Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Searchscopes [Solved]

Malware sluggish machines infections malware removal searchscopes

  • This topic is locked This topic is locked

#1
rzrbck

rzrbck

    Member

  • Member
  • PipPip
  • 16 posts

I help diagnose and fix PCs for elderly and non-tech savvy people as part of my ministry.

 

Lately, I've been noticing a significant number of machines that have been very sluggish.  

 

I use the following AntiMalware Products:  Malwarebytes Premium, SuperAntispyware, Ccleaner, Glary Utilities, Hijack This, Rkill, and Adwcleaner.  

 

For Malware protection in browsers I use the following:

AdblockPlus, ghostery, Noscript

 

My antivirus preference:
On my personal machine:  Symantec Endpoint Security
On other's machines: Bitdefender  Free

 

The only program that finds the problem is Adwcleaner and the key usually resembles this: 

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

 

I have ran Malwarebytes, Rkill, Adwcleaner, SuperAntispyware, all in safe mode and their logs are readily available.

 

Additionally and per the FAQ page, I have ran OTL and posted the log is posted below:

OTL Extras logfile created on: 12/19/14 2:53:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ORNERY\Desktop
64bit- An unknown product  (Version = 6.3.9600) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy
 
11.99 Gb Total Physical Memory | 9.59 Gb Available Physical Memory | 80.01% Memory free
23.99 Gb Paging File | 21.67 Gb Available in Paging File | 90.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.47 Gb Total Space | 120.02 Gb Free Space | 50.33% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 528.55 Gb Free Space | 37.83% Space Free | Partition Type: NTFS
Drive E: | 2794.52 Gb Total Space | 1480.70 Gb Free Space | 52.99% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 387.94 Gb Free Space | 27.76% Space Free | Partition Type: NTFS
Drive J: | 931.41 Gb Total Space | 225.42 Gb Free Space | 24.20% Space Free | Partition Type: NTFS
Drive Q: | 465.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: SNOOPYII | User Name: ORNERY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0038741E-7020-409E-9BEA-75825DDD5F16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0BFEFA3E-CB3D-4C4A-818F-E59120339E1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{0DA913FC-36D4-4595-9323-5CF3B2D9F0CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45426F99-39C8-4BC8-A8B2-16E2F8506A74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5CE15CDA-DD2D-4301-9AA2-E76A1B8F2AD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{622A7ECA-4ADB-4082-8C34-4F57C6C2033A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{64B2075D-EF65-4848-BBE4-A2C177E69B3D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6C329D86-AC93-44F8-8532-8CFAD7BD8D3D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7072E831-483B-407B-A458-78CD6F6EE901}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{79F82A82-2B4E-4882-AB6C-570DFA6FD283}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{81A54D64-2845-4ED3-B54F-0D6ED0EFAE2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{94782F52-4EE1-48CD-A9FF-8BE882929F3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{AE4C6D47-A856-49E3-991E-EB954D7A8721}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE33761F-889F-4EF6-9B45-41D1799B2F3E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BF392255-3852-4BA8-BADC-0127B73A4AA5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C4339AA5-8F04-41A5-9565-B1A75DE6C82A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C4A1B2C9-D030-4C6F-B688-B274190F71E8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C6BC763F-00D1-4534-85F4-6AD2CD0D0C5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE061D7C-4B35-48E4-AA93-39AE3A1A557F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D1FA49CC-CB33-47F2-A381-E647AF7AC41F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D8FC7224-B0C4-44DC-9D23-3F580B6E8CAC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DF904244-D5A6-427A-9490-E11AA5512470}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F9E830E8-1C0C-476A-9F35-3E18B9C29A97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B1824A-518C-4AB9-A046-5E9AF259AC19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{04D928C0-2E95-4162-A120-5B459E748DA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{058982E6-D3DC-438C-9633-400BAE30C270}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{0757081F-7367-41EA-80BA-21BE6CE95854}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F09114F-1D03-49C6-815F-DBF904319026}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{130DCA9F-6CD9-43B6-BBB5-380AA1559F2B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{151400EF-880F-4145-BE99-A4B6BC2F03F9}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{190F8718-B142-4B64-BD4F-632E15092BB0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{26895B5C-F078-4084-9AFA-BD72E3F77877}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | 
"{27D0E4A2-D48C-44CF-A2CD-0CB33FFCDB2E}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\123copydvdplatinum.exe | 
"{2B2F120A-377C-4631-86D8-4F2A839C2DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\helper.exe | 
"{31D4B4D4-C8F6-4D96-B4D6-65334B7CA5F9}" = dir=in | name=skype | 
"{358A7D06-19C1-482F-85D1-273A20914171}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{39A8B52E-490F-4891-8ED2-39EEA1DA402B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\snac64.exe | 
"{3DD2043C-C395-4190-A040-B4C3A0C8DDC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3FEC0181-2914-43E4-8EC4-1213209B9A04}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{401200CB-4F2B-4EED-8A16-836EC9EBC82D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4764B5A8-6690-439A-A559-050416EC07E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4E18FD5E-9AF5-4017-8A27-3EED3FED8869}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{58E2DF6B-58E4-49F0-B911-3A8F9FDB99A8}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{5C4EE47D-3055-404C-AA32-FCB551073CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\helper.exe | 
"{5D75D50C-204A-485B-821D-B3F0DDE5CB4B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\smc.exe | 
"{5EDF11D1-CFA8-49D9-8253-A9B3FEB931A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{60EA1ECB-D518-4800-A69B-7EEFF986D146}" = protocol=58 | dir=in | [email protected],-28545 | 
"{6233EDDC-6774-4307-BCDA-F642F270B3C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6807EED9-1293-463B-9926-10324A6582A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E9DE8EA-2C0D-4C9F-8C3C-3A26D9843E09}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\123copydvdplatinum.exe | 
"{706FAE1B-15EE-47BC-B408-7479D3245BE7}" = protocol=17 | dir=in | app=c:\users\ornery\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7224A9F7-DE18-4601-85A0-042E67312808}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{73027832-3D77-43B7-A763-94F070216B73}" = protocol=1 | dir=out | [email protected],-28544 | 
"{73D71DBB-0702-4916-B1DB-34EC6B86EA9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{7FE62C8C-79C5-41C7-88A6-88DAD6CF397A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{8072AFB7-6465-4ECE-9DD5-D0B69F41D2C8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{80E6FF79-5B10-4C98-8339-C1CBD3DC57F4}" = protocol=6 | dir=out | app=system | 
"{82A83F68-8741-4FF1-B7D0-CB33337E860C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{84E57BE4-1AF1-4DCF-98F0-DD0C412908C5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | 
"{85AF647F-8F07-4D1C-9514-84F3BE521466}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | 
"{93D87E74-8DF5-4258-AF0C-ADF29BBF752C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{93F665FB-0A09-4EB3-A8BE-2C55587A5DB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{94C663AF-0416-4D4A-BF6C-6B5A792B5DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\smc.exe | 
"{96AB4054-8154-4619-87B7-4323EBE37870}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{96AB7489-F7A0-4CBE-A565-097BDB2C1EA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{974643CA-469F-40C0-A8E2-7B721A3D201C}" = protocol=6 | dir=in | app=c:\users\ornery\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A0D716BD-7522-4450-A1E4-03EF07AADD21}" = dir=out | name=skype | 
