E3E-89B4C3AF8B69}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 
"{17C007CD-5DCD-45A4-B070-5C43288C45F8}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{1A7336D1-7369-42E5-820E-F993B5A64760}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | 
"{21FB14D0-0A39-441F-AFC3-F8D71CA4CEA2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{21FE78E2-16C0-491D-A8F4-821858E28B32}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{2A8F30C8-9665-4B07-B62E-6F6663E1C04A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{30DF8B8C-74B2-4AFA-A40F-E5E9BF9D254F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{31C2F453-EFD5-4BAC-9F23-427CFAA7917B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CA87F59-69E3-4D3B-A4C9-4AA6C2929DF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4141EC2C-717B-4E07-B15C-DD7069A7A3B3}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\utorrent\utorrent.exe | 
"{435641C2-F31E-4DF8-8A8F-409FE42A549D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E832744-DCA7-4550-88FC-0BE9EAAE2DBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{592DF8DE-04B1-4ADE-9D8A-00EA2D27C001}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D801A95-5EFD-457B-A448-0A32B0D639AA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{612DECCA-6752-4EEC-B96D-EF92D392817F}" = protocol=6 | dir=out | app=system | 
"{63FDF478-4808-44E7-95A5-151E558033BB}" = protocol=58 | dir=out | [email protected],-28546 | 
"{6AC9B384-C83F-4D66-9302-F6F65225BD6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E9632A8-3000-4F53-920D-D4C36A0B5EA9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{735C34B8-04E4-4981-9030-83585E05945F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7795EB60-E231-41DC-9736-7052133EE589}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{833B0BED-CF1A-407E-9D2A-74FA9D4E99E1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8885010E-F18D-4F2C-8098-725837B0BD34}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{91CDD146-9E1C-4F86-B959-5890CBA053F7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9FBF3570-AFCA-4CFF-A19C-6CE37970EDEB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{A17519AF-02C5-4A56-ACCB-A3AFD5BF2B45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC9C5FAB-AF4F-49CD-B068-8654906054D5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BD55B63B-7E2B-43F9-A395-D4732E9348FA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{BFC37D58-D440-46D6-8013-0A8DB14D9CA2}" = protocol=1 | dir=out | [email protected],-28544 | 
"{C4482961-FF70-49A1-B92C-5CC8F3926BFB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{C4991CDD-5AAD-4E0A-AF2F-765F52266E35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6A251F4-954B-484D-9827-D6E6221C7AEE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{CFBA105F-9E6C-400E-80A4-44DEC69E6817}" = protocol=58 | dir=in | [email protected],-28545 | 
"{D089052F-E81A-4C4F-A2F7-D498B468FFD5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D27A2ABF-54E8-4665-A213-97404C18561E}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\utorrent\utorrent.exe | 
"{D391495D-2EE9-42CC-B170-7A8937FEAB67}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DA4D4610-5B76-493A-83CA-724CA28DAD61}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{E6A2B824-BB2B-4ED5-8568-E9A4372E85B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E9C006C3-5C2B-44CE-9D5F-4D2B8B399843}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 
"{EBACF218-35C4-4728-B5AA-F88B8971ED89}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{F69FB51C-AC15-49B2-BEE8-6185FD10F41E}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe | 
"{FDA71888-946D-43E1-A739-D7D475B6D5A3}" = dir=in | app=c:\users\chris\appdata\local\microsoft\skydrive\skydrive.exe | 
"TCP Query User{0F870774-87CC-4307-93A7-958F85C507FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{45E4EDB8-0495-432C-9603-A8DF0E7CC3A8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{6FA944EA-05F5-4934-9CDD-90F8D321CFD0}C:\program files (x86)\asus\asus sync\asusupctloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\asus sync\asusupctloader.exe | 
"TCP Query User{7661C532-852F-4A93-8627-572B1E66E1D5}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{8B21BBCE-D88B-4F9C-8508-E2A9E02ADCC4}C:\downloads\kav15.0.1.415en_6913.exe" = protocol=6 | dir=in | app=c:\downloads\kav15.0.1.415en_6913.exe | 
"TCP Query User{A06AB948-0564-428C-8A48-8D4A943A5818}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{A25D1A52-2525-40D7-B502-295D75855A4F}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"TCP Query User{BDAD29BF-89C5-40BC-8C9F-EAAC7A2F194B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{0E77C2E2-3A47-4545-9663-7548ACA8E89D}C:\program files (x86)\asus\asus sync\asusupctloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\asus sync\asusupctloader.exe | 
"UDP Query User{1355F3C5-5822-4E3E-AF9B-413954B359EB}C:\downloads\kav15.0.1.415en_6913.exe" = protocol=17 | dir=in | app=c:\downloads\kav15.0.1.415en_6913.exe | 
"UDP Query User{4C6FCAD8-2D9A-407D-8DC5-F1C1447E3CDE}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"UDP Query User{4E2D4158-1111-4058-8250-5C1823C02922}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{6F40E6F5-ABA8-4216-A887-D522917582E3}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{73A39F46-13BE-4AD3-87AE-1A74231765A7}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"UDP Query User{8C335662-7FAE-44DF-A080-6F7137A96CD3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{97F8DF46-86E2-487F-840E-465EEE5EB5DF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{12079D47-A4AB-4AE5-A957-C2062D328F35}" = AVG 2013
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86418025F0}" = Java 8 Update 25 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 340.52
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8BE1E4B-AE09-4A76-A24A-E9CE38D2E703}" = AVG 2013
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F6AEADC0-6B97-430E-B78A-C1D633A6528D}" = ASUS Android USB Drivers
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"jdownloader2" = JDownloader 2
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"O365ProPlusRetail - en-us" = Microsoft Office 365 ProPlus - en-us
"SolarApp" = Logitech Solar App 1.10
"WinRAR archiver" = WinRAR archiver
"zvprt50" = Zan Image Printer 5.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E8DC723-F1CD-424A-96CC-12428E7A1B4B}" = Citrix Receiver (HDX Flash Redirection)
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3068513C-3AAC-410B-BAE7-C7837FFF8DEB}" = Citrix Receiver(USB)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{488E9FD9-7C30-4120-8790-410F46F13CD6}" = ASUS Sync
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7468ACCE-6FA8-4794-90B9-C28BD9CC79DD}" = Citrix Receiver Updater
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}" = Online Plug-in
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}" = TP-LINK TL-WN721N_TL-WN722N Driver
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}" = Kaspersky Anti-Virus
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D431014-9F90-4335-A58E-8A14B0BD77F1}" = Citrix Receiver Inside
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.8.14126.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4654A72-087B-49B5-BDCA-E4894400C524}" = MotoConnect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92051A3-3ABB-4A26-A615-2298BE7CBC28}" = Citrix Authentication Manager
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C0B165DC-F037-483F-B1C9-D89D91529CEB}" = Citrix XenApp Web Plugin
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D29DDA9B-FE05-48F1-A9D1-F6346A0A301A}" = Citrix Receiver(DV)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB3044F4-47BE-4104-8AED-D0B4038CCC80}" = YTD Toolbar v10.3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A60962-B768-4EA3-B0B6-DA671276B81A}" = Citrix Receiver(Aero)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}" = Self-service Plug-in
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F63E747C-5B51-4A6E-9413-BF258F4653F3}" = Cisco AnyConnect Secure Mobility Client
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF712194-6643-4E4D-A340-2D447A644F75}" = LG VZW United Drivers
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Afterburner" = MSI Afterburner 2.2.3
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"BeerSmith" = BeerSmith
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"DVDFab 8 Qt_is1" = DVDFab 8.1.9.8 (27/07/2012) Qt
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.4096 [2011-11-29]
"Google Chrome" = Google Chrome
"InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}" = Kaspersky Anti-Virus
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mazaika_is1" = Mazaika 3.7
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Picasa 3" = Picasa 3
"Speed Dial Utility" = Canon Speed Dial Utility
"SpeedFan" = SpeedFan (remove only)
"WinLiveSuite" = Windows Live Essentials
"ZDManager" = ZD Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"OneDriveSetup.exe" = Microsoft OneDrive
"portal-12cd4d5@@Hyperspace:WakeOne" = WakeOne
"portal-12cd4d5@@XA5 Prod:My Computer" = My Computer
"portal-12cd4d5@@XA5 Prod:Remote Desktop Connection" = Remote Desktop Connection
"portal-12cd4d5@@XA5 Prod:WFUBMC Intranet Apps" = WFUBMC Intranet Apps
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/16/2014 5:15:51 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure: Open driver handle. Error code: F12E14
 
Error - 8/16/2014 5:15:52 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure. Step: FamilySafetyServiceFactory initialization. 
Error code: 80070002
 
Error - 8/16/2014 5:16:21 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure: Open driver handle. Error code: F12E14
 
Error - 8/16/2014 5:16:22 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure. Step: FamilySafetyServiceFactory initialization. 
Error code: 80070002
 
Error - 8/18/2014 12:08:03 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure: Open driver handle. Error code: 1C2E14
 
Error - 8/18/2014 12:08:04 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure. Step: FamilySafetyServiceFactory initialization. 
Error code: 80070002
 
Error - 8/18/2014 12:08:33 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure: Open driver handle. Error code: 22E14
 
Error - 8/18/2014 12:08:34 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure. Step: FamilySafetyServiceFactory initialization. 
Error code: 80070002
 
Error - 8/18/2014 12:09:03 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure: Open driver handle. Error code: DF2E14
 
Error - 8/18/2014 12:09:04 PM | Computer Name = Desktop | Source = Family Safety Service | ID = 0
Description = Startup failure. Step: FamilySafetyServiceFactory initialization. 
Error code: 80070002
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12/15/2014 4:08:56 PM | Computer Name = Desktop | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 12/15/2014 4:08:56 PM | Computer Name = Desktop | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 12/15/2014 4:08:56 PM | Computer Name = Desktop | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 1628 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
 -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
 
 
Error - 12/15/2014 4:08:56 PM | Computer Name = Desktop | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
 .\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
 Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 12/15/2014 4:08:59 PM | Computer Name = Desktop | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
 
 
Error - 12/15/2014 4:09:16 PM | Computer Name = Desktop | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: No more data
 is available.   
 
Error - 12/15/2014 4:09:17 PM | Computer Name = Desktop | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1352 NULL object. Cannot establish a connection at this time.
 
Error - 12/15/2014 4:13:47 PM | Computer Name = Desktop | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 12/15/2014 4:13:47 PM | Computer Name = Desktop | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 12/15/2014 4:13:47 PM | Computer Name = Desktop | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
[ OSession Events ]
Error - 12/12/2009 11:05:53 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 105
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 10/17/2010 7:56:37 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/27/2011 5:39:11 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/11/2014 5:38:20 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12/15/2014 4:09:40 PM | Computer Name = Desktop | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys has
 been blocked from loading due to incompatibility with this system. Please contact
 your software vendor for a compatible version of the driver.
 
Error - 12/15/2014 4:09:40 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7000
Description = The mvd20 service failed to start due to the following error:   %%1275
 
Error - 12/15/2014 4:09:41 PM | Computer Name = Desktop | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys has
 been blocked from loading due to incompatibility with this system. Please contact
 your software vendor for a compatible version of the driver.
 
Error - 12/15/2014 4:09:41 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7000
Description = The mvd20 service failed to start due to the following error:   %%1275
 
Error - 12/15/2014 4:09:59 PM | Computer Name = Desktop | Source = DCOM | ID = 10016
Description = 
 
Error - 12/15/2014 4:10:05 PM | Computer Name = Desktop | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 12/15/2014 4:10:06 PM | Computer Name = Desktop | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 12/15/2014 4:10:08 PM | Computer Name = Desktop | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 12/15/2014 4:10:10 PM | Computer Name = Desktop | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 12/15/2014 4:11:01 PM | Computer Name = Desktop | Source = DCOM | ID = 10010
Description = 
 
[ Windows PowerShell Events ]
Error - 12/11/2014 8:30:14 PM | Computer Name = Desktop | Source = PowerShell | ID = 103
Description = 
 
Error - 12/11/2014 8:30:15 PM | Computer Name = Desktop | Source = PowerShell | ID = 103
Description = 
 
Error - 12/11/2014 8:30:24 PM | Computer Name = Desktop | Source = PowerShell | ID = 103
Description = 
 
Error - 12/11/2014 8:30:43 PM | Computer Name = Desktop | Source = PowerShell | ID = 103
Description = 
 
Error - 12/11/2014 8:30:44 PM | Computer Name = Desktop | Source = PowerShell | ID = 103
Description = 
 
Error - 12/11/2014 8:30:45 PM | Computer Name = Desktop | Source = PowerShell | ID = 103
Description = 
 
Error - 12/11/2014 8:30:48 PM | Computer Name = Desktop | Source = PowerShell | ID = 103
Description = 
 
 
< End of report >
 

Attached Thumbnails

  • Capture.PNG

  • 0

Advertisements

#2
BrianDrab
Posted 15 December 2014 - 07:28 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I think I know what you had and would like to use a different tool to take a look. Please do the following.