"{A35151F0-41BA-4AD7-B764-ADF9B5209D0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACCA4D46-F63E-43C1-B2FC-FC5834C17753}" = dir=out | [email protected]{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{B21DACE4-0933-4ABB-8F32-1901CEE67046}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{B381A568-E83F-4123-A68B-6D33A64041A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{B8C68FE3-653F-45C8-AEF8-0B631E839AE4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{BA85BB3C-32AD-4608-B4D5-22A2804EABA2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | 
"{BBDBC13D-4E6B-47DB-BF75-A998987BA77D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{BD5E9F7F-4108-417C-BC48-60BE68DD026B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | 
"{BD8C0BA9-D131-4BFC-B2B8-D1778BDD643C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C53476E4-7001-46B1-A815-4ECEED366992}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{CB09630B-1AA0-4B29-BAAE-AC661B98D769}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\snac64.exe | 
"{D2FE1F66-3B6E-46E8-B74D-7D157E474DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DB2F54A1-7EDC-40ED-BE69-5EDD2D015098}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | 
"{DB39683E-7C80-43F6-80D6-A736578DE2F1}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DB5A6A2A-50CF-4EF1-B36F-0B2A1309706C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E49FDBED-A6CB-42DB-A8A0-992D9B4440D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{E7A8E90A-1AB1-4FC1-9FB8-54B27CB1E39D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{EBEB7E81-F8B4-4F8F-A247-BB1CACD045E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{ED4F80E5-7110-4DC2-BC94-A5EB4FD7024A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE07A576-C28A-4130-B6AA-A4AA751455BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{F5AA858D-0155-46A2-82FF-BE38AD91B22A}" = protocol=1 | dir=in | [email protected],-28543 | 
"{F5FAA0B1-39A1-4415-9817-82752A8A905C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6F26F2D-3CAE-4577-967B-8E83FB72C6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F827B975-8282-4310-97FC-B05EB23514C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F92385BB-62DC-4DA2-AC07-84767FAE85D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{FEF29FB5-01E3-4659-B5B4-344F9629565F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F06417067FF}" = Java 7 Update 67 (64-bit)
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X version 5.30
"{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}" = AMD Catalyst Install Manager
"{41F22D89-7F71-E83A-08E7-7E7473F4A55D}" = AMD Accelerated Video Transcoding
"{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}" = WD My Cloud
"{49C2B7C1-A4E7-4770-8E30-255795AD4712}" = HP Officejet Pro 8500 A909 Series
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.1
"{69F860CB-69A0-991D-C0A7-2967286A8DDC}" = ccc-utility64
"{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B53661DC-CD94-4B14-B15F-D9DDCFF72558}" = Symantec Endpoint Protection
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Speccy" = Speccy
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001296EA-6321-1D93-6D07-C56469336B6F}" = CCC Help Chinese Traditional
"{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1" = AOMEI Partition Assistant Pro Edition 5.6
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{08BF5606-B92B-91D9-550E-45C40EF82146}" = CCC Help Swedish
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0c8ebb00-4909-459c-8347-b2068b7f0319}" = OEM Share Pack
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11960C5F-F2A2-1A1C-F884-2579A22E70BA}" = CCC Help Finnish
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.20
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D968C74-5200-4331-F74D-83E30797B736}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2B6EDD-9374-B327-8F8E-E31AF6A805B0}" = CCC Help German
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{278D58D4-2B08-4ABF-957C-F0A2F8A1FBB7}_is1" = WonderFox DVD Video Converter version 7.0
"{285722F0-59D5-9468-BA6F-72985A2CE931}" = CCC Help Czech
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2B68CAC1-5B99-3465-8982-E4FAB2AE036A}" = CCC Help Russian
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{31AC9515-5F70-41D1-F740-B1978B8D48EA}" = CCC Help Greek
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{3AE82D96-752D-1505-8F07-FF9504D6D0E5}" = Catalyst Control Center Localization All
"{3CE42A9D-F659-4FF0-87EB-A14699AB2D1C}_is1" = Video to Picture version 5.0
"{3D2E0EFF-7E27-ED90-809A-7E59FB05AE63}" = CCC Help Portuguese
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{481C8C2A-D764-E7B9-8155-316540E71082}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCA6934-2AE3-4ACA-9931-A6D38A3EDB13}" = BPDSoftware
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{565B9F3F-3617-6859-B821-6F103537489D}" = CCC Help Danish
"{59F0E916-7B87-4F09-888B-850F3F0700B5}" = Catalyst Control Center - Branding
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{6EB5B377-BD22-2E2E-772F-4A993EAC38FD}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714549D0-C470-4757-B10C-FB932F3C98D0}}_is1" = Aneesoft Flash Gallery Classic
"{76BAD284-3559-25EE-AB8C-FBAA8042B24B}" = CCC Help English
"{777C7020-402D-4F73-D4C8-B375AFB5CFF7}" = CCC Help Polish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{7E090AA3-1AA3-749F-4C2F-16CDB816651F}" = CCC Help Turkish
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{8162B13E-896E-40DF-EB30-5252BF25CC03}" = CCC Help Norwegian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8689A64A-60C9-B821-EF82-89C8D3A12B91}" = VUDU To Go
"{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}" = HydraVision
"{8A17260E-6572-1DE2-6E73-C297A31093C1}" = CCC Help Chinese Standard
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8E0AFE95-5099-1CB1-A3D1-1BFB2546F1F1}" = CCC Help Thai
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink MediaShow 6
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A83F6EE0-A42E-66D8-88B6-90A475602565}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup 2.6
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{C086E8FA-7445-4E07-1310-4616EC120EE7}" = CCC Help Dutch
"{C2F88EE6-D343-F986-E8F1-F012B294CEA7}" = CCC Help Korean
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{C92AB6F1-9C93-0F51-ED50-15ABBCBDD142}_is1" = Ashampoo Snap 7 v.7.0.10
"{CCE2DCFE-4A89-4BC0-B3EF-6A3F8E30A2D6}" = CyberLink OEM Share Pack 2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CF0228E9-A5A7-4703-A0A5-F5E3532937B4}" = ProductContext
"{D8735515-0DB5-DCBD-C303-37D32DE4363F}" = CCC Help Japanese
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5
"{E4F406B9-319B-2C33-54CE-84A46DA47BFB}" = CCC Help French
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EC0FD3E2-A241-4D37-BF16-7815EC1E7A29}_is1" = Video Rotator V1.0.9
"{EC58A9C9-22D8-FA14-785E-37B8C290AA8D}" = CCC Help Spanish
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{F132000C-1CBA-458F-BF2F-FD43D59410F9}" = LightScribe System Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC125E14-4162-49BE-8BE9-AA4E2D6A9BE9}" = 8500A909a
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"123CopyDVDPlatinum 2012" = 123CopyDVDPlatinum
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced Renamer_is1" = Advanced Renamer
"Audacity_is1" = Audacity 2.0.6
"AviSynth" = AviSynth 2.5
"BackRex Outlook Backup Demo" = BackRex Outlook Backup Demo
"com.vudu.air.Downloader" = VUDU To Go
"Cook'n" = Cook'n
"Cool Record Edit Pro_is1" = Cool Record Edit Pro v8.8.3
"EaseUS Partition Master Trial Edition_is1" = EaseUS Partition Master 10.1 Trial Edition
"Glary Utilities 5" = Glary Utilities PRO 5.14
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"LeaderTask_is1" = LeaderTask 9.0
"MagniDriver" = marvell 91xx driver
"MakeMKV" = MakeMKV v1.9.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 34.0 (x86 en-US)" = Mozilla Firefox 34.0 (x86 en-US)
"Mozilla Thunderbird 31.3.0 (x86 en-US)" = Mozilla Thunderbird 31.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"Office14.SingleImage" = Microsoft Office Professional 2010
"Revo Uninstaller" = Revo Uninstaller 1.95
"TeamViewer" = TeamViewer 10
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player
"Wise Care 365_is1" = Wise Care 365 3.34
"WUCCCApp" = Catalyst Control Center
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = f.lux
 
========== Last 20 Event Log Errors ==========
 
[ Symantec Endpoint Protection Client Events ]
Error - 9/5/14 11:48:24 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Suspicious.MH690 in File: D:\IMPORTANT BACKUPS\ANGLER\Retrospect
 Copies\Backup of Local Disk ©\Program Files\support.com\client\bin\ResetTMID.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 9/19/14 3:07:38 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Suspicious.MH690 in File: E:\ANGLER\Retrospect
 Copies\Backup of Local Disk ©\Program Files\support.com\client\bin\ResetTMID.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 11/10/14 11:41:22 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: d:\important backups\snoopyii
 install0n 1172012\software\winzip170.exe by: Manual scan.  Action: Quarantine succeeded.
  Action Description: The file was quarantined successfully.
 
Error - 11/10/14 8:33:02 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: j:\users\ornery\downloads\malware
 toolkit\combofix.exe by: Manual scan.  Action: Quarantine succeeded.  Action Description:
 The file was quarantined successfully.
 
Error - 11/14/14 6:13:14 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.ADH.2 in File: S:\BERTA\Berta\Downloads\libreoffice_d154772.exe
 by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description: The file
 was deleted successfully.
 
Error - 11/14/14 6:13:40 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!RegCleanPro in File: S:\BERTA\Berta\Downloads\rcpafterdownloadcm_ad_13375_cm4.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 11/14/14 6:41:32 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.ADH.2 in File: F:\BERTA\DOWNLOADS\libreoffice_d154772.exe
 by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description: The file
 was deleted successfully.
 
Error - 11/14/14 6:41:55 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!RegCleanPro in File: F:\BERTA\DOWNLOADS\rcpsetup_r.exe
 by: Auto-Protect scan.  Action: Quarantine failed : Access denied.  Action Description:
 The file was left unchanged.
 
Error - 11/24/14 10:13:15 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!WS.Reputation.1 in File: c:\users\ornery\downloads\chrome_updater.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded.  Action Description: The 
file was quarantined successfully.
 
Error - 12/7/14 3:31:43 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: H:\MALWARE TOOLKIT\ComboFix.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
[ System Events ]
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
OTL Extras logfile created on: 12/19/14 2:53:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ORNERY\Desktop
64bit- An unknown product  (Version = 6.3.9600) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy
 