 

Step#1 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.


  • 0

#3
EMLMOL
Posted 16 December 2014 - 05:01 AM

EMLMOL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thank you for your help!

 

I have the results of the FRST below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Chris (administrator) on DESKTOP on 16-12-2014 05:56:01
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris & UpdatusUser & Kids (Available profiles: Chris & UpdatusUser & Kids)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
(Citrix Systems, Inc.) C:\Users\Chris\AppData\Local\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Users\Chris\AppData\Local\Citrix\ICA Client\concentr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Futuredial Inc.) C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ASUS Sync Loader] => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [638976 2013-03-01] (Futuredial Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-25] (Google Inc.)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [SkyDrive] => C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\RunOnce: [Adobe Speed Launcher] => 1418680399
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {1825dfb8-901b-11df-ac7a-001bfcdb2b00} - F:\setup.exe -a
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {1a642ce1-fa1b-11e2-a7cc-001bfcdb2b00} - H:\KDMElite.exe
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {2ff0a168-70b4-11e4-bba4-001bfcdb2b00} - H:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {40be6538-fd3f-11de-bc3d-001bfcdb2b00} - E:\Autoplay.exe -auto
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {8ec01e68-0b46-11e4-90c1-001bfcdb2b00} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {d39a215e-12aa-11e2-9a43-001bfcdb2b00} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {f68261b2-e74c-11de-bc75-001bfcdb2b00} - F:\SETUP.EXE
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-25] (Google Inc.)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\RunOnce: [Adobe Speed Launcher] => 1418684812
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe [540848 2014-12-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\MountPoints2: {2ff0a168-70b4-11e4-bba4-001bfcdb2b00} - H:\VerizonSWUpgradeAssistantLauncher.exe
AppInit_DLLs-x32: C:\Users\Chris\AppData\Local\Citrix\ICACLI~1\RSHook.dll => C:\Users\Chris\AppData\Local\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-2526012750-3186116482-2568347101-1005\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {5C64BA7A-11B0-4609-B099-C4FC0DA8D856} URL = http://search.avg.co...}&ychte=us&nt=1
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {7589BD12-FE0F-4692-AA5A-70BE5B34D729} URL = http://www.google.co...1I7GGHP_enUS472
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {8B4E5E9C-C0E4-4D04-81A2-489A6AA1F5FF} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={137244B2-7857-4E68-9CF5-46DD514DE27F}&mid=25e551794be5d82260c1c81e1e4b42aa-268e993bd84c66e058eb84a7569d70ada5bb6563&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-02-05 21:32:45&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {C0F162FE-A18F-48DA-985A-5EF8597DC60B} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7GGHP_enUS472
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> {2D9EA6A8-C926-4E7E-99CC-9B42CD8AE4F4} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7GGHP_enUS472
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={137244B2-7857-4E68-9CF5-46DD514DE27F}&mid=25e551794be5d82260c1c81e1e4b42aa-268e993bd84c66e058eb84a7569d70ada5bb6563&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-02-05 21:32:45&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: ZD Manager IE Plugin -> {18D6D197-45BB-465B-ADC0-274A70B49B55} -> C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll ()
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BCE24BD5-5773-495A-8576-4ADE0BCA38B1}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @Citrix.com/npican -> C:\Users\Chris\AppData\Local\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected]
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] [2014-12-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected]
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] [2014-12-11]
 
Chrome: 
=======
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-13]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-13]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-13]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-13]
CHR Extension: (Kaspersky Protection) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-13]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-13]
CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-12-15]
CHR Extension: (Skype Click to Call) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-13]
CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-12-15]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-13]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-13]
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Profile 13
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MSR Service; C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe [102400 2009-05-12] () [File not signed]
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1806872 2014-12-09] (AVG Secure Search)
S4 ZDManager Service; C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [176640 2012-11-07] () [File not signed]
S2 NMSAccess; C:\AQi\bin\NMSAccess32.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-09] (AVG Technologies)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-11] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-09] () [File not signed]
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [24576 2014-05-27] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2014-05-27] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2014-05-27] (LG Electronics Inc.)
U3 aq763zn8; C:\Windows\System32\Drivers\aq763zn8.sys [0 ] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U2 V2iMount; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-16 05:56 - 2014-12-16 05:56 - 00045011 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-12-16 05:55 - 2014-12-16 05:56 - 00000000 ____D () C:\FRST
2014-12-16 05:54 - 2014-12-16 05:54 - 02119168 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-12-15 16:53 - 2014-12-15 16:53 - 00000000 ____D () C:\Users\Chris\AppData\Local\{982048E2-F993-44D8-B18F-A8FBDA99067E}
2014-12-15 15:23 - 2014-12-15 15:23 - 00102142 _____ () C:\Users\Chris\Desktop\Extras.Txt
2014-12-15 15:21 - 2014-12-15 15:21 - 00149882 _____ () C:\Users\Chris\Desktop\OTL.Txt
2014-12-15 15:12 - 2014-12-15 15:12 - 00602112 _____ (OldTimer Tools) C:\Users\Chris\Desktop\OTL.exe
2014-12-15 15:09 - 2014-12-15 15:09 - 00000000 ____D () C:\Users\Chris\AppData\Local\{563D58FA-84E8-4B76-BB8B-8641967750BD}
2014-12-14 07:53 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-14 07:53 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-14 07:48 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-14 07:48 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-14 07:47 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-13 11:13 - 2014-12-13 11:13 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\SUPERAntiSpyware.com
2014-12-13 11:12 - 2014-12-13 11:12 - 00002259 _____ () C:\Users\Kids\Desktop\Google Chrome.lnk
2014-12-13 11:12 - 2014-12-13 11:12 - 00000000 ____D () C:\Users\Kids\AppData\Local\NVIDIA
2014-12-13 10:51 - 2014-12-13 10:51 - 00000000 ____D () C:\Users\Chris\AppData\Local\NVIDIA
2014-12-13 10:51 - 2014-12-13 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-13 09:44 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-13 09:44 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-13 09:44 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-13 09:44 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-13 09:43 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-13 09:43 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-13 09:43 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-13 09:43 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-13 09:43 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-13 09:43 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-13 09:43 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-13 09:43 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-13 09:43 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-13 09:43 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-13 09:43 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-13 09:43 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-13 09:41 - 2014-12-13 09:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 09:41 - 2014-12-13 09:41 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 09:41 - 2014-12-13 09:41 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-13 09:41 - 2014-12-13 09:41 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-13 09:41 - 2014-12-13 09:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-13 09:41 - 2014-12-13 09:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-13 09:41 - 2014-12-13 09:41 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-13 09:41 - 2014-12-13 09:41 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-13 09:41 - 2014-12-13 09:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-13 09:41 - 2014-12-13 09:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-13 09:36 - 2014-12-13 09:43 - 00007657 _____ () C:\Windows\IE11_main.log
2014-12-13 09:34 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-13 09:34 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-13 09:34 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-13 09:34 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-13 09:30 - 2014-12-13 09:34 - 00003397 _____ () C:\Windows\IE9_main.log
2014-12-13 09:29 - 2014-07-02 12:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-13 09:29 - 2014-07-02 05:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-13 08:56 - 2014-12-13 08:56 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-13 08:56 - 2014-12-13 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-13 08:48 - 2012-05-04 18:29 - 00772504 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-12-13 08:48 - 2012-05-04 18:29 - 00687504 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-12-13 08:41 - 2014-12-13 08:41 - 00000000 ____D () C:\Program Files\Java
2014-12-13 08:39 - 2014-12-13 08:41 - 92658088 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jre-8u25-windows-x64.exe
2014-12-13 08:38 - 2014-12-13 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-13 08:08 - 2014-12-13 08:08 - 00000110 _____ () C:\Windows\wininit.ini
2014-12-13 07:28 - 2014-12-13 07:28 - 00000000 ____D () C:\SUPERDelete
2014-12-13 07:19 - 2014-12-13 07:19 - 00000000 ____D () C:\Users\Chris\Documents\PcSetup
2014-12-13 07:17 - 2014-12-13 07:17 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-13 07:16 - 2014-12-13 08:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-13 07:16 - 2014-12-13 07:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-13 07:16 - 2014-12-13 07:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-13 07:16 - 2014-12-13 07:16 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-13 07:16 - 2014-12-13 07:16 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-13 07:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-13 07:11 - 2014-12-16 05:51 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-13 07:11 - 2014-12-13 07:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-13 07:11 - 2014-12-13 07:11 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-12-13 07:11 - 2014-12-13 07:11 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2014-12-13 07:11 - 2014-12-13 07:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-13 07:04 - 2014-12-13 07:04 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\J River
2014-12-13 07:03 - 2014-12-13 07:04 - 20686424 _____ (SUPERAntiSpyware) C:\Users\Chris\Downloads\SUPERAntiSpyware.exe
2014-12-13 06:52 - 2014-12-15 16:44 - 00000000 ____D () C:\Windows\pss
2014-12-12 18:02 - 2014-12-16 05:51 - 00409948 _____ () C:\Windows\WindowsUpdate.log
2014-12-12 17:59 - 2014-12-15 16:46 - 00000784 _____ () C:\Windows\setupact.log
2014-12-12 17:59 - 2014-12-12 17:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-12 07:49 - 2014-12-15 16:42 - 00015766 _____ () C:\Windows\PFRO.log
2014-12-11 23:05 - 2014-12-11 23:05 - 00002083 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-12-11 23:05 - 2014-12-11 23:05 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-12-11 23:05 - 2014-12-11 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-12-11 23:05 - 2014-12-11 23:05 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-11 23:05 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-12-11 23:04 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-12-11 22:49 - 2014-12-15 18:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-11 19:47 - 2014-12-12 18:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 19:46 - 2014-12-11 19:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-11 19:46 - 2014-12-11 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-11 19:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 19:46 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-10 20:00 - 2014-12-10 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
2014-12-10 19:27 - 2014-12-10 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-10 19:26 - 2014-12-10 19:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-10 19:26 - 2014-12-10 19:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 06:57 - 2014-12-10 06:57 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 22:38 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 22:38 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 22:38 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-09 22:38 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-09 22:38 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-09 22:38 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-09 22:38 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-09 22:38 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-09 22:38 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-09 22:38 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb
2014-12-09 13:30 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 13:30 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 13:30 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 13:30 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 13:30 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 13:30 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 13:29 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 13:29 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 13:29 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 13:29 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 13:29 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 13:29 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 13:29 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 13:29 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 13:29 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 13:29 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 13:29 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 13:29 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 13:29 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 13:29 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-06 07:41 - 2014-12-06 08:45 - 00000000 ____D () C:\Users\Chris\Desktop\Child Care
2014-12-05 08:29 - 2014-12-05 08:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\{6D03B67E-B190-4D63-909C-23B037963DAF}
2014-12-03 22:06 - 2014-12-03 22:06 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieBrowserModeList
2014-12-03 21:57 - 2014-11-07 13:39 - 00000000 ____D () C:\Users\Chris\Desktop\mricrogl
2014-11-29 14:21 - 2014-11-29 14:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\{F90F4DEB-195B-453B-817C-C3825431B3D0}
2014-11-25 16:55 - 2014-11-25 16:55 - 00000000 ____D () C:\Users\Chris\AppData\Local\{37A3466C-5BD0-4F27-B793-690772C0A43F}
2014-11-21 08:26 - 2014-11-21 08:26 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-11-21 08:26 - 2014-11-21 08:26 - 00000000 ____D () C:\LGMobileUpgrade
2014-11-20 17:36 - 2014-12-08 18:45 - 00000799 _____ () C:\Users\Kids\Desktop\▶ 3 Hours of Christmas Music Classics and Holiday Scenery - YouTube.website
2014-11-20 10:00 - 2014-11-20 10:00 - 00001176 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Remote Desktop Connection.lnk
2014-11-20 10:00 - 2014-11-20 10:00 - 00001151 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WFUBMC Intranet Apps.lnk
2014-11-20 07:51 - 2014-11-20 07:52 - 00004625 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-20 00:55 - 2014-11-20 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-18 19:09 - 2014-12-11 22:26 - 00000000 ____D () C:\Program Files (x86)\YTD Toolbar
2014-11-18 16:50 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:50 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 16:50 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 16:50 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-16 05:52 - 2012-02-25 12:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-16 05:51 - 2013-06-21 15:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 19:50 - 2014-06-14 06:18 - 00000535 _____ () C:\Users\Kids\Desktop\Netflix.website
2014-12-15 18:06 - 2014-04-01 13:44 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Adobe
2014-12-15 18:06 - 2012-02-25 12:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 16:54 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 16:54 - 2009-07-13 23:45 - 00025232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 16:54 - 2009-07-13 23:45 - 00025232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 16:53 - 2013-10-30 04:44 - 00000000 ___RD () C:\Users\Chris\SkyDrive
2014-12-15 16:53 - 2009-12-13 08:56 - 00000000 ____D () C:\Users\Chris\Tracing
2014-12-15 16:46 - 2009-12-10 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-15 16:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 14:48 - 2011-07-05 08:47 - 00007601 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2014-12-15 14:20 - 2010-01-14 20:40 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9C149FD5-FBFB-41B9-BAEC-1FE8FC89AEEB}
2014-12-15 14:15 - 2012-09-27 06:02 - 00004096 ___SH () C:\VSNAP.IDX
2014-12-15 14:15 - 2010-10-12 18:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-15 14:14 - 2009-12-13 09:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2014-12-14 23:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-14 08:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 11:14 - 2014-04-03 07:07 - 00115640 _____ () C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-13 11:12 - 2014-04-02 15:56 - 00000000 ____D () C:\Users\Kids\AppData\Local\Google
2014-12-13 10:51 - 2013-06-21 13:57 - 00001417 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-13 10:40 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-13 10:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-13 09:30 - 2009-12-10 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-13 09:30 - 2009-12-10 18:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 09:29 - 2012-10-04 14:20 - 00000000 ____D () C:\Temp
2014-12-13 08:46 - 2010-08-13 20:48 - 02932736 ___SH () C:\Users\Chris\Desktop\Thumbs.db
2014-12-13 08:42 - 2013-11-23 19:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-13 08:38 - 2010-03-09 21:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-13 08:37 - 2011-02-15 16:11 - 00000000 ____D () C:\Users\Chris\AppData\Local\Deployment
2014-12-13 08:11 - 2012-10-04 14:20 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-12-13 08:11 - 2009-12-09 23:21 - 00000000 ____D () C:\Windows\Panther
2014-12-13 08:11 - 2009-07-13 23:45 - 03056544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 07:24 - 2010-03-09 21:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-12-13 07:19 - 2013-12-24 14:12 - 00000000 ____D () C:\ProgramData\VSO
2014-12-13 07:19 - 2013-12-24 14:12 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-12-13 07:19 - 2009-12-30 21:00 - 00000055 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.log
2014-12-13 07:19 - 2009-12-30 20:59 - 00099384 _____ () C:\Users\Chris\AppData\Roaming\inst.exe
2014-12-13 07:19 - 2009-12-30 20:59 - 00082816 _____ (VSO Software) C:\Users\Chris\AppData\Roaming\pcouffin.sys
2014-12-13 07:19 - 2009-12-30 20:59 - 00007859 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.cat
2014-12-13 07:19 - 2009-12-30 20:59 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Vso
2014-12-13 07:15 - 2009-12-09 23:58 - 00115640 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-13 07:14 - 2010-08-17 13:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\SanDisk
2014-12-13 07:11 - 2010-01-09 09:33 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-12-13 07:10 - 2011-02-17 20:20 - 00000000 ____D () C:\Program Files\Tracker Software
2014-12-13 07:09 - 2013-11-10 08:30 - 00000000 ____D () C:\Users\Chris\Documents\Musicnotes
2014-12-13 07:09 - 2009-12-10 06:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-13 07:08 - 2012-11-23 15:30 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2014-12-13 07:08 - 2012-10-04 14:20 - 00000000 ____D () C:\ProgramData\Nero
2014-12-13 07:08 - 2012-10-04 14:19 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Motorola
2014-12-13 07:08 - 2010-07-16 20:47 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-12-13 06:58 - 2009-12-17 04:05 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-12-13 06:57 - 2012-06-11 18:53 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-12-13 06:56 - 2013-06-23 06:27 - 00000000 ____D () C:\AQi
2014-12-13 06:55 - 2009-12-10 21:46 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent
2014-12-12 07:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2014-12-12 07:39 - 2011-08-04 15:08 - 00000000 ____D () C:\Windows\Minidump
2014-12-11 23:09 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-12-11 23:09 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-12-11 23:09 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2014-12-11 22:42 - 2014-04-02 15:57 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Orbit
2014-12-11 22:42 - 2012-11-30 09:16 - 00000000 ____D () C:\Program Files (x86)\Orbitdownloader
2014-12-11 22:42 - 2012-11-30 09:15 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Orbit
2014-12-11 22:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2014-12-11 20:10 - 2014-04-01 13:44 - 00000000 ____D () C:\Users\Kids\AppData\Local\Avg2013
2014-12-11 19:56 - 2014-02-14 16:20 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Search Protection
2014-12-11 19:46 - 2012-12-02 22:19 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2014-12-11 19:46 - 2010-03-01 18:43 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-12-11 19:46 - 2010-03-01 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-11 19:46 - 2010-03-01 18:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-10 20:06 - 2014-10-25 06:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 20:01 - 2014-08-04 05:54 - 00003256 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-12-10 20:01 - 2014-02-02 08:28 - 00000000 ____D () C:\Program Files (x86)\Samsung SSD Magician
2014-12-10 06:57 - 2014-05-08 22:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 06:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 22:45 - 2009-12-12 20:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 22:44 - 2013-08-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 22:40 - 2009-12-09 20:52 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 17:48 - 2013-06-21 15:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 17:48 - 2013-06-21 15:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 17:48 - 2013-06-21 15:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 17:31 - 2014-08-30 05:57 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-12-09 17:31 - 2013-07-11 13:27 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-12-07 08:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-06 07:44 - 2013-11-22 21:40 - 00949760 ___SH () C:\Users\Chris\Downloads\Thumbs.db
2014-11-30 08:15 - 2014-11-03 20:50 - 00000000 ____D () C:\Users\Chris\Desktop\2014_11_03
2014-11-29 14:26 - 2009-12-09 20:45 - 00000000 ____D () C:\Users\Chris
2014-11-24 14:44 - 2013-06-21 15:28 - 00000000 ____D () C:\Users\Chris\AppData\Local\Cisco
2014-11-23 19:21 - 2014-10-12 19:33 - 00000530 _____ () C:\Users\Kids\Desktop\Williams, Laurie L - Welcome.website
2014-11-21 17:35 - 2014-08-21 09:14 - 00000240 _____ () C:\Users\Kids\Desktop\Club Penguin  Waddle around and meet new friends.url
2014-11-21 08:10 - 2014-04-02 15:58 - 00000000 ____D () C:\Users\Kids\Desktop\Emilia's Folder
2014-11-21 06:14 - 2010-03-01 18:43 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 17:32 - 2014-04-05 14:23 - 00000000 ____D () C:\Users\Kids\Desktop\Microsoft Office
2014-11-16 19:39 - 2012-09-27 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foto-Mosaik-Edda
2014-11-16 19:39 - 2012-09-27 13:00 - 00000000 ____D () C:\Program Files (x86)\Foto-Mosaik-Edda
 
Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 00:28
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Chris at 2014-12-16 05:56:44
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}) (Version: 1.3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)
ASUS Sync (HKLM-x32\...\{488E9FD9-7C30-4120-8790-410F46F13CD6}) (Version: 1.0.97 - FutureDial Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4235 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.2.0.829 - AVG Technologies)
BeerSmith (HKLM-x32\...\BeerSmith) (Version:  - )
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04066 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix XenApp Web Plugin (HKLM-x32\...\{C0B165DC-F037-483F-B1C9-D89D91529CEB}) (Version: 11.0.150.5357 - Citrix Systems, Inc.)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Dropbox (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DVDFab 6.2.0.5 (11/11/2009) (HKLM-x32\...\DVDFab 6_is1) (Version:  - Fengtao Software Inc.)
DVDFab 8.1.9.8 (27/07/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
EndNote X5 (HKLM-x32\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.0.5478 - Thomson Reuters)
ffdshow v1.1.4096 [2011-11-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4096.0 - )
Foto-Mosaik-Edda Standard V6.8.14126.1 (HKLM-x32\...\{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1) (Version:  - Steffen Schirmer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LG VZW United Drivers (HKLM-x32\...\{FF712194-6643-4E4D-A340-2D447A644F75}) (Version: 2.16.1 - LG Electronics)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 (HKLM-x32\...\M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1) (Version: 1 - Softpointer Inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mazaika 3.7 (HKLM-x32\...\Mazaika_is1) (Version:  - Boris A. Glazer)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoConnect (HKLM-x32\...\{B4654A72-087B-49B5-BDCA-E4894400C524}) (Version: 1.1.29 - Motorola)
MSI Afterburner 2.2.3 (HKLM-x32\...\Afterburner) (Version: 2.2.3 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Computer (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\portal-12cd4d5@@XA5 Prod:My Computer) (Version: 1.0 - Delivered by Citrix)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.62 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)
Remote Desktop Connection (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\portal-12cd4d5@@XA5 Prod:Remote Desktop Connection) (Version: 1.0 - Delivered by Citrix)
Samsung Auto Backup (HKLM-x32\...\{821D6F49-1B20-4809-8C73-286CFC52B1B1}) (Version: 4.1.371.0 - Clarus)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung SecretZone (HKLM-x32\...\{66491E5A-7899-4863-A2E9-057E10BCB578}) (Version: 2.0 - Clarus)
Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WakeOne (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\portal-12cd4d5@@Hyperspace:WakeOne) (Version: 1.0 - Delivered by Citrix)
WFUBMC Intranet Apps (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\portal-12cd4d5@@XA5 Prod:WFUBMC Intranet Apps) (Version: 1.0 - Delivered by Citrix)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
YTD Toolbar v10.3 (HKLM-x32\...\{DB3044F4-47BE-4104-8AED-D0B4038CCC80}) (Version: 10.3 - Spigot, Inc.) <==== ATTENTION
Zan Image Printer 5.0 (HKLM\...\zvprt50) (Version:  - )
ZD Manager (HKLM-x32\...\ZDManager) (Version:  - Zendeals)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {056EE872-E470-4C84-B2F2-F220401BBBED} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {08CF2507-F4AC-4D6B-A548-525A8B11A3AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {0B1486F2-ABB1-44FF-ABBE-B8F650DDA37D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {0CCCD7A3-1ACC-4AE1-8AD4-ADFCD53F2843} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {0E3ACCDE-D1CA-4DC4-848D-F9420E26BCD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {1860CE0D-121E-47BE-BCB1-4BBABB9D34F8} - System32\Tasks\{A63C80F9-5D8B-4B47-AB88-BA152EF04702} => C:\Users\Chris\Desktop\AFU236U.exe
Task: {1B8EFB11-098E-4762-8E04-6652B37DCA07} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-14] (Microsoft Corporation)
Task: {24322407-DCDB-4B42-B398-22B4971C15EE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {2CA0166D-FB83-41F4-99D2-A6920599317C} - System32\Tasks\{F7D7DD1A-B878-45D4-86BB-01DBF4F346E5} => D:\MS Office 2007 Pro Plus &amp; Expression Web.exe
Task: {31F9F848-C01A-4BF6-AA06-0C523AC7E02A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {368E04F2-1EC0-4EDF-82F1-0D4E4DBB037F} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe
Task: {3AFC7EEA-F208-4D49-8017-0BD689CDAB23} - System32\Tasks\{78F6FE58-338E-492F-9500-57D5630A45AD} => C:\Users\Chris\Desktop\AFU236U.exe
Task: {4C6D6891-2B84-4BB7-AB9A-C1DA52ED4798} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {5B1DFF8C-6D2D-4039-9DE9-4048F05E053A} - System32\Tasks\{9E86D9FE-32C3-4EFF-AAE1-885FA17CCBCE} => D:\Setup.exe
Task: {6A89EA2B-DD80-4DD9-81FD-17B988D73F13} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8E8753CB-55D0-42AA-8115-512B90D4FFD5} - System32\Tasks\{8F71403E-A311-41B7-88A3-42CE41DC66E2} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -d C:\Windows\SysWOW64 -c /AppMode=DOWNLOADMANAGER /VersionUpgrade /OldLicenseKey=4UVK2-ALYMF-SLKLU-AZ2UB-6GOKB-J
Task: {B2003092-516A-477B-9771-39C44F1E3096} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {BA84B4AD-44D2-46F3-93F3-060582E92DB5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-14] (Microsoft Corporation)
Task: {C2C43002-056D-4FDF-BF2B-5260918CE0DF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {C6964F5C-53B3-48C7-BECD-6EA75136E921} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-14] (Microsoft Corporation)
Task: {C86B66DD-1DBD-4274-B2C4-BE55973798D1} - System32\Tasks\{35D5BF89-213A-4ECE-8AF6-F1150F9EF7A3} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {CC1B1CF8-8760-4610-A5FE-691301D337D9} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-03-01] (Futuredial Inc.)
Task: {CE9D5746-CFDD-4EDE-8B83-A147E99AE44D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {D94EBB44-FEB1-494C-910B-BEDA5FA32B66} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Desktop-Chris Desktop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-14] (Microsoft Corporation)
Task: {DC505F15-F396-4722-B7D2-88E691506ECB} - System32\Tasks\{EA3FB5D0-37B9-4784-B74D-763E4F35FBFE} => C:\Users\Chris\Desktop\Vista\AsusSetup.exe
Task: {E9A48A78-835E-4BBF-A2C0-79931709DF8E} - System32\Tasks\{D01E15C5-FD40-4A57-83C7-B1B37AC81274} => pcalua.exe -a C:\Users\Chris\Desktop\Vista\Setup.exe -d C:\Users\Chris\Desktop\Vista
Task: {EF8E15FC-6678-4C21-9861-13DCF76C53AA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {F05BC4E9-5FA3-4C96-B27E-5CB75E0F428D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {F9458954-4640-4094-A7B1-66A97ED1A46E} - System32\Tasks\{809C9427-4534-43E2-B052-DD12B224511E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {FF3A93E1-FB1D-44A9-88F4-D96018B3C028} - System32\Tasks\{BA922071-AA89-464C-B277-C57A12AACA2F} => C:\Users\Chris\Desktop\AFU236U.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-11-19 11:20 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-14 07:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-12-15 22:19 - 2009-05-12 21:00 - 00102400 _____ () C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe
2014-12-09 17:31 - 2014-12-09 17:31 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2014-11-14 07:36 - 2014-11-14 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-12-12 12:07 - 2009-08-16 17:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2009-10-14 12:36 - 2009-10-14 12:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 12:34 - 2009-10-14 12:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2013-08-30 17:11 - 2013-08-30 17:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\kpcengine.2.3.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2009-12-15 22:19 - 2009-05-12 21:00 - 00282624 _____ () C:\Program Files (x86)\Clarus\Samsung SecretZone\MSMgrSDK.dll
2009-12-15 22:19 - 2009-05-11 20:39 - 00106496 _____ () C:\Program Files (x86)\Clarus\Samsung SecretZone\MSUtilSdk.dll
2009-12-15 22:19 - 2009-05-11 20:39 - 00528384 _____ () C:\Program Files (x86)\Clarus\Samsung SecretZone\MSMgrSDK.EN
2014-12-13 07:16 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-13 07:16 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-13 07:16 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-09 17:31 - 2014-12-09 17:31 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2014-09-24 18:42 - 2014-09-24 18:42 - 00081056 _____ () C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2014-02-02 08:28 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
2014-11-14 07:32 - 2014-11-14 07:36 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-09-24 18:42 - 2014-09-24 18:42 - 00081056 _____ () C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2014-11-14 07:32 - 2014-11-14 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-12-13 08:38 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 08:38 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 08:38 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 08:38 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2012-12-12 14:31 - 2012-12-12 14:31 - 00012336 _____ () C:\Program Files (x86)\Citrix\SelfServicePlugin\ExtensionSDK.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00516599 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\sqlite3.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00094208 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\fdHttpd.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00356352 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\asusDetect.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\asusDetectLegend.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00559244 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\sqlite3.7.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00139264 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\asusDisk.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: DeviceMonitorService => 2
MSCONFIG\Services: IntuitUpdateService => 2
MSCONFIG\Services: Media Center 18 Service => 3
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: ZDManager Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Users\Chris\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2526012750-3186116482-2568347101-500 - Administrator - Disabled)
Chris (S-1-5-21-2526012750-3186116482-2568347101-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-2526012750-3186116482-2568347101-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2526012750-3186116482-2568347101-1004 - Limited - Enabled)
Kids (S-1-5-21-2526012750-3186116482-2568347101-1005 - Limited - Enabled) => C:\Users\Kids
UpdatusUser (S-1-5-21-2526012750-3186116482-2568347101-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/16/2014 05:51:44 AM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002
 