11.99 Gb Total Physical Memory | 9.59 Gb Available Physical Memory | 80.01% Memory free
23.99 Gb Paging File | 21.67 Gb Available in Paging File | 90.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.47 Gb Total Space | 120.02 Gb Free Space | 50.33% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 528.55 Gb Free Space | 37.83% Space Free | Partition Type: NTFS
Drive E: | 2794.52 Gb Total Space | 1480.70 Gb Free Space | 52.99% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 387.94 Gb Free Space | 27.76% Space Free | Partition Type: NTFS
Drive J: | 931.41 Gb Total Space | 225.42 Gb Free Space | 24.20% Space Free | Partition Type: NTFS
Drive Q: | 465.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: SNOOPYII | User Name: ORNERY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0038741E-7020-409E-9BEA-75825DDD5F16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0BFEFA3E-CB3D-4C4A-818F-E59120339E1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{0DA913FC-36D4-4595-9323-5CF3B2D9F0CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45426F99-39C8-4BC8-A8B2-16E2F8506A74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5CE15CDA-DD2D-4301-9AA2-E76A1B8F2AD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{622A7ECA-4ADB-4082-8C34-4F57C6C2033A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{64B2075D-EF65-4848-BBE4-A2C177E69B3D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6C329D86-AC93-44F8-8532-8CFAD7BD8D3D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7072E831-483B-407B-A458-78CD6F6EE901}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{79F82A82-2B4E-4882-AB6C-570DFA6FD283}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{81A54D64-2845-4ED3-B54F-0D6ED0EFAE2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{94782F52-4EE1-48CD-A9FF-8BE882929F3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{AE4C6D47-A856-49E3-991E-EB954D7A8721}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE33761F-889F-4EF6-9B45-41D1799B2F3E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BF392255-3852-4BA8-BADC-0127B73A4AA5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C4339AA5-8F04-41A5-9565-B1A75DE6C82A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C4A1B2C9-D030-4C6F-B688-B274190F71E8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C6BC763F-00D1-4534-85F4-6AD2CD0D0C5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE061D7C-4B35-48E4-AA93-39AE3A1A557F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D1FA49CC-CB33-47F2-A381-E647AF7AC41F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D8FC7224-B0C4-44DC-9D23-3F580B6E8CAC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DF904244-D5A6-427A-9490-E11AA5512470}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F9E830E8-1C0C-476A-9F35-3E18B9C29A97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B1824A-518C-4AB9-A046-5E9AF259AC19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{04D928C0-2E95-4162-A120-5B459E748DA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{058982E6-D3DC-438C-9633-400BAE30C270}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{0757081F-7367-41EA-80BA-21BE6CE95854}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F09114F-1D03-49C6-815F-DBF904319026}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{130DCA9F-6CD9-43B6-BBB5-380AA1559F2B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{151400EF-880F-4145-BE99-A4B6BC2F03F9}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{190F8718-B142-4B64-BD4F-632E15092BB0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{26895B5C-F078-4084-9AFA-BD72E3F77877}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | 
"{27D0E4A2-D48C-44CF-A2CD-0CB33FFCDB2E}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\123copydvdplatinum.exe | 
"{2B2F120A-377C-4631-86D8-4F2A839C2DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\helper.exe | 
"{31D4B4D4-C8F6-4D96-B4D6-65334B7CA5F9}" = dir=in | name=skype | 
"{358A7D06-19C1-482F-85D1-273A20914171}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{39A8B52E-490F-4891-8ED2-39EEA1DA402B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\snac64.exe | 
"{3DD2043C-C395-4190-A040-B4C3A0C8DDC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3FEC0181-2914-43E4-8EC4-1213209B9A04}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{401200CB-4F2B-4EED-8A16-836EC9EBC82D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4764B5A8-6690-439A-A559-050416EC07E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4E18FD5E-9AF5-4017-8A27-3EED3FED8869}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{58E2DF6B-58E4-49F0-B911-3A8F9FDB99A8}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{5C4EE47D-3055-404C-AA32-FCB551073CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\helper.exe | 
"{5D75D50C-204A-485B-821D-B3F0DDE5CB4B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\smc.exe | 
"{5EDF11D1-CFA8-49D9-8253-A9B3FEB931A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{60EA1ECB-D518-4800-A69B-7EEFF986D146}" = protocol=58 | dir=in | [email protected],-28545 | 
"{6233EDDC-6774-4307-BCDA-F642F270B3C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6807EED9-1293-463B-9926-10324A6582A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E9DE8EA-2C0D-4C9F-8C3C-3A26D9843E09}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\123copydvdplatinum.exe | 
"{706FAE1B-15EE-47BC-B408-7479D3245BE7}" = protocol=17 | dir=in | app=c:\users\ornery\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7224A9F7-DE18-4601-85A0-042E67312808}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{73027832-3D77-43B7-A763-94F070216B73}" = protocol=1 | dir=out | [email protected],-28544 | 
"{73D71DBB-0702-4916-B1DB-34EC6B86EA9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{7FE62C8C-79C5-41C7-88A6-88DAD6CF397A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{8072AFB7-6465-4ECE-9DD5-D0B69F41D2C8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{80E6FF79-5B10-4C98-8339-C1CBD3DC57F4}" = protocol=6 | dir=out | app=system | 
"{82A83F68-8741-4FF1-B7D0-CB33337E860C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{84E57BE4-1AF1-4DCF-98F0-DD0C412908C5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | 
"{85AF647F-8F07-4D1C-9514-84F3BE521466}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | 
"{93D87E74-8DF5-4258-AF0C-ADF29BBF752C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{93F665FB-0A09-4EB3-A8BE-2C55587A5DB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{94C663AF-0416-4D4A-BF6C-6B5A792B5DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\smc.exe | 
"{96AB4054-8154-4619-87B7-4323EBE37870}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{96AB7489-F7A0-4CBE-A565-097BDB2C1EA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{974643CA-469F-40C0-A8E2-7B721A3D201C}" = protocol=6 | dir=in | app=c:\users\ornery\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A0D716BD-7522-4450-A1E4-03EF07AADD21}" = dir=out | name=skype | 
"{A35151F0-41BA-4AD7-B764-ADF9B5209D0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACCA4D46-F63E-43C1-B2FC-FC5834C17753}" = dir=out | [email protected]{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{B21DACE4-0933-4ABB-8F32-1901CEE67046}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{B381A568-E83F-4123-A68B-6D33A64041A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{B8C68FE3-653F-45C8-AEF8-0B631E839AE4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{BA85BB3C-32AD-4608-B4D5-22A2804EABA2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | 
"{BBDBC13D-4E6B-47DB-BF75-A998987BA77D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{BD5E9F7F-4108-417C-BC48-60BE68DD026B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | 
"{BD8C0BA9-D131-4BFC-B2B8-D1778BDD643C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C53476E4-7001-46B1-A815-4ECEED366992}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{CB09630B-1AA0-4B29-BAAE-AC661B98D769}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\snac64.exe | 
"{D2FE1F66-3B6E-46E8-B74D-7D157E474DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DB2F54A1-7EDC-40ED-BE69-5EDD2D015098}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | 
"{DB39683E-7C80-43F6-80D6-A736578DE2F1}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DB5A6A2A-50CF-4EF1-B36F-0B2A1309706C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E49FDBED-A6CB-42DB-A8A0-992D9B4440D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{E7A8E90A-1AB1-4FC1-9FB8-54B27CB1E39D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{EBEB7E81-F8B4-4F8F-A247-BB1CACD045E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{ED4F80E5-7110-4DC2-BC94-A5EB4FD7024A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE07A576-C28A-4130-B6AA-A4AA751455BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{F5AA858D-0155-46A2-82FF-BE38AD91B22A}" = protocol=1 | dir=in | [email protected],-28543 | 
"{F5FAA0B1-39A1-4415-9817-82752A8A905C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6F26F2D-3CAE-4577-967B-8E83FB72C6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F827B975-8282-4310-97FC-B05EB23514C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F92385BB-62DC-4DA2-AC07-84767FAE85D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{FEF29FB5-01E3-4659-B5B4-344F9629565F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F06417067FF}" = Java 7 Update 67 (64-bit)
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X version 5.30
"{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}" = AMD Catalyst Install Manager
"{41F22D89-7F71-E83A-08E7-7E7473F4A55D}" = AMD Accelerated Video Transcoding
"{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}" = WD My Cloud
"{49C2B7C1-A4E7-4770-8E30-255795AD4712}" = HP Officejet Pro 8500 A909 Series
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.1
"{69F860CB-69A0-991D-C0A7-2967286A8DDC}" = ccc-utility64
"{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B53661DC-CD94-4B14-B15F-D9DDCFF72558}" = Symantec Endpoint Protection
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Speccy" = Speccy
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001296EA-6321-1D93-6D07-C56469336B6F}" = CCC Help Chinese Traditional
"{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1" = AOMEI Partition Assistant Pro Edition 5.6
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{08BF5606-B92B-91D9-550E-45C40EF82146}" = CCC Help Swedish
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0c8ebb00-4909-459c-8347-b2068b7f0319}" = OEM Share Pack
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11960C5F-F2A2-1A1C-F884-2579A22E70BA}" = CCC Help Finnish
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.20
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D968C74-5200-4331-F74D-83E30797B736}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2B6EDD-9374-B327-8F8E-E31AF6A805B0}" = CCC Help German
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{278D58D4-2B08-4ABF-957C-F0A2F8A1FBB7}_is1" = WonderFox DVD Video Converter version 7.0
"{285722F0-59D5-9468-BA6F-72985A2CE931}" = CCC Help Czech
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2B68CAC1-5B99-3465-8982-E4FAB2AE036A}" = CCC Help Russian
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{31AC9515-5F70-41D1-F740-B1978B8D48EA}" = CCC Help Greek
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{3AE82D96-752D-1505-8F07-FF9504D6D0E5}" = Catalyst Control Center Localization All
"{3CE42A9D-F659-4FF0-87EB-A14699AB2D1C}_is1" = Video to Picture version 5.0
"{3D2E0EFF-7E27-ED90-809A-7E59FB05AE63}" = CCC Help Portuguese
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{481C8C2A-D764-E7B9-8155-316540E71082}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCA6934-2AE3-4ACA-9931-A6D38A3EDB13}" = BPDSoftware
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{565B9F3F-3617-6859-B821-6F103537489D}" = CCC Help Danish
"{59F0E916-7B87-4F09-888B-850F3F0700B5}" = Catalyst Control Center - Branding
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{6EB5B377-BD22-2E2E-772F-4A993EAC38FD}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714549D0-C470-4757-B10C-FB932F3C98D0}}_is1" = Aneesoft Flash Gallery Classic
"{76BAD284-3559-25EE-AB8C-FBAA8042B24B}" = CCC Help English
"{777C7020-402D-4F73-D4C8-B375AFB5CFF7}" = CCC Help Polish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{7E090AA3-1AA3-749F-4C2F-16CDB816651F}" = CCC Help Turkish
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{8162B13E-896E-40DF-EB30-5252BF25CC03}" = CCC Help Norwegian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8689A64A-60C9-B821-EF82-89C8D3A12B91}" = VUDU To Go
"{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}" = HydraVision
"{8A17260E-6572-1DE2-6E73-C297A31093C1}" = CCC Help Chinese Standard
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8E0AFE95-5099-1CB1-A3D1-1BFB2546F1F1}" = CCC Help Thai
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink MediaShow 6
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A83F6EE0-A42E-66D8-88B6-90A475602565}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup 2.6
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{C086E8FA-7445-4E07-1310-4616EC120EE7}" = CCC Help Dutch
"{C2F88EE6-D343-F986-E8F1-F012B294CEA7}" = CCC Help Korean
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{C92AB6F1-9C93-0F51-ED50-15ABBCBDD142}_is1" = Ashampoo Snap 7 v.7.0.10
"{CCE2DCFE-4A89-4BC0-B3EF-6A3F8E30A2D6}" = CyberLink OEM Share Pack 2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CF0228E9-A5A7-4703-A0A5-F5E3532937B4}" = ProductContext
"{D8735515-0DB5-DCBD-C303-37D32DE4363F}" = CCC Help Japanese
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5
"{E4F406B9-319B-2C33-54CE-84A46DA47BFB}" = CCC Help French
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EC0FD3E2-A241-4D37-BF16-7815EC1E7A29}_is1" = Video Rotator V1.0.9
"{EC58A9C9-22D8-FA14-785E-37B8C290AA8D}" = CCC Help Spanish
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{F132000C-1CBA-458F-BF2F-FD43D59410F9}" = LightScribe System Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC125E14-4162-49BE-8BE9-AA4E2D6A9BE9}" = 8500A909a
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"123CopyDVDPlatinum 2012" = 123CopyDVDPlatinum
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced Renamer_is1" = Advanced Renamer
"Audacity_is1" = Audacity 2.0.6
"AviSynth" = AviSynth 2.5
"BackRex Outlook Backup Demo" = BackRex Outlook Backup Demo
"com.vudu.air.Downloader" = VUDU To Go
"Cook'n" = Cook'n
"Cool Record Edit Pro_is1" = Cool Record Edit Pro v8.8.3
"EaseUS Partition Master Trial Edition_is1" = EaseUS Partition Master 10.1 Trial Edition
"Glary Utilities 5" = Glary Utilities PRO 5.14
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"LeaderTask_is1" = LeaderTask 9.0
"MagniDriver" = marvell 91xx driver
"MakeMKV" = MakeMKV v1.9.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 34.0 (x86 en-US)" = Mozilla Firefox 34.0 (x86 en-US)
"Mozilla Thunderbird 31.3.0 (x86 en-US)" = Mozilla Thunderbird 31.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"Office14.SingleImage" = Microsoft Office Professional 2010
"Revo Uninstaller" = Revo Uninstaller 1.95
"TeamViewer" = TeamViewer 10
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player
"Wise Care 365_is1" = Wise Care 365 3.34
"WUCCCApp" = Catalyst Control Center
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = f.lux
 
========== Last 20 Event Log Errors ==========
 
[ Symantec Endpoint Protection Client Events ]
Error - 9/5/14 11:48:24 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Suspicious.MH690 in File: D:\IMPORTANT BACKUPS\ANGLER\Retrospect
 Copies\Backup of Local Disk ©\Program Files\support.com\client\bin\ResetTMID.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 9/19/14 3:07:38 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Suspicious.MH690 in File: E:\ANGLER\Retrospect
 Copies\Backup of Local Disk ©\Program Files\support.com\client\bin\ResetTMID.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 11/10/14 11:41:22 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: d:\important backups\snoopyii
 install0n 1172012\software\winzip170.exe by: Manual scan.  Action: Quarantine succeeded.
  Action Description: The file was quarantined successfully.
 
Error - 11/10/14 8:33:02 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: j:\users\ornery\downloads\malware
 toolkit\combofix.exe by: Manual scan.  Action: Quarantine succeeded.  Action Description:
 The file was quarantined successfully.
 
Error - 11/14/14 6:13:14 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.ADH.2 in File: S:\BERTA\Berta\Downloads\libreoffice_d154772.exe
 by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description: The file
 was deleted successfully.
 
Error - 11/14/14 6:13:40 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!RegCleanPro in File: S:\BERTA\Berta\Downloads\rcpafterdownloadcm_ad_13375_cm4.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 11/14/14 6:41:32 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.ADH.2 in File: F:\BERTA\DOWNLOADS\libreoffice_d154772.exe
 by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description: The file
 was deleted successfully.
 
Error - 11/14/14 6:41:55 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!RegCleanPro in File: F:\BERTA\DOWNLOADS\rcpsetup_r.exe
 by: Auto-Protect scan.  Action: Quarantine failed : Access denied.  Action Description:
 The file was left unchanged.
 
Error - 11/24/14 10:13:15 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!WS.Reputation.1 in File: c:\users\ornery\downloads\chrome_updater.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded.  Action Description: The 
file was quarantined successfully.
 
Error - 12/7/14 3:31:43 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: H:\MALWARE TOOLKIT\ComboFix.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
[ System Events ]
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
 

Thanking you in advance for the effort and time it takes to review and assist in removing malware infections.  Your help in identifying and removing this searchscope nuisance is sincerely appreciated!  


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
  • Step 1

    Download both versions of Farbar Recovery Scan Tool by Farbar from the links below and save them to your desktop.

    '32-bit'
    '64-bit'
    • Simply double-click the program icon to run it. It will ask for administrator privileges. If the first one you tried does not work, try the other version.
    • The program will initialize. Press Yes to accept the disclaimer.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Step 2

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
    • checkup.txt (SecurityCheck)

  • 0

#3
rzrbck

rzrbck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thanks for helping me resolve this issue