Error: (12/16/2014 05:51:43 AM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: FF2E14
 
Error: (12/16/2014 05:51:15 AM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002
 
Error: (12/16/2014 05:51:14 AM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: FF2E14
 
Error: (12/15/2014 07:50:41 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002
 
Error: (12/15/2014 07:50:41 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: 92E14
 
Error: (12/15/2014 06:57:30 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002
 
Error: (12/15/2014 06:57:29 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: 362E14
 
Error: (12/15/2014 06:57:00 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure. Step: FamilySafetyServiceFactory initialization. Error code: 80070002
 
Error: (12/15/2014 06:56:59 PM) (Source: Family Safety Service) (EventID: 0) (User: )
Description: Startup failure: Open driver handle. Error code: DF2E14
 
 
System errors:
=============
Error: (12/16/2014 05:51:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Live Family Safety Service service terminated with the following error: 
%%-2147024894
 
Error: (12/16/2014 05:51:18 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (12/16/2014 05:51:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Live Family Safety Service service terminated with the following error: 
%%-2147024894
 
Error: (12/15/2014 07:50:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Live Family Safety Service service terminated with the following error: 
%%-2147024894
 
Error: (12/15/2014 06:57:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Live Family Safety Service service terminated with the following error: 
%%-2147024894
 
Error: (12/15/2014 06:57:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Live Family Safety Service service terminated with the following error: 
%%-2147024894
 
Error: (12/15/2014 06:56:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Live Family Safety Service service terminated with the following error: 
%%-2147024894
 
Error: (12/15/2014 06:56:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Live Family Safety Service service terminated with the following error: 
%%-2147024894
 
Error: (12/15/2014 06:55:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Live Family Safety Service service terminated with the following error: 
%%-2147024894
 
Error: (12/15/2014 06:55:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9A027D9F-AE6D-4116-AE94-BAB878D7EE47}
 
 
Microsoft Office Sessions:
=========================
Error: (05/11/2014 04:38:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/27/2011 04:39:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/17/2010 06:56:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/12/2009 10:05:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 105 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-15 16:49:36.305
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 16:49:36.227
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 16:49:35.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 16:49:35.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 16:49:35.478
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 16:49:35.400
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 16:49:08.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 16:49:08.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 15:09:41.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 15:09:41.101
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 41%
Total physical RAM: 4095.12 MB
Available physical RAM: 2392.18 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 4945.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:21.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Storage) (Fixed) (Total:465.76 GB) (Free:87.94 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:1396.92 GB) (Free:467.95 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: F1A51924)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: 2F595C24)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#4
BrianDrab
Posted 16 December 2014 - 03:28 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Step#1 - Warnings
Too Many Antivirus Programs
You are currently running AVG 2013 and Kaspersky Anti-Virus. Having more than one running at the same time is not a good idea as it can cause conflicts, crashes and performance issues. Please uninstall one of these programs and let me know which one you are keeping. As an FYI, AVG is up to version 2015. If you decide to keep AVG I'm going to recommend that you install the most current version but we can handle that once you are cleaned up.
 
Spybot Search & Destroy
I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.
immunize.JPG
 
CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
 

 

Step#2 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

 

AVG SafeGuard toolbar

Kaspersky Anti-Virus (either this or AVG)

AVG 2013 (either this or Kaspersky)

McAfee Security Scan Plus

Spybot - Search & Destroy (Optional)

YTD Toolbar v10.3

ZD Manager

 

 
Step#3 - Create Restore Point
1. Please click your start button, right-click on the Computer menu item and select Properties as show below.
ComputerProperties.JPG
 
2. Click on the Advanced system settings link.
AdvancedSystemSettings.JPG
 
3. Click the System Protection tab and then click the Create button.
 
SystemProperties.JPG
 
4. You will be asked to provide a description. Please type G2G and click Create.
 
SystemProtection.JPG
 
5. You will get a message telling you when it's complete. Click Close on the message. Note: If you get any error message trying to create the restore point let me know and don't continue.
 
 
Step#4 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.Attached File  fixlist.txt   7.18KB   227 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
Step#5 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
 
 
  
 
Items for your next post

1. Which Antivirus did you decide to keep?
2. FRST Fix log
3. AdwCleaner log
4. Let me know how your machine is after this?


  • 0

#5
EMLMOL
Posted 16 December 2014 - 07:55 PM

EMLMOL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thank you for the clear instructions!

 

I was able to follow all instructions but could not uninstall YTD toolbar. Here are the errors it gave me:

YTD not uninstalling.PNG

YTD not uninstalling 2.PNG

 

1. Which Antivirus did you decide to keep?
-I kept AVG Free edition and updated it to 2015. Got rid of Kaspersky.

2. FRST Fix log

-See below
3. AdwCleaner log

-See below
4. Let me know how your machine is after this?

-So far I have not seen the popup error. Only been on it for 5 min since doing the above..

 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Chris at 2014-12-16 20:30:50 Run:1
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris & UpdatusUser (Available profiles: Chris & UpdatusUser & Kids)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\RunOnce: [Adobe Speed Launcher] => 1418680399
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {1825dfb8-901b-11df-ac7a-001bfcdb2b00} - F:\setup.exe -a
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {1a642ce1-fa1b-11e2-a7cc-001bfcdb2b00} - H:\KDMElite.exe
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {2ff0a168-70b4-11e4-bba4-001bfcdb2b00} - H:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {40be6538-fd3f-11de-bc3d-001bfcdb2b00} - E:\Autoplay.exe -auto
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {8ec01e68-0b46-11e4-90c1-001bfcdb2b00} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {d39a215e-12aa-11e2-9a43-001bfcdb2b00} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {f68261b2-e74c-11de-bc75-001bfcdb2b00} - F:\SETUP.EXE
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\RunOnce: [Adobe Speed Launcher] => 1418684812
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\MountPoints2: {2ff0a168-70b4-11e4-bba4-001bfcdb2b00} - H:\VerizonSWUpgradeAssistantLauncher.exe
GroupPolicyUsers\S-1-5-21-2526012750-3186116482-2568347101-1005\User: Group Policy restriction detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {5C64BA7A-11B0-4609-B099-C4FC0DA8D856} URL = http://search.avg.co...}&ychte=us&nt=1
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={137244B2-7857-4E68-9CF5-46DD514DE27F}&mid=25e551794be5d82260c1c81e1e4b42aa-268e993bd84c66e058eb84a7569d70ada5bb6563&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-02-05 21:32:45&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={137244B2-7857-4E68-9CF5-46DD514DE27F}&mid=25e551794be5d82260c1c81e1e4b42aa-268e993bd84c66e058eb84a7569d70ada5bb6563&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-02-05 21:32:45&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms} 
BHO-x32: ZD Manager IE Plugin -> {18D6D197-45BB-465B-ADC0-274A70B49B55} -> C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll ()
C:\Program Files (x86)\ZD Systems
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] 
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] 
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1806872 2014-12-09] (AVG Secure Search)
S4 ZDManager Service; C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [176640 2012-11-07] () [File not signed]
U3 aq763zn8; C:\Windows\System32\Drivers\aq763zn8.sys [0 ] (Microsoft Corporation)
C:\Windows\System32\Drivers\aq763zn8.sys
2014-12-15 16:53 - 2014-12-15 16:53 - 00000000 ____D () C:\Users\Chris\AppData\Local\{982048E2-F993-44D8-B18F-A8FBDA99067E}
2014-12-05 08:29 - 2014-12-05 08:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\{6D03B67E-B190-4D63-909C-23B037963DAF}
2014-11-29 14:21 - 2014-11-29 14:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\{F90F4DEB-195B-453B-817C-C3825431B3D0}
2014-11-25 16:55 - 2014-11-25 16:55 - 00000000 ____D () C:\Users\Chris\AppData\Local\{37A3466C-5BD0-4F27-B793-690772C0A43F}
2014-12-13 07:19 - 2013-12-24 14:12 - 00000000 ____D () C:\ProgramData\VSO
2014-12-13 07:19 - 2013-12-24 14:12 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-12-13 07:19 - 2009-12-30 21:00 - 00000055 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.log
2014-12-13 07:19 - 2009-12-30 20:59 - 00099384 _____ () C:\Users\Chris\AppData\Roaming\inst.exe
2014-12-13 07:19 - 2009-12-30 20:59 - 00082816 _____ (VSO Software) C:\Users\Chris\AppData\Roaming\pcouffin.sys
2014-12-13 07:19 - 2009-12-30 20:59 - 00007859 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.cat
2014-12-13 07:19 - 2009-12-30 20:59 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Vso
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
C:\Program Files (x86)\AVG SafeGuard toolbar
2014-12-13 06:55 - 2009-12-10 21:46 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 => Group Policy Restriction on software not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 => Group Policy Restriction on software not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1825dfb8-901b-11df-ac7a-001bfcdb2b00}" => Key deleted successfully.
"HKCR\CLSID\{1825dfb8-901b-11df-ac7a-001bfcdb2b00}" => Key not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a642ce1-fa1b-11e2-a7cc-001bfcdb2b00}" => Key deleted successfully.
"HKCR\CLSID\{1a642ce1-fa1b-11e2-a7cc-001bfcdb2b00}" => Key not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ff0a168-70b4-11e4-bba4-001bfcdb2b00}" => Key deleted successfully.
"HKCR\CLSID\{2ff0a168-70b4-11e4-bba4-001bfcdb2b00}" => Key not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40be6538-fd3f-11de-bc3d-001bfcdb2b00}" => Key deleted successfully.
"HKCR\CLSID\{40be6538-fd3f-11de-bc3d-001bfcdb2b00}" => Key not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ec01e68-0b46-11e4-90c1-001bfcdb2b00}" => Key deleted successfully.
"HKCR\CLSID\{8ec01e68-0b46-11e4-90c1-001bfcdb2b00}" => Key not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d39a215e-12aa-11e2-9a43-001bfcdb2b00}" => Key deleted successfully.
"HKCR\CLSID\{d39a215e-12aa-11e2-9a43-001bfcdb2b00}" => Key not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f68261b2-e74c-11de-bc75-001bfcdb2b00}" => Key deleted successfully.
"HKCR\CLSID\{f68261b2-e74c-11de-bc75-001bfcdb2b00}" => Key not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => Value not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ff0a168-70b4-11e4-bba4-001bfcdb2b00}" => Key not found.
"HKCR\CLSID\{2ff0a168-70b4-11e4-bba4-001bfcdb2b00}" => Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2526012750-3186116482-2568347101-1005\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C64BA7A-11B0-4609-B099-C4FC0DA8D856}" => Key deleted successfully.
"HKCR\CLSID\{5C64BA7A-11B0-4609-B099-C4FC0DA8D856}" => Key not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18D6D197-45BB-465B-ADC0-274A70B49B55}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{18D6D197-45BB-465B-ADC0-274A70B49B55}" => Key deleted successfully.
"C:\Program Files (x86)\ZD Systems" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
"HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
"HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => Key not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => value deleted successfully.
"HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" => Key not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key not found.
McComponentHostService => Service not found.
vToolbarUpdater18.2.0 => Service not found.
ZDManager Service => Service not found.
aq763zn8 => Service not found.
"C:\Windows\System32\Drivers\aq763zn8.sys" => File/Directory not found.
C:\Users\Chris\AppData\Local\{982048E2-F993-44D8-B18F-A8FBDA99067E} => Moved successfully.
C:\Users\Chris\AppData\Local\{6D03B67E-B190-4D63-909C-23B037963DAF} => Moved successfully.
C:\Users\Chris\AppData\Local\{F90F4DEB-195B-453B-817C-C3825431B3D0} => Moved successfully.
C:\Users\Chris\AppData\Local\{37A3466C-5BD0-4F27-B793-690772C0A43F} => Moved successfully.
C:\ProgramData\VSO => Moved successfully.
C:\Program Files (x86)\VSO => Moved successfully.
C:\Users\Chris\AppData\Roaming\pcouffin.log => Moved successfully.
C:\Users\Chris\AppData\Roaming\inst.exe => Moved successfully.
C:\Users\Chris\AppData\Roaming\pcouffin.sys => Moved successfully.
C:\Users\Chris\AppData\Roaming\pcouffin.cat => Moved successfully.
C:\Users\Chris\AppData\Roaming\Vso => Moved successfully.
"HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.
C:\Users\Chris\AppData\Roaming\uTorrent => Moved successfully.
EmptyTemp: => Removed 3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
# AdwCleaner v4.105 - Report created 16/12/2014 at 20:42:09
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Chris - DESKTOP
# Running from : C:\Users\Chris\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\orbitdownloader
Folder Deleted : C:\Program Files (x86)\YTD Toolbar
Folder Deleted : C:\Users\Chris\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Chris\AppData\Roaming\GrabPro
Folder Deleted : C:\Users\Chris\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Kids\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [5606 octets] - [16/12/2014 20:39:25]
AdwCleaner[S0].txt - [5460 octets] - [16/12/2014 20:42:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5520 octets] ##########
 