Per your request,  the first Farbar Recovery info:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014
Ran by ORNERY (administrator) on SNOOPYII on 21-12-2014 00:37:10
Running from C:\Users\ORNERY\Desktop\MALWARE CLEANUP
Loaded Profile: ORNERY (Available profiles: ORNERY & DefaultAppPool)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Flux Software LLC) C:\Users\ORNERY\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [701736 2012-02-02] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [107816 2011-10-27] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [487720 2012-02-16] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2012-03-06] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [236656 2012-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [377880 2013-11-29] (CyberLink Corp.)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Run: [f.lux] => C:\Users\ORNERY\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-12-07] (Glarysoft Ltd)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22035560 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Run: [StartMenuX83] => C:\Program Files\Start Menu X\StartMenuX.exe [7676224 2014-11-26] (OrdinarySoft)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7676224 2014-11-26] (OrdinarySoft)
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\RunOnce: [Adobe Speed Launcher] => 1419053917
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\MountPoints2: {3d204201-348a-11e4-8254-485b3931c18e} - "Q:\PC-Installer.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\ORNERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\eilbmdnu.Default User
FF Homepage: hxxp://www.foxnews.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\searchplugins\firefox-add-ons.xml
FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\trash [2014-10-06]
FF Extension: Disconnect - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] [2014-09-23]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] [2014-09-04]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] [2014-09-04]
FF Extension: Ghostery - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] [2014-09-04]
FF Extension: Hola Unblocker - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] [2014-09-04]
FF Extension: NoSquint - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] [2014-09-04]
FF Extension: Disable Anti-Adblock - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2014-09-04]
FF Extension: Adblock Edge - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-09-04]
FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\eilbmdnu.Default User\Extensions\[email protected] [2014-10-06]
FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\eilbmdnu.Default User\Extensions\[email protected] [2014-10-06]
FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\eilbmdnu.Default User\Extensions\[email protected] [2014-10-18]
FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\eilbmdnu.Default User\Extensions\[email protected] [2014-10-06]
FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\eilbmdnu.Default User\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-17]
FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\eilbmdnu.Default User\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF Extension: Disable Anti-Adblock - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\eilbmdnu.Default User\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2014-10-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.foxnews.com/
CHR StartupUrls: Default -> "hxxp://www.foxnews.com/"
CHR Profile: C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-05]
CHR Extension: (Veetle) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\anmkomjokjgdndleofheimembpkhfheg [2014-09-05]
CHR Extension: (Google Docs) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-05]
CHR Extension: (Google Drive) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-05]
CHR Extension: (Adblock Plus) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-06]
CHR Extension: (Google Search) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-05]
CHR Extension: (Privacyfix) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapmpggpknigkjlcagmglikhoifepjki [2014-09-05]
CHR Extension: (Google Sheets) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-05]
CHR Extension: (Ghostery) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-05]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2014-09-05]
CHR Extension: (AutoZoom) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch [2014-09-26]
CHR Extension: (Gmail) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-05]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 123MediaStreamer; C:\Program Files (x86)\123CopyDVDPlatinum 2012\MediaStreamerService.exe [47616 2013-04-17] (Microsoft) [File not signed]
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85104 2012-09-18] ()
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-11-29] (CyberLink Corp.)
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [78352 2012-09-19] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [295440 2012-09-19] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-11-29] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-11-29] (CyberLink)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 1999-12-31] (DTS)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-09-04] (Macrovision Europe Ltd.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2012-04-25] ()
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-11-12] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-11-12] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-11-12] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-09-04] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-09-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-10-28] (WiseCleaner.com)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-11-12] (Symantec Corporation)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2012-02-02] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [377840 2012-02-02] (CyberLink Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-15] (Glarysoft Ltd)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141219.011\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141219.001\ENG64.SYS [129752 2014-08-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141219.001\EX64.SYS [2137304 2014-08-25] (Symantec Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-14] (Cyberlink Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-11-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-11-12] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-11-12] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-11-12] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-11-12] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\SymELAM.sys [23568 2013-11-12] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-11-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-11-12] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-09-04] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [92456 2013-11-12] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [146928 2012-09-19] (CyberLink Corp.)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [32456 2013-11-29] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 00:37 - 2014-12-21 00:37 - 00000000 ____D () C:\FRST
2014-12-21 00:33 - 2014-12-21 00:37 - 00000000 ____D () C:\Users\ORNERY\Desktop\MALWARE CLEANUP
2014-12-21 00:33 - 2014-12-21 00:33 - 00000000 ____D () C:\Users\ORNERY\Downloads\New folder
2014-12-19 03:48 - 2014-12-20 19:37 - 00290982 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 02:53 - 2014-12-19 02:53 - 00602112 _____ (OldTimer Tools) C:\Users\ORNERY\Desktop\OTL.exe
2014-12-19 02:39 - 2014-12-19 02:39 - 00388608 _____ (Trend Micro Inc.) C:\Users\ORNERY\Downloads\HijackThis.exe
2014-12-19 02:39 - 2014-12-19 02:39 - 00013813 _____ () C:\Users\ORNERY\Downloads\hijackthis.log
2014-12-19 02:19 - 2014-12-19 02:19 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\ORNERY\Downloads\rkill.exe
2014-12-19 02:16 - 2014-12-19 16:24 - 00000000 ____D () C:\Users\ORNERY\Documents\MALWARE TOOLKIT
2014-12-19 02:13 - 2014-12-19 02:13 - 00000000 ____D () C:\Windows\ERUNT
2014-12-19 02:12 - 2014-12-19 02:12 - 01707646 _____ (Thisisu) C:\Users\ORNERY\Downloads\JRT.exe
2014-12-19 01:55 - 2014-12-19 01:55 - 05686880 _____ (WiseCleaner.com ) C:\Users\ORNERY\Downloads\Wise_Care_365_v3.35.exe
2014-12-19 01:54 - 2014-12-19 01:54 - 07822880 _____ (TeamViewer GmbH) C:\Users\ORNERY\Downloads\TeamViewer_v10.0.36897.exe
2014-12-19 01:54 - 2014-12-19 01:54 - 05122624 _____ (Piriform Ltd) C:\Users\ORNERY\Downloads\Speccy_v1.27.703.exe
2014-12-19 01:29 - 2014-12-19 01:29 - 00000314 _____ () C:\Windows\PFRO.log
2014-12-19 00:53 - 2014-12-19 00:57 - 00688992 _____ (Swearware) C:\Users\ORNERY\Desktop\dds.com
2014-12-19 00:52 - 2014-12-19 00:56 - 00000000 ____D () C:\Users\ORNERY\Downloads\MALWARE TOOLKIT
2014-12-19 00:28 - 2014-12-19 00:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-19 00:27 - 2014-12-19 02:08 - 00000000 ____D () C:\Users\ORNERY\Desktop\mbar
2014-12-19 00:27 - 2014-12-19 00:27 - 16448208 _____ (Malwarebytes Corp.) C:\Users\ORNERY\Downloads\mbar-1.08.2.1001.exe
2014-12-18 23:59 - 2014-12-18 23:59 - 02166272 _____ () C:\Users\ORNERY\Downloads\adwcleaner_4.105.exe
2014-12-18 23:02 - 2014-12-18 23:02 - 00001155 _____ () C:\Users\ORNERY\Desktop\Aneesoft Flash Gallery Classic.lnk
2014-12-18 23:02 - 2014-12-18 23:02 - 00000000 ____D () C:\Users\ORNERY\Documents\Aneesoft Flash Gallery Classic
2014-12-18 23:02 - 2014-12-18 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aneesoft
2014-12-18 23:02 - 2014-12-18 23:02 - 00000000 ____D () C:\Program Files (x86)\Aneesoft
2014-12-18 23:01 - 2014-12-18 23:01 - 17421776 _____ (Aneesoft Corporation ) C:\Users\ORNERY\Downloads\aneesoft-flash-gallery-classic-December2014.exe
2014-12-17 05:02 - 2014-12-17 05:02 - 00001228 _____ () C:\Users\Public\Desktop\Cook'n.lnk
2014-12-17 05:02 - 2014-12-17 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVO Software Library
2014-12-17 02:34 - 2014-12-17 02:34 - 00153088 _____ () C:\Users\ORNERY\Documents\st. benedict.msg
2014-12-17 02:29 - 2014-12-17 15:22 - 00131584 ____T () C:\Users\ORNERY\Documents\Benedict cross meaning ver 1.pub
2014-12-17 01:02 - 2014-12-17 03:37 - 00000000 ____D () C:\Program Files (x86)\AOMEI Partition Assistant Pro Edition 5.6
2014-12-17 01:02 - 2014-12-17 01:02 - 00001266 _____ () C:\Users\Public\Desktop\AOMEI Partition Assistant Pro Edition 5.6.lnk
2014-12-17 01:02 - 2014-12-17 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Pro Edition 5.6
2014-12-17 01:01 - 2014-12-17 01:02 - 18598304 _____ () C:\Users\ORNERY\Downloads\AOMEIpartitionAssistantPro56.zip
2014-12-16 01:21 - 2014-12-16 01:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-12-16 01:20 - 2014-12-16 01:20 - 12335304 _____ (LightScribe) C:\Users\ORNERY\Downloads\LS_Update_1.18.27.10_.exe
2014-12-16 01:15 - 2014-12-16 01:15 - 00257798 _____ () C:\Users\ORNERY\Downloads\DVDScribeInstaller.exe
2014-12-16 01:15 - 2014-12-16 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDScribe
2014-12-16 01:15 - 2014-12-16 01:15 - 00000000 ____D () C:\Program Files (x86)\DVDScribe
2014-12-16 01:13 - 2014-12-16 01:13 - 11313456 _____ (LightScribe) C:\Users\ORNERY\Downloads\LightScribeTemplateLabeler_1.18.27.10.exe
2014-12-16 00:34 - 2014-12-16 00:40 - 00000000 ____D () C:\ProgramData\LightScribe
2014-12-15 10:20 - 2014-12-17 03:34 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\Wise Care 365
2014-12-15 10:20 - 2014-12-15 10:20 - 00001176 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-12-15 10:20 - 2014-12-15 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-12-15 10:20 - 2014-12-15 10:20 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-15 10:19 - 2014-12-15 10:19 - 05708248 _____ (WiseCleaner.com ) C:\Users\ORNERY\Downloads\WiseCare365_V3_bitsdujour.com-December2014.exe
2014-12-12 16:47 - 2014-12-12 16:47 - 00000000 ____D () C:\Users\ORNERY\Desktop\ANGEL
2014-12-12 12:05 - 2014-12-12 12:05 - 00913408 _____ (Microsoft Corporation) C:\Users\ORNERY\Downloads\mssstool64.exe
2014-12-12 12:05 - 2014-12-12 12:05 - 00913400 _____ (Microsoft Corporation) C:\Users\ORNERY\Downloads\mssstool32.exe
2014-12-12 10:27 - 2014-12-12 21:45 - 00000000 ____D () C:\Users\ORNERY\Desktop\RECOVER KEYS
2014-12-11 14:01 - 2014-12-11 14:01 - 02600440 _____ (Ashampoo GmbH & Co. KG ) C:\Users\ORNERY\Downloads\ashampoo_burning_studio_15_dl.exe
2014-12-11 12:36 - 2014-12-11 12:36 - 00367734 _____ () C:\Users\ORNERY\Downloads\MicrosoftFixit20056.mini.diagcab
2014-12-11 10:31 - 2014-12-11 10:31 - 18119856 _____ (Adobe Systems Incorporated) C:\Users\ORNERY\Downloads\Adobe_Flash_Player_(Non_IE)_v16.0.0.235.exe
2014-12-10 16:36 - 2014-12-10 16:36 - 11708609 ____N () C:\Users\ORNERY\Desktop\RCIA Liturgical Year 2014 Final Show.ppsx
2014-12-10 00:14 - 2014-12-18 23:58 - 00442880 ___SH () C:\Users\ORNERY\Downloads\Thumbs.db
2014-12-09 18:54 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 18:54 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 18:54 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 18:54 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 18:54 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 18:54 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 18:54 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 18:54 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 18:54 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 18:54 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 18:54 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 18:54 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-09 18:54 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 18:54 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 18:54 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 18:54 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-09 18:54 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-09 18:54 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-09 18:54 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 18:54 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 18:54 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 18:54 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 18:54 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 18:54 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 18:54 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-09 18:54 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 18:54 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 18:54 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-09 18:54 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 18:54 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-09 18:54 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 18:54 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 18:54 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 18:54 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 18:54 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 18:54 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 18:54 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 18:54 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 18:54 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 18:54 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-09 18:54 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-09 18:54 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 18:54 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 18:54 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-09 18:54 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-09 18:54 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-09 18:54 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-09 18:54 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-09 18:54 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-09 02:18 - 2014-12-09 16:31 - 00000000 ____D () C:\Users\ORNERY\Documents\DUPLEX
2014-12-08 16:08 - 2014-12-19 20:00 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-08 16:06 - 2014-12-08 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 16:05 - 2014-12-08 16:05 - 07654592 _____ (TeamViewer GmbH) C:\Users\ORNERY\Downloads\TeamViewer_v10.0.36244.exe
2014-12-08 16:04 - 2014-12-08 16:05 - 41353016 _____ (Dropbox, Inc.) C:\Users\ORNERY\Downloads\Dropbox_v2.10.45.exe
2014-12-08 16:04 - 2014-12-08 16:05 - 26481952 _____ (Mozilla) C:\Users\ORNERY\Downloads\Mozilla_Thunderbird_v31.3.0.exe
2014-12-08 11:35 - 2014-12-08 11:35 - 06050928 _____ (OrdinarySoft ) C:\Users\ORNERY\Downloads\StartMenuX_Setup_5_30 (1).exe