 


  • 0

#6
BrianDrab
Posted 16 December 2014 - 08:02 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Great news. We need to check and clean up a few more things. I'll be back to you with some instructions tomorrow.


  • 0

#7
EMLMOL
Posted 16 December 2014 - 08:25 PM

EMLMOL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks!


  • 0

#8
BrianDrab
Posted 17 December 2014 - 05:30 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK a few more things to do. Please follow the instructions below.

 

Step#1 - Kaspersky Manual Removal Tool

Antivirus programs are notorious for leaving remnants around after uninstalling from Add/Remove programs. To ensure there will be no conflicts, please download the manual removal tool to your desktop. Go ahead and run this tool and reboot if prompted. If nothing is detected that's fine. Information on the tool's use can be found here. You can delete the kavremover.exe and associated log (name will start with kavremvr) once you are done running it.

 

 

Step#2 - JRT
 
Note: Please disable your Antivirus Software before doing this step. Info on how to do this is here.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

 

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step#4 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
  
 
Items for your next post

1. JRT Log

2. Rootkit Scan log
3. FRST and Addition logs

 


  • 0

#9
EMLMOL
Posted 17 December 2014 - 06:34 PM

EMLMOL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Chris on Wed 12/17/2014 at 19:07:55.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_B6E98F02-0C1B4990.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-02747EB8.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{091F3292-282D-4DEE-904B-3963AC4DA512}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{0F719ECB-8CA7-43AB-9B74-CAC8C862C27D}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{11301022-312C-4B23-9FCC-8567C9EF9769}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{154DF49C-94A5-4B50-93DD-9CD7AE45BFD4}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{15B70CBA-116D-48A7-B7E4-550E23B80C55}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{18021C1A-E010-46F0-AFBF-FB7C45BBF04B}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{194D8F95-59CD-4C29-BA7F-F5E5437C755A}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{1EC5D5B1-CF8F-401C-898E-D52D5B1A23AB}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{20696A5F-8CD9-4E1A-AE9E-5D7CB4861E14}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{225F06E5-4626-4F30-808C-337172C9DC66}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{23C9D811-0965-4AF7-B873-61A924611E09}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{24E82DEB-E654-4515-8CD1-F845C139CE0B}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{26DD9D0A-BEE9-40D9-AD04-639752DA2E8C}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{275351F4-6183-4D2B-A8E0-A59E14E754B8}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{2C2FAB8E-CFA3-43BD-A720-01B2EAB9278F}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{370F94BC-4D1A-4961-9BB2-7505E09CE98C}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{3735214B-4783-4C96-B4E7-85B4C289F4D0}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{392C54B7-066E-45EA-A49E-E704F56E1D9B}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{3A2DC8F3-37B1-426E-8DC7-3FE234EFDE6E}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{3B2E4840-AC14-428D-B468-BC1F4CE67F5E}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{3CF55752-C6F4-4279-BBC3-95EA236094AA}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{41769AEE-F065-4B1E-B59E-14A219C863FA}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{46E7D692-568F-469F-A85F-EECAE1675370}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{47508DE6-8615-429C-9505-6B339A99961C}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{563D58FA-84E8-4B76-BB8B-8641967750BD}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{56F9A61D-A0E3-4F9C-B3DD-4467A3F18829}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{59B32733-8366-4457-A018-A5BDF056F183}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{5E0EF176-1D7D-4F37-BDB3-E08B57D0C731}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{5F309C75-1F72-4DCE-B293-3E5268A01875}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{5F81D880-81A8-4AF9-935A-3291F9F9FECA}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{60295061-7E2A-4A7B-95BC-A0A78AA7D2E4}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{6916588A-A928-43C1-9247-FAAC7AC56AC7}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{6BDC13B7-1EB8-4C7E-ACB3-C876C9509E9F}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{6EB7CC78-43BA-4AA7-A733-2B500AE0D118}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{70A2C861-37A5-4AD0-BCE9-3E99BD54744E}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{7255F458-AEB8-41A6-B9C1-BB31BCFEC251}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{7314700A-6085-4FF9-AF3E-11A1C365E2D7}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{75FE2D2D-35A8-456E-A323-2DA741669C29}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{78095A49-377E-4F91-ADDE-5EA35CFC1B5F}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{8186CB0D-FEDE-4A49-9802-F591DF997E04}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{83D548FC-2AF1-435D-B1B4-00D69F93DC9C}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{8419EAFD-B0BF-4AC2-B7B3-5F2D12E3872E}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{85B76A70-29B8-4698-9B68-B0E395E3458D}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{8BF537DE-E98F-490E-B236-6327BD1EB9AB}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{98AE748A-B463-4C97-A171-D2E569489258}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{99F89A4F-9086-46F7-9522-7D6CF8F069B5}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{9A50513A-B558-4BC3-9683-C3364CFD7017}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{9A712ADA-3293-4FE5-9C45-0EC712602A1E}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{9A824D16-A645-4C45-87A7-D60B310B03DB}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{9C5982BB-47D8-449E-9299-4BEA7CB14CD6}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{9EB7D807-8BFA-46CF-9060-32EB431CC3F7}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{A03FADA9-4887-4561-801F-2995D28A92D8}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{A3D1DDB6-43A9-4048-8A4D-F7930FCD80BD}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{A96F54AC-6020-440B-A65B-9421B2D4AC2C}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{AD030038-E396-4F1C-AF0F-D43BF8089F00}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{AD72B90E-3506-427A-BA57-AE44C81DF030}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{AF584686-6E20-4E29-9512-8B952F01243A}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{B6C74D33-79D2-4EE9-AA8B-A43ED9ED1E05}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{B89F8C06-3E21-445E-B1C8-3660E1816428}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{B8B00184-AE70-4C3C-B4D8-EBB56AE53256}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{B930DA87-A66F-4C43-B41A-4750DAF5330D}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{BEBDF576-C238-474E-BDAD-EEF9053B1A06}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{C4B4C55E-F0DD-457D-A3E5-B5D38AA07C22}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{C63EE3FC-081B-417E-82EC-FEC091B20B28}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{CA3A9721-93CD-41E0-8D73-E0588FDDCC39}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{CA45EBE8-3A39-4068-84A3-48BFC928A85F}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{CCA2A7E7-DED7-4984-A017-6B39612D1FA8}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{CCAC07A3-C469-4F05-A53E-D4BF70A7689C}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{CCC3F460-7C42-4B99-8F12-94BC1DC23EBB}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{CEEF49EF-D276-4B32-923F-01E66006AE26}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{D2204A30-0079-4507-8664-93F20FDB9081}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{D285238E-7922-4B78-8831-854B74279833}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{D3131142-C1B9-426E-9E81-7742BFADD89A}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{D31AA4B3-47EA-47C5-A190-44C29F409CA1}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{D3BB5646-BE4F-4DAE-A871-91997AF7846F}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{D5AF7734-78CB-4574-B3B4-A09641E16EBC}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{D5DDB294-F737-4C2C-B3A0-ED3136C7B9CE}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{DA8DCEFC-2046-4D7C-8FE2-CC6C4626E8F0}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{DAEB63D3-B0DD-4467-9C9E-95E9CEFAAD3A}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{DC80B467-6193-45FF-B136-E98D490AD72C}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{E0084088-EC66-4953-B41D-BB1939A01CF8}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{E1077505-BC33-4BFC-A717-178554EBD821}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{E4078F4B-67CC-4B64-B989-9E4B95C8F2BC}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{EE1E12BD-B56C-4B19-937B-57211346C182}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{F173EFC8-5910-4971-930A-3EFD40C1B7E3}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{F5C02DCF-D182-442A-A88A-F0794B78C046}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{FA1246B6-6F29-4D66-BE0B-E05CA0421D87}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{FE49FFC1-3059-48A5-96EC-38ACDF87E9E4}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/17/2014 at 19:12:20.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-17 19:18:23
-----------------------------
19:18:23.323    OS Version: Windows x64 6.1.7601 Service Pack 1
19:18:23.323    Number of processors: 2 586 0xF0B
19:18:23.323    ComputerName: DESKTOP  UserName: Chris
19:18:23.651    Initialize success
19:18:23.729    VM: initialized successfully
19:18:23.729    VM: Intel CPU supported 
19:18:27.332    VM: disk I/O atapi.sys
19:20:48.351    AVAST engine defs: 14121701
19:20:59.364    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-2
19:20:59.364    Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 122104MB BusType: 3
19:20:59.364    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-3
19:20:59.364    Disk 1 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476940MB BusType: 3
19:20:59.364    Disk 0 MBR read successfully
19:20:59.364    Disk 0 MBR scan
19:20:59.380    Disk 0 Windows 7 default MBR code
19:20:59.380    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       122103 MB offset 2048
19:20:59.380    Disk 0 default boot code
19:20:59.395    Disk 0 scanning C:\Windows\system32\drivers
19:21:03.670    Service scanning
19:21:13.966    Modules scanning
19:21:13.966    Disk 0 trace - called modules:
19:21:13.966    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039ad2c0]<<spns.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
19:21:13.966    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004982060]
19:21:13.981    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004887520]
19:21:13.981    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-2[0xfffffa8004889060]
19:21:13.981    \Driver\atapi[0xfffffa800480fe70] -> IRP_MJ_CREATE -> 0xfffffa80039ad2c0
19:21:14.262    AVAST engine scan C:\Windows
19:21:15.869    AVAST engine scan C:\Windows\system32
19:23:20.232    AVAST engine scan C:\Windows\system32\drivers
19:23:24.459    AVAST engine scan C:\Users\Chris
19:26:48.636    AVAST engine scan C:\ProgramData
19:27:50.880    Disk 0 statistics 4509490/0/0 @ 12.22 MB/s
19:27:50.896    Scan finished successfully
19:28:20.754    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
19:28:20.754    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Chris (administrator) on DESKTOP on 17-12-2014 19:29:44
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris & UpdatusUser (Available profiles: Chris & UpdatusUser & Kids)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Futuredial Inc.) C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-03] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ASUS Sync Loader] => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [638976 2013-03-01] (Futuredial Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-25] (Google Inc.)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-17] (SUPERAntiSpyware)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [SkyDrive] => C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\RunOnce: [Adobe Speed Launcher] => 1418861821
AppInit_DLLs-x32: C:\Users\Chris\AppData\Local\Citrix\ICACLI~1\RSHook.dll => C:\Users\Chris\AppData\Local\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {7589BD12-FE0F-4692-AA5A-70BE5B34D729} URL = http://www.google.co...1I7GGHP_enUS472
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {8B4E5E9C-C0E4-4D04-81A2-489A6AA1F5FF} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {C0F162FE-A18F-48DA-985A-5EF8597DC60B} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Chris\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BCE24BD5-5773-495A-8576-4ADE0BCA38B1}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Users\Chris\AppData\Local\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://radisnet.rad.wfubmc.edu/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-13]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-13]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-13]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-13]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-13]
CHR Extension: (Google Voice (by Google)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-12-15]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-13]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-13]
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Profile 13
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MSR Service; C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe [102400 2009-05-12] () [File not signed]
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
S2 NMSAccess; C:\AQi\bin\NMSAccess32.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-09] () [File not signed]
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [24576 2014-05-27] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2014-05-27] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2014-05-27] (LG Electronics Inc.)
U3 ayokll7v; C:\Windows\System32\Drivers\ayokll7v.sys [0 ] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U2 V2iMount; No ImagePath
U3 aswMBR; \??\C:\Users\Chris\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Chris\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 19:29 - 2014-12-17 19:29 - 00000000 ____D () C:\Users\Chris\Desktop\FRST-OlderVersion
2014-12-17 19:28 - 2014-12-17 19:28 - 00002383 _____ () C:\Users\Chris\Desktop\aswMBR.txt
2014-12-17 19:28 - 2014-12-17 19:28 - 00000512 _____ () C:\Users\Chris\Desktop\MBR.dat
2014-12-17 19:17 - 2014-12-17 19:18 - 05198336 _____ (AVAST Software) C:\Users\Chris\Desktop\aswMBR.exe
2014-12-17 19:12 - 2014-12-17 19:12 - 00010199 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-12-17 19:07 - 2014-12-17 19:07 - 01707646 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-12-17 19:07 - 2014-12-17 19:07 - 00000000 ____D () C:\Windows\ERUNT
2014-12-17 19:06 - 2014-12-17 19:06 - 00207819 _____ () C:\Users\Chris\Desktop\kavremvr 2014-12-17 19-06-16 (pid 6796).log
2014-12-17 19:04 - 2014-12-17 19:06 - 03592434 _____ () C:\Users\Chris\Desktop\kavremvr 2014-12-17 19-04-01 (pid 5124).log
2014-12-17 19:03 - 2014-12-17 19:03 - 07250624 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\kavremover.exe
2014-12-17 06:11 - 2014-12-17 06:11 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\AVG2015
2014-12-17 06:11 - 2014-12-17 06:11 - 00000000 ____D () C:\Users\Kids\AppData\Local\Avg2015
2014-12-16 20:37 - 2014-12-16 20:42 - 00000000 ____D () C:\AdwCleaner
2014-12-16 20:37 - 2014-12-16 20:37 - 02166272 _____ () C:\Users\Chris\Desktop\AdwCleaner.exe
2014-12-16 20:02 - 2014-12-16 20:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVG2015
2014-12-16 20:00 - 2014-12-16 20:00 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-16 19:59 - 2014-12-16 20:01 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-16 19:57 - 2014-12-16 20:02 - 00000000 ____D () C:\Users\Chris\AppData\Local\Avg2015
2014-12-16 05:56 - 2014-12-17 19:29 - 00029621 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-12-16 05:56 - 2014-12-16 05:57 - 00047898 _____ () C:\Users\Chris\Desktop\Addition.txt
2014-12-16 05:55 - 2014-12-17 19:29 - 00000000 ____D () C:\FRST