2014-12-08 11:17 - 2014-12-08 11:17 - 06050928 _____ (OrdinarySoft ) C:\Users\ORNERY\Downloads\StartMenuX_Setup_5_30.exe
2014-12-07 01:30 - 2014-12-19 03:02 - 00000000 ____D () C:\AdwCleaner
2014-12-07 01:30 - 2014-12-07 02:22 - 00000110 _____ () C:\AdwCleanerDebug.txt
2014-12-06 12:16 - 2014-12-06 12:16 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\Hulubulu
2014-12-06 12:16 - 2014-12-06 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer
2014-12-06 12:16 - 2014-12-06 12:16 - 00000000 ____D () C:\Program Files (x86)\Advanced Renamer
2014-12-06 12:15 - 2014-12-06 12:15 - 08429306 _____ (Hulubulu Software ) C:\Users\ORNERY\Downloads\advanced_renamer_setup.exe
2014-12-04 16:03 - 2014-12-04 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-12-04 16:03 - 2014-12-04 16:03 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-12-04 16:02 - 2014-12-04 16:02 - 65350992 _____ () C:\Users\ORNERY\Downloads\WDMyCloud_win.exe
2014-12-04 15:58 - 2014-12-04 16:03 - 00001169 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2014-12-04 15:58 - 2014-12-04 16:01 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\com.wd.WDMyCloud
2014-12-04 15:58 - 2014-12-04 15:58 - 00000204 _____ () C:\Users\ORNERY\Desktop\WD My Cloud Learning Center.url
2014-12-04 15:58 - 2014-12-04 15:58 - 00000156 _____ () C:\Users\ORNERY\Desktop\WD My Cloud Public Share.url
2014-12-04 15:58 - 2014-12-04 15:58 - 00000152 _____ () C:\Users\ORNERY\Desktop\WD My Cloud Dashboard.url
2014-12-04 15:58 - 2014-12-04 15:58 - 00000000 ____D () C:\ProgramData\Western Digital
2014-12-04 15:58 - 2014-12-04 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2014-12-04 15:58 - 2014-12-04 15:58 - 00000000 ____D () C:\ProgramData\Apple
2014-12-04 15:58 - 2014-12-04 15:58 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2014-12-04 15:58 - 2014-12-04 15:58 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-04 15:58 - 2014-12-04 15:58 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-04 15:55 - 2014-12-04 15:58 - 00000000 ____D () C:\Users\ORNERY\AppData\Local\Western Digital
2014-12-04 15:54 - 2014-12-04 15:55 - 71601392 _____ () C:\Users\ORNERY\Downloads\mc_windows_setup.exe
2014-12-04 13:41 - 2014-12-04 13:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ORNERY\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-04 01:40 - 2014-12-04 01:40 - 00002232 _____ () C:\Users\ORNERY\Desktop\CyberLink PowerDVD 12.lnk
2014-12-04 01:22 - 2014-12-04 01:23 - 167770536 _____ () C:\Users\ORNERY\Documents\PowerDVD_12.0.21513.3519_GM6_TaRe53_Patch_DVD130410-12.exe
2014-12-04 01:12 - 2014-12-04 01:14 - 162471144 _____ () C:\Users\ORNERY\Downloads\PowerDVD12.Patch.DVD120702-07.exe
2014-12-04 01:06 - 2014-12-10 10:32 - 00000000 ____D () C:\Users\ORNERY\Desktop\GIVEAWAY
2014-12-04 01:06 - 2014-12-04 01:06 - 00002056 _____ () C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2014-12-04 00:44 - 2014-12-04 00:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11
2014-12-04 00:41 - 2014-12-04 00:42 - 143899184 _____ () C:\Users\ORNERY\Downloads\CL.v3318_r77447_Ul_DVD120803-02.exe
2014-12-03 02:53 - 2014-12-05 14:39 - 00000000 ____D () C:\Users\ORNERY\Documents\BILLS
2014-12-02 02:29 - 2014-12-02 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-12-02 02:29 - 2014-12-02 02:29 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-12-02 02:29 - 2014-12-02 02:29 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-12-02 02:16 - 2014-12-02 02:17 - 31577029 _____ () C:\Users\ORNERY\Downloads\AshampooSnap7.zip
2014-12-01 03:46 - 2014-12-01 03:46 - 17923760 _____ (Adobe Systems Incorporated) C:\Users\ORNERY\Downloads\Adobe_Flash_Player_(Non_IE)_v15.0.0.239.exe
2014-11-30 23:30 - 2014-11-30 23:30 - 00000000 ____D () C:\Users\ORNERY\.MakeMKV
2014-11-30 23:28 - 2014-11-30 23:28 - 06403656 _____ (GuinpinSoft inc) C:\Users\ORNERY\Downloads\Setup_MakeMKV_v1.9.0.exe
2014-11-30 23:28 - 2014-11-30 23:28 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2014-11-30 23:28 - 2014-11-30 23:28 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2014-11-30 23:25 - 2014-11-30 23:25 - 00000000 ____D () C:\ProgramData\Bling Software LTD
2014-11-30 23:08 - 2014-11-30 23:08 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDUToGo.lnk
2014-11-30 23:08 - 2014-11-30 23:08 - 00000883 _____ () C:\Users\Public\Desktop\VUDUToGo.lnk
2014-11-30 23:08 - 2014-11-30 23:08 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\com.vudu.air.Downloader
2014-11-30 23:08 - 2014-11-30 23:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-11-30 23:08 - 2014-11-30 23:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-11-30 23:08 - 2014-11-30 23:08 - 00000000 ____D () C:\Program Files (x86)\VUDUToGo
2014-11-30 23:07 - 2014-11-30 23:07 - 03523696 _____ () C:\Users\ORNERY\Downloads\VUDUToGo.exe
2014-11-29 22:54 - 2014-11-29 22:54 - 00000000 ____D () C:\Users\ORNERY\AppData\Local\VS Revo Group
2014-11-29 22:54 - 2014-11-29 22:54 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-29 22:54 - 2014-11-29 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-29 22:54 - 2014-11-29 22:54 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-29 22:54 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-29 22:53 - 2014-11-29 22:53 - 10691640 _____ (VS Revo Group ) C:\Users\ORNERY\Downloads\RevoUninProSetup.exe
2014-11-29 21:40 - 2014-11-29 21:40 - 00000165 ____H () C:\Users\ORNERY\Documents\~$Useful Words 01182013.xlsx
2014-11-26 03:56 - 2014-11-26 03:56 - 05162080 _____ (Piriform Ltd) C:\Users\ORNERY\Downloads\CCleaner_v5.00.5050.exe
2014-11-21 16:21 - 2014-11-21 16:21 - 00853427 _____ () C:\Users\ORNERY\Downloads\HDDEraseWeb.zip
2014-11-21 00:03 - 2014-11-21 00:03 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-11-21 00:02 - 2014-11-21 00:13 - 00000000 ____D () C:\ProgramData\PDVD
2014-11-21 00:02 - 2014-11-21 00:02 - 00000000 ____D () C:\Users\ORNERY\AppData\Local\MediaServer
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 00:35 - 2014-09-04 22:40 - 00000000 ____D () C:\Users\ORNERY\Documents\Outlook Files
2014-12-21 00:32 - 2014-10-18 10:21 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 00:02 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-20 20:15 - 2014-10-14 00:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-20 19:17 - 2014-09-04 14:33 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1209595130-3215103928-1571922239-1001
2014-12-20 04:32 - 2014-09-05 01:19 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 23:53 - 2014-09-04 14:29 - 00996724 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 20:00 - 2014-09-04 16:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-19 19:50 - 2014-09-04 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-19 19:49 - 2014-09-04 20:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-19 19:49 - 2014-09-04 20:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-19 19:48 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 19:44 - 2014-09-04 16:53 - 00000352 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-12-19 19:43 - 2014-09-05 13:14 - 00091136 ___SH () C:\Users\ORNERY\Desktop\Thumbs.db
2014-12-19 16:43 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-19 11:34 - 2014-09-04 19:08 - 00000000 ____D () C:\Program Files (x86)\ABBYY PDF Transformer 3.0
2014-12-19 04:39 - 2014-11-10 00:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-19 03:48 - 2014-09-04 15:29 - 00023631 _____ () C:\Windows\system32\lvcoinst.log
2014-12-19 01:53 - 2014-09-04 16:53 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-12-19 01:49 - 2014-10-14 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 01:26 - 2014-09-10 20:14 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\TeamViewer
2014-12-19 01:01 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-19 00:53 - 2014-10-13 20:49 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\SpiderOak
2014-12-19 00:06 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-17 05:02 - 2014-09-04 18:18 - 00000000 ____D () C:\Users\ORNERY\AppData\Local\DVO
2014-12-17 04:20 - 2014-09-04 16:48 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\StartMenuX
2014-12-17 03:37 - 2014-09-05 16:31 - 00001024 ____H () C:\AMTAG.BIN
2014-12-16 11:57 - 2014-09-19 01:46 - 00000000 ____D () C:\Users\ORNERY\Documents\RECIPE
2014-12-16 01:24 - 2014-10-21 00:40 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-16 00:48 - 2014-09-04 18:15 - 00000000 ____D () C:\ProgramData