2014-12-16 05:54 - 2014-12-17 19:29 - 02121216 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-12-15 15:23 - 2014-12-15 15:23 - 00102142 _____ () C:\Users\Chris\Desktop\Extras.Txt
2014-12-15 15:21 - 2014-12-15 15:21 - 00149882 _____ () C:\Users\Chris\Desktop\OTL.Txt
2014-12-15 15:12 - 2014-12-15 15:12 - 00602112 _____ (OldTimer Tools) C:\Users\Chris\Desktop\OTL.exe
2014-12-14 07:53 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-14 07:53 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-14 07:48 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-14 07:48 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-14 07:47 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-13 11:13 - 2014-12-13 11:13 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\SUPERAntiSpyware.com
2014-12-13 11:12 - 2014-12-13 11:12 - 00002259 _____ () C:\Users\Kids\Desktop\Google Chrome.lnk
2014-12-13 11:12 - 2014-12-13 11:12 - 00000000 ____D () C:\Users\Kids\AppData\Local\NVIDIA
2014-12-13 10:51 - 2014-12-13 10:51 - 00000000 ____D () C:\Users\Chris\AppData\Local\NVIDIA
2014-12-13 10:51 - 2014-12-13 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-13 09:44 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-13 09:44 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-13 09:44 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-13 09:44 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-13 09:43 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-13 09:43 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-13 09:43 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-13 09:43 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-13 09:43 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-13 09:43 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-13 09:43 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-13 09:43 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-13 09:43 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-13 09:43 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-13 09:43 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-13 09:43 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-13 09:41 - 2014-12-13 09:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 09:41 - 2014-12-13 09:41 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 09:41 - 2014-12-13 09:41 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-13 09:41 - 2014-12-13 09:41 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-13 09:41 - 2014-12-13 09:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-13 09:41 - 2014-12-13 09:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-13 09:41 - 2014-12-13 09:41 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-13 09:41 - 2014-12-13 09:41 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-13 09:41 - 2014-12-13 09:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-13 09:41 - 2014-12-13 09:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-13 09:41 - 2014-12-13 09:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-13 09:41 - 2014-12-13 09:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-13 09:36 - 2014-12-13 09:43 - 00007657 _____ () C:\Windows\IE11_main.log
2014-12-13 09:34 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-13 09:34 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-13 09:34 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-13 09:34 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-13 09:30 - 2014-12-13 09:34 - 00003397 _____ () C:\Windows\IE9_main.log
2014-12-13 09:29 - 2014-07-02 12:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-13 09:29 - 2014-07-02 05:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-13 08:56 - 2014-12-13 08:56 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-13 08:56 - 2014-12-13 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-13 08:48 - 2012-05-04 18:29 - 00772504 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-12-13 08:48 - 2012-05-04 18:29 - 00687504 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-12-13 08:41 - 2014-12-13 08:41 - 00000000 ____D () C:\Program Files\Java
2014-12-13 08:39 - 2014-12-13 08:41 - 92658088 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jre-8u25-windows-x64.exe
2014-12-13 08:38 - 2014-12-13 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-13 07:28 - 2014-12-13 07:28 - 00000000 ____D () C:\SUPERDelete
2014-12-13 07:19 - 2014-12-13 07:19 - 00000000 ____D () C:\Users\Chris\Documents\PcSetup
2014-12-13 07:17 - 2014-12-13 07:17 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-13 07:16 - 2014-12-16 20:06 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-13 07:16 - 2014-12-16 19:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-13 07:11 - 2014-12-17 19:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-13 07:11 - 2014-12-13 07:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-13 07:11 - 2014-12-13 07:11 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-12-13 07:11 - 2014-12-13 07:11 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2014-12-13 07:11 - 2014-12-13 07:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-13 07:04 - 2014-12-13 07:04 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\J River
2014-12-13 07:03 - 2014-12-13 07:04 - 20686424 _____ (SUPERAntiSpyware) C:\Users\Chris\Downloads\SUPERAntiSpyware.exe
2014-12-13 06:52 - 2014-12-15 16:44 - 00000000 ____D () C:\Windows\pss
2014-12-12 18:02 - 2014-12-17 19:20 - 00503850 _____ () C:\Windows\WindowsUpdate.log
2014-12-12 17:59 - 2014-12-17 19:16 - 00001176 _____ () C:\Windows\setupact.log
2014-12-12 17:59 - 2014-12-12 17:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-12 07:49 - 2014-12-17 19:16 - 00115502 _____ () C:\Windows\PFRO.log
2014-12-11 22:49 - 2014-12-16 20:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-11 19:47 - 2014-12-12 18:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 19:46 - 2014-12-11 19:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-11 19:46 - 2014-12-11 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-11 19:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 19:46 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-10 20:00 - 2014-12-10 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
2014-12-10 19:27 - 2014-12-10 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-10 19:26 - 2014-12-10 19:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-10 19:26 - 2014-12-10 19:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 06:57 - 2014-12-10 06:57 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 22:38 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 22:38 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 22:38 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-09 22:38 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-09 22:38 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-09 22:38 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-09 22:38 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-09 22:38 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-09 22:38 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-09 22:38 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 17:30 - 2014-12-09 17:30 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb
2014-12-09 13:30 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 13:30 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 13:30 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 13:30 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 13:30 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 13:30 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 13:30 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 13:29 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 13:29 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 13:29 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 13:29 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 13:29 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 13:29 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 13:29 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 13:29 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 13:29 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 13:29 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 13:29 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 13:29 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 13:29 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 13:29 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 14:36 - 2014-02-10 12:04 - 00430080 _____ (Farbar) C:\Windows\mod_frst.exe
2014-12-06 07:41 - 2014-12-06 08:45 - 00000000 ____D () C:\Users\Chris\Desktop\Child Care
2014-12-03 22:06 - 2014-12-03 22:06 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieBrowserModeList
2014-12-03 21:57 - 2014-11-07 13:39 - 00000000 ____D () C:\Users\Chris\Desktop\mricrogl
2014-11-21 08:26 - 2014-11-21 08:26 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-11-21 08:26 - 2014-11-21 08:26 - 00000000 ____D () C:\LGMobileUpgrade
2014-11-20 17:36 - 2014-12-08 18:45 - 00000799 _____ () C:\Users\Kids\Desktop\▶ 3 Hours of Christmas Music Classics and Holiday Scenery - YouTube.website
2014-11-20 10:00 - 2014-11-20 10:00 - 00001176 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Remote Desktop Connection.lnk
2014-11-20 10:00 - 2014-11-20 10:00 - 00001151 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WFUBMC Intranet Apps.lnk
2014-11-20 07:51 - 2014-11-20 07:52 - 00004625 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-20 00:55 - 2014-12-16 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-18 16:50 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:50 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 16:50 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 16:50 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 19:24 - 2012-02-25 12:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 19:23 - 2009-07-13 23:45 - 00025232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 19:23 - 2009-07-13 23:45 - 00025232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 19:20 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 19:17 - 2013-10-30 04:44 - 00000000 ___RD () C:\Users\Chris\SkyDrive
2014-12-17 19:17 - 2009-12-13 08:56 - 00000000 ____D () C:\Users\Chris\Tracing
2014-12-17 19:16 - 2012-02-25 12:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 19:16 - 2009-12-10 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-17 19:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 19:07 - 2010-01-14 20:40 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9C149FD5-FBFB-41B9-BAEC-1FE8FC89AEEB}
2014-12-17 19:00 - 2014-06-14 06:18 - 00000535 _____ () C:\Users\Kids\Desktop\Netflix.website
2014-12-17 18:48 - 2013-06-21 15:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 17:49 - 2010-10-12 18:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-17 07:01 - 2014-10-12 19:33 - 00000530 _____ () C:\Users\Kids\Desktop\Williams, Laurie L - Welcome.website
2014-12-17 06:11 - 2014-04-01 13:43 - 00000278 __RSH () C:\Users\Kids\ntuser.pol
2014-12-17 06:11 - 2014-04-01 13:43 - 00000000 ____D () C:\Users\Kids
2014-12-16 20:36 - 2014-04-01 17:55 - 00000008 __RSH () C:\Users\Chris\ntuser.pol
2014-12-16 20:36 - 2010-08-13 20:48 - 02962944 ___SH () C:\Users\Chris\Desktop\Thumbs.db
2014-12-16 20:36 - 2009-12-09 20:45 - 00000000 ____D () C:\Users\Chris
2014-12-16 20:32 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-16 20:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-16 20:18 - 2013-06-23 06:27 - 00000000 ____D () C:\Program Files\zvprt50
2014-12-16 20:06 - 2013-07-11 13:26 - 00000000 ____D () C:\ProgramData\AVG2013
2014-12-16 20:02 - 2009-12-09 23:57 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-15 18:06 - 2014-04-01 13:44 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Adobe
2014-12-15 14:48 - 2011-07-05 08:47 - 00007601 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2014-12-15 14:15 - 2012-09-27 06:02 - 00004096 ___SH () C:\VSNAP.IDX
2014-12-15 14:14 - 2009-12-13 09:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2014-12-14 08:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 11:14 - 2014-04-03 07:07 - 00115640 _____ () C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-13 11:12 - 2014-04-02 15:56 - 00000000 ____D () C:\Users\Kids\AppData\Local\Google
2014-12-13 10:51 - 2013-06-21 13:57 - 00001417 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-13 10:40 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-13 10:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-13 09:30 - 2009-12-10 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-13 09:30 - 2009-12-10 18:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 09:29 - 2012-10-04 14:20 - 00000000 ____D () C:\Temp
2014-12-13 08:42 - 2013-11-23 19:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-13 08:38 - 2010-03-09 21:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-13 08:37 - 2011-02-15 16:11 - 00000000 ____D () C:\Users\Chris\AppData\Local\Deployment
2014-12-13 08:11 - 2012-10-04 14:20 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-12-13 08:11 - 2009-12-09 23:21 - 00000000 ____D () C:\Windows\Panther
2014-12-13 08:11 - 2009-07-13 23:45 - 03056544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 07:24 - 2010-03-09 21:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-12-13 07:15 - 2009-12-09 23:58 - 00115640 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-13 07:14 - 2010-08-17 13:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\SanDisk
2014-12-13 07:11 - 2010-01-09 09:33 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-12-13 07:10 - 2011-02-17 20:20 - 00000000 ____D () C:\Program Files\Tracker Software
2014-12-13 07:09 - 2013-11-10 08:30 - 00000000 ____D () C:\Users\Chris\Documents\Musicnotes
2014-12-13 07:09 - 2009-12-10 06:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-13 07:08 - 2012-11-23 15:30 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2014-12-13 07:08 - 2012-10-04 14:20 - 00000000 ____D () C:\ProgramData\Nero
2014-12-13 07:08 - 2012-10-04 14:19 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Motorola
2014-12-13 07:08 - 2010-07-16 20:47 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-12-13 06:58 - 2009-12-17 04:05 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-12-13 06:57 - 2012-06-11 18:53 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-12-13 06:56 - 2013-06-23 06:27 - 00000000 ____D () C:\AQi
2014-12-12 07:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2014-12-12 07:39 - 2011-08-04 15:08 - 00000000 ____D () C:\Windows\Minidump
2014-12-11 22:42 - 2014-04-02 15:57 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Orbit
2014-12-11 22:42 - 2012-11-30 09:15 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Orbit
2014-12-11 22:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2014-12-11 19:46 - 2012-12-02 22:19 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2014-12-11 19:46 - 2010-03-01 18:43 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-12-11 19:46 - 2010-03-01 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-11 19:46 - 2010-03-01 18:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-10 20:06 - 2014-10-25 06:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 20:01 - 2014-08-04 05:54 - 00003256 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-12-10 20:01 - 2014-02-02 08:28 - 00000000 ____D () C:\Program Files (x86)\Samsung SSD Magician
2014-12-10 06:57 - 2014-05-08 22:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 06:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 22:45 - 2009-12-12 20:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 22:44 - 2013-08-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 22:40 - 2009-12-09 20:52 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 17:48 - 2013-06-21 15:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 17:48 - 2013-06-21 15:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 17:48 - 2013-06-21 15:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-07 08:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-06 07:44 - 2013-11-22 21:40 - 00949760 ___SH () C:\Users\Chris\Downloads\Thumbs.db
2014-11-30 08:15 - 2014-11-03 20:50 - 00000000 ____D () C:\Users\Chris\Desktop\2014_11_03
2014-11-24 14:44 - 2013-06-21 15:28 - 00000000 ____D () C:\Users\Chris\AppData\Local\Cisco
2014-11-21 17:35 - 2014-08-21 09:14 - 00000240 _____ () C:\Users\Kids\Desktop\Club Penguin  Waddle around and meet new friends.url
2014-11-21 08:10 - 2014-04-02 15:58 - 00000000 ____D () C:\Users\Kids\Desktop\Emilia's Folder
2014-11-21 06:14 - 2010-03-01 18:43 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 17:32 - 2014-04-05 14:23 - 00000000 ____D () C:\Users\Kids\Desktop\Microsoft Office
 
Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 00:28
 
==================== End Of Log ============================
 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Chris at 2014-12-17 19:30:19
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}) (Version: 1.3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)
ASUS Sync (HKLM-x32\...\{488E9FD9-7C30-4120-8790-410F46F13CD6}) (Version: 1.0.97 - FutureDial Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
BeerSmith (HKLM-x32\...\BeerSmith) (Version:  - )
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04066 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix XenApp Web Plugin (HKLM-x32\...\{C0B165DC-F037-483F-B1C9-D89D91529CEB}) (Version: 11.0.150.5357 - Citrix Systems, Inc.)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Dropbox (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DVDFab 6.2.0.5 (11/11/2009) (HKLM-x32\...\DVDFab 6_is1) (Version:  - Fengtao Software Inc.)
DVDFab 8.1.9.8 (27/07/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
EndNote X5 (HKLM-x32\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.0.5478 - Thomson Reuters)
ffdshow v1.1.4096 [2011-11-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4096.0 - )
Foto-Mosaik-Edda Standard V6.8.14126.1 (HKLM-x32\...\{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1) (Version:  - Steffen Schirmer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LG VZW United Drivers (HKLM-x32\...\{FF712194-6643-4E4D-A340-2D447A644F75}) (Version: 2.16.1 - LG Electronics)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 (HKLM-x32\...\M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1) (Version: 1 - Softpointer Inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mazaika 3.7 (HKLM-x32\...\Mazaika_is1) (Version:  - Boris A. Glazer)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoConnect (HKLM-x32\...\{B4654A72-087B-49B5-BDCA-E4894400C524}) (Version: 1.1.29 - Motorola)
MSI Afterburner 2.2.3 (HKLM-x32\...\Afterburner) (Version: 2.2.3 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Computer (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\portal-12cd4d5@@XA5 Prod:My Computer) (Version: 1.0 - Delivered by Citrix)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.62 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)
Remote Desktop Connection (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\portal-12cd4d5@@XA5 Prod:Remote Desktop Connection) (Version: 1.0 - Delivered by Citrix)
Samsung Auto Backup (HKLM-x32\...\{821D6F49-1B20-4809-8C73-286CFC52B1B1}) (Version: 4.1.371.0 - Clarus)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung SecretZone (HKLM-x32\...\{66491E5A-7899-4863-A2E9-057E10BCB578}) (Version: 2.0 - Clarus)
Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WakeOne (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\portal-12cd4d5@@Hyperspace:WakeOne) (Version: 1.0 - Delivered by Citrix)
WFUBMC Intranet Apps (HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\portal-12cd4d5@@XA5 Prod:WFUBMC Intranet Apps) (Version: 1.0 - Delivered by Citrix)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
YTD Toolbar v10.3 (HKLM-x32\...\{DB3044F4-47BE-4104-8AED-D0B4038CCC80}) (Version: 10.3 - Spigot, Inc.) <==== ATTENTION
Zan Image Printer 5.0 (HKLM\...\zvprt50) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {056EE872-E470-4C84-B2F2-F220401BBBED} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {0B1486F2-ABB1-44FF-ABBE-B8F650DDA37D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {0CCCD7A3-1ACC-4AE1-8AD4-ADFCD53F2843} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {0E3ACCDE-D1CA-4DC4-848D-F9420E26BCD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {1860CE0D-121E-47BE-BCB1-4BBABB9D34F8} - System32\Tasks\{A63C80F9-5D8B-4B47-AB88-BA152EF04702} => C:\Users\Chris\Desktop\AFU236U.exe
Task: {1B8EFB11-098E-4762-8E04-6652B37DCA07} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-14] (Microsoft Corporation)
Task: {24322407-DCDB-4B42-B398-22B4971C15EE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {2CA0166D-FB83-41F4-99D2-A6920599317C} - System32\Tasks\{F7D7DD1A-B878-45D4-86BB-01DBF4F346E5} => D:\MS Office 2007 Pro Plus &amp; Expression Web.exe
Task: {32E34C59-0BD0-4E8F-8384-CF338768994D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Desktop-Kids Desktop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-14] (Microsoft Corporation)
Task: {368E04F2-1EC0-4EDF-82F1-0D4E4DBB037F} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe
Task: {3AFC7EEA-F208-4D49-8017-0BD689CDAB23} - System32\Tasks\{78F6FE58-338E-492F-9500-57D5630A45AD} => C:\Users\Chris\Desktop\AFU236U.exe
Task: {4C6D6891-2B84-4BB7-AB9A-C1DA52ED4798} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {5B1DFF8C-6D2D-4039-9DE9-4048F05E053A} - System32\Tasks\{9E86D9FE-32C3-4EFF-AAE1-885FA17CCBCE} => D:\Setup.exe
Task: {6A89EA2B-DD80-4DD9-81FD-17B988D73F13} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8E8753CB-55D0-42AA-8115-512B90D4FFD5} - System32\Tasks\{8F71403E-A311-41B7-88A3-42CE41DC66E2} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -d C:\Windows\SysWOW64 -c /AppMode=DOWNLOADMANAGER /VersionUpgrade /OldLicenseKey=4UVK2-ALYMF-SLKLU-AZ2UB-6GOKB-J
Task: {B2003092-516A-477B-9771-39C44F1E3096} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {BA84B4AD-44D2-46F3-93F3-060582E92DB5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-14] (Microsoft Corporation)
Task: {C6964F5C-53B3-48C7-BECD-6EA75136E921} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-14] (Microsoft Corporation)
Task: {C86B66DD-1DBD-4274-B2C4-BE55973798D1} - System32\Tasks\{35D5BF89-213A-4ECE-8AF6-F1150F9EF7A3} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {CC1B1CF8-8760-4610-A5FE-691301D337D9} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-03-01] (Futuredial Inc.)
Task: {CE9D5746-CFDD-4EDE-8B83-A147E99AE44D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {D94EBB44-FEB1-494C-910B-BEDA5FA32B66} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Desktop-Chris Desktop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-14] (Microsoft Corporation)
Task: {DC505F15-F396-4722-B7D2-88E691506ECB} - System32\Tasks\{EA3FB5D0-37B9-4784-B74D-763E4F35FBFE} => C:\Users\Chris\Desktop\Vista\AsusSetup.exe
Task: {E9A48A78-835E-4BBF-A2C0-79931709DF8E} - System32\Tasks\{D01E15C5-FD40-4A57-83C7-B1B37AC81274} => pcalua.exe -a C:\Users\Chris\Desktop\Vista\Setup.exe -d C:\Users\Chris\Desktop\Vista
Task: {EF8E15FC-6678-4C21-9861-13DCF76C53AA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {F05BC4E9-5FA3-4C96-B27E-5CB75E0F428D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {F9458954-4640-4094-A7B1-66A97ED1A46E} - System32\Tasks\{809C9427-4534-43E2-B052-DD12B224511E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {FF3A93E1-FB1D-44A9-88F4-D96018B3C028} - System32\Tasks\{BA922071-AA89-464C-B277-C57A12AACA2F} => C:\Users\Chris\Desktop\AFU236U.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-11-19 11:20 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-14 07:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-12-15 22:19 - 2009-05-12 21:00 - 00102400 _____ () C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe
2014-11-14 07:36 - 2014-11-14 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-10-14 12:36 - 2009-10-14 12:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 12:34 - 2009-10-14 12:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2013-08-30 17:11 - 2013-08-30 17:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2009-12-15 22:19 - 2009-05-12 21:00 - 00282624 _____ () C:\Program Files (x86)\Clarus\Samsung SecretZone\MSMgrSDK.dll
2009-12-15 22:19 - 2009-05-11 20:39 - 00106496 _____ () C:\Program Files (x86)\Clarus\Samsung SecretZone\MSUtilSdk.dll
2009-12-15 22:19 - 2009-05-11 20:39 - 00528384 _____ () C:\Program Files (x86)\Clarus\Samsung SecretZone\MSMgrSDK.EN
2014-02-02 08:28 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
2014-09-24 18:42 - 2014-09-24 18:42 - 00081056 _____ () C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2014-09-24 18:42 - 2014-09-24 18:42 - 00081056 _____ () C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2014-11-14 07:32 - 2014-11-14 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-12-13 08:38 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 08:38 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00516599 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\sqlite3.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00094208 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\fdHttpd.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00356352 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\asusDetect.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\asusDetectLegend.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00559244 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\sqlite3.7.dll
2013-03-01 10:55 - 2013-03-01 10:55 - 00139264 _____ () C:\Program Files (x86)\ASUS\ASUS Sync\asusDisk.dll
2014-11-14 07:32 - 2014-11-14 07:36 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-14 07:31 - 2014-11-14 07:31 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-12-13 08:38 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 08:38 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: DeviceMonitorService => 2
MSCONFIG\Services: IntuitUpdateService => 2
MSCONFIG\Services: Media Center 18 Service => 3
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: ZDManager Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Users\Chris\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2526012750-3186116482-2568347101-500 - Administrator - Disabled)
Chris (S-1-5-21-2526012750-3186116482-2568347101-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-2526012750-3186116482-2568347101-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2526012750-3186116482-2568347101-1004 - Limited - Enabled)
Kids (S-1-5-21-2526012750-3186116482-2568347101-1005 - Limited - Enabled) => C:\Users\Kids
UpdatusUser (S-1-5-21-2526012750-3186116482-2568347101-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (12/17/2014 07:17:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/17/2014 07:17:07 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (12/17/2014 07:17:05 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (12/17/2014 07:17:02 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (12/17/2014 07:16:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mvd20 service failed to start due to the following error: 
%%1275
 
Error: (12/17/2014 07:16:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/17/2014 07:16:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/17/2014 07:16:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mvd20 service failed to start due to the following error: 
%%1275
 
Error: (12/17/2014 07:16:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mvd20 service failed to start due to the following error: 
%%1275
 
Error: (12/17/2014 07:16:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (05/11/2014 04:38:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/27/2011 04:39:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/17/2010 06:56:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/12/2009 10:05:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 105 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-17 19:16:48.555
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 19:16:48.477
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 19:16:48.227
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 19:16:48.149
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 19:16:47.931
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 19:16:47.837
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 19:16:47.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 19:16:47.447
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 19:16:38.742
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 19:16:38.664
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Clarus\Samsung SecretZone\mvd20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 55%
Total physical RAM: 4095.12 MB
Available physical RAM: 1841.08 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 5769.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:26.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Storage) (Fixed) (Total:465.76 GB) (Free:87.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: F1A51924)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#10
BrianDrab
Posted 18 December 2014 - 05:53 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Great job. Things are looking up. More to clean up. Please follow the instructions below.

 

 

Step#1 - FRST Registry Search
 
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the words YTD Toolbar into the Search box and click the Search Registry button.
    Search.JPG
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be saved on your desktop named Search.txt.

 

Step#2 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.Attached File  fixlist.txt   909bytes   209 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - Malwarebytes Scan

I see that you have the most current version of Malwarebytes installed on your machine. Can you please do a scan follow the instructions below?

  • Open up Malwarebytes by double-clicking the icon on the desktop.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

  

 

Items for your next post

1. Registry Search Results

2. FRST Fix Results

3. Malwarebytes log


  • 0

Advertisements

#11
EMLMOL
Posted 18 December 2014 - 01:38 PM

EMLMOL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Chris at 2014-12-18 14:09:31
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
 
================== Search Registry: "YTD Toolbar" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F4403BDEB744014A8DE0D4B30C8CC08]
"ProductName"="YTD Toolbar v10.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\Res\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\Res\Lang\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\IE\10.3\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1039F8C12A30A304D910F4156F6CB9D6]
"4F4403BDEB744014A8DE0D4B30C8CC08"="C:\Program Files (x86)\YTD Toolbar\IE\10.3\ytdToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A]
"4F4403BDEB744014A8DE0D4B30C8CC08"="C:\Program Files (x86)\YTD Toolbar\Res\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38FE02D4E14502B43B7E7F7DAEA50FF6]
"4F4403BDEB744014A8DE0D4B30C8CC08"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854D7616DD752AA439F2BD7B7AA4E253]
"4F4403BDEB744014A8DE0D4B30C8CC08"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C]
"4F4403BDEB744014A8DE0D4B30C8CC08"="C:\Program Files (x86)\YTD Toolbar\WidgiHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD1B33C4DAE26564DBAE2830EF3B9014]
"4F4403BDEB744014A8DE0D4B30C8CC08"="C:\Program Files (x86)\YTD Toolbar\Res\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4F4403BDEB744014A8DE0D4B30C8CC08\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4F4403BDEB744014A8DE0D4B30C8CC08\InstallProperties]
"DisplayName"="YTD Toolbar v10.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB3044F4-47BE-4104-8AED-D0B4038CCC80}]
"InstallLocation"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB3044F4-47BE-4104-8AED-D0B4038CCC80}]
"DisplayName"="YTD Toolbar v10.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD]
"installDir"="C:\Program Files (x86)\YTD Toolbar\"
 
====== End Of Search ======
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Chris at 2014-12-18 14:10:12 Run:2
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris & UpdatusUser (Available profiles: Chris & UpdatusUser & Kids)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
BootExecute: autocheck autochk * sdnclean64.exe
2014-12-13 07:17 - 2014-12-13 07:17 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-13 07:16 - 2014-12-16 20:06 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-13 07:16 - 2014-12-16 19:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-11 22:49 - 2014-12-16 20:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-16 20:06 - 2013-07-11 13:26 - 00000000 ____D () C:\ProgramData\AVG2013
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
File:C:\Windows\System32\Drivers\ayokll7v.sys
EmptyTemp:
 
 
*****************
 
Restore point was successfully created.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Windows\System32\Tasks\Safer-Networking => Moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\ProgramData\Kaspersky Lab => Moved successfully.
C:\ProgramData\AVG2013 => Moved successfully.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========================= File:C:\Windows\System32\Drivers\ayokll7v.sys ========================
 
MD5: 
Creation and modification date:  - 
Size: 0000000
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: atapi.sys
Original Name: atapi.sys
Product Name: Microsoft® Windows® Operating System
Description: ATAPI IDE Miniport Driver
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Version: 6.1.7600.16385
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End Of File: ======
 
EmptyTemp: => Removed 523.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/18/2014
Scan Time: 2:14:00 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.18.04
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420510
Time Elapsed: 11 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#12
BrianDrab
Posted 19 December 2014 - 04:07 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank, you. We're almost done. Please follow the instructions below.
 
 
Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.96KB   174 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
 
Step#2 - Security Check
 
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
 
 
 
Step#3 - Panda Cloud Cleaner
 
1. Please download Panda Cloud Cleaner and save to your desktop. Alternate downloads are here and here.

2. Double-click on PandaCloudCleaner.exe >> when the Setup - Panda Cloud Cleaner window has loaded >> Next > >> Next >

3. Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan

4. Please be patient as the scan may take some time to complete depending on your system's specifications.

5. Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!

6. Now within the GUI click on the >(or any or them if multiple) tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt

7. Save this to your desktop and post the contents in your next reply.

8. Then click on Back >> Exit

Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.

 

  

 

Items for your next post

1. FRST Fix log

2. Security Check Log

3. Pando Cleaner log


  • 0

#13
EMLMOL
Posted 19 December 2014 - 05:51 PM

EMLMOL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Chris at 2014-12-19 18:14:49 Run:3
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris & UpdatusUser (Available profiles: Chris & UpdatusUser & Kids)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
reg: reg delete "HKLM\SOFTWARE\Classes\Installer\Products\4F4403BDEB744014A8DE0D4B30C8CC08" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\\" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\Res\\" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\Res\Lang\\" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\IE\10.3\\" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\IE\\" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1039F8C12A30A304D910F4156F6CB9D6" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38FE02D4E14502B43B7E7F7DAEA50FF6" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854D7616DD752AA439F2BD7B7AA4E253" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD1B33C4DAE26564DBAE2830EF3B9014" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4F4403BDEB744014A8DE0D4B30C8CC08" /F
reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB3044F4-47BE-4104-8AED-D0B4038CCC80}]" /F
reg: reg delete "HKLM\SOFTWARE\Wow6432Node\YTD" /F
C:\Program Files (x86)\YTD Toolbar
EmptyTemp:
 
*****************
 
Restore point was successfully created.
 
========= reg delete "HKLM\SOFTWARE\Classes\Installer\Products\4F4403BDEB744014A8DE0D4B30C8CC08" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\\" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\Res\\" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\Res\Lang\\" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\IE\10.3\\" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\YTD Toolbar\IE\\" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1039F8C12A30A304D910F4156F6CB9D6" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38FE02D4E14502B43B7E7F7DAEA50FF6" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854D7616DD752AA439F2BD7B7AA4E253" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD1B33C4DAE26564DBAE2830EF3B9014" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4F4403BDEB744014A8DE0D4B30C8CC08" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB3044F4-47BE-4104-8AED-D0B4038CCC80}]" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Wow6432Node\YTD" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
"C:\Program Files (x86)\YTD Toolbar" => File/Directory not found.
EmptyTemp: => Removed 247.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Norton Ghost    
 Panda Cloud Cleaner   
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
 
.. FILE: C:\USERS\CHRIS\APPDATA\LOCAL\JDOWNLOADER V2.0\JDOWNLOADER2UPDATE.EXE to be deleted.
 
. FILE: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk to be deleted.
 
. FILE: C:\USERS\CHRIS\APPDATA\LOCAL\JDOWNLOADER V2.0\UNINSTALL JDOWNLOADER.EXE to be deleted.
 
. FILE: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Uninstaller.lnk to be deleted.
 
. FILE: C:\USERS\CHRIS\APPDATA\LOCAL\JDOWNLOADER V2.0\JDOWNLOADER2.EXE to be deleted.
 
. FILE: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk to be deleted.
 
. FILE: C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk to be deleted.
 
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
 
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
 
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.
 
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

  • 0

#14
BrianDrab
Posted 20 December 2014 - 09:34 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

As long as you are satisfied with your machine and our assistance we are all set. I would suggest that if you don't use Java or don't know if you use Java that you uninstall this program. It's highly exploited. More info is below. You will see Java 8 Update 25 (64-bit) in Add/Remove programs.

 

 

OK! Well done, your computer is clean again! xthumbsup.gif.pagespeed.ic.7aXFW0A4z_RIS Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.

Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
 
4. Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 25.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
8u25.JPG
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Java 8 Update 25 (64-bit)
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u25-windows-i586.exe or jre-8u25-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
 
5. Keep Adobe Reader Updated
Check to see what the latest major version of Adobe Reader is here. The full version is something like 11.0.06 for example but the major version is just the first number before the period so 11 in this case or XI.
Verify what version you have by doing the following.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Select About Adobe Reader
If your major version matches the major version from Adobe then perform the following steps.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Click Check for Updates
4. Allow any Updates to be downloaded and installed
5. If asked to reboot, please do.
6. Repeat these steps until you are told that no updates are available.
If your major version is lower than the major version from Adobe then perform the following steps.
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.
 

6. Antivirus - Preventative

Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is not actively monitoring your machine so it won't conflict with the Antivirus that you decide to install. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
7. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
New strains of this are coming out all the time. In fact a very new strain called VirRansom (which is a hybrid of CrytoLocker and CryptoWall) has recently been identified and it's a true self-replicating parasitic virus.

 

  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will then be prompted to apply all default protections. Answer Yes.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
Updates.JPG
 
 
8. Adobe Flash Player
There's a very nasty piece of malware going around right now called Cryptowall. It's very destructive and most recently the newest variant is exploiting unpatched versions of Adobe Flash. Let's make sure you get current.

 

1. Determine if you have the most current version by going to this website. If your version represented by the top box matches the version in the bottom box you are current.
VerifyVersion.JPG
 
2. If your version is older than the current then click on the Player Download Center link (shown in the screen shot above).
3. You will be brought to the install/update page. Ensure you uncheck any optional offers (unless you want them of course) and then click on Install Now.
Install.JPG
 
4. You may be prompted to run the installer. Go ahead and do this.
5. When it's complete, click Finish. You now have the latest version. You can verify by going back to this website if you feel the need.
 
 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe! Also Happy Holidays.

 

 
 
Items for your next post.
Contents of the Delfix log.


  • 0

#15
EMLMOL
Posted 20 December 2014 - 12:14 PM

EMLMOL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks you for all your help!
 
What kind of malware did I have that was causing the problem?
 
The system is running just fine right now. No problems.
Happy Holidays and thank you for your time.
 
 
 
# DelFix v10.8 - Logfile created 20/12/2014 at 12:55:02
# Updated 29/07/2014 by Xplode
# Username : Chris - DESKTOP
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Chris\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.0.0.41_11.12.2014_22.34.08_log.txt
Deleted : C:\TDSSKiller.3.0.0.41_11.12.2014_22.34.47_log.txt
Deleted : C:\Users\Chris\Desktop\Addition.txt
Deleted : C:\Users\Chris\Desktop\AdwCleaner.exe
Deleted : C:\Users\Chris\Desktop\aswMBR.exe
Deleted : C:\Users\Chris\Desktop\aswMBR.txt
Deleted : C:\Users\Chris\Desktop\Extras.Txt
Deleted : C:\Users\Chris\Desktop\Fixlog.txt
Deleted : C:\Users\Chris\Desktop\FRST.txt
Deleted : C:\Users\Chris\Desktop\FRST64.exe
Deleted : C:\Users\Chris\Desktop\JRT.exe
Deleted : C:\Users\Chris\Desktop\JRT.txt
Deleted : C:\Users\Chris\Desktop\MBR.dat
Deleted : C:\Users\Chris\Desktop\OTL.Txt
Deleted : C:\Users\Chris\Desktop\OTL.exe
Deleted : C:\Users\Chris\Desktop\Search.txt
Deleted : C:\Users\Chris\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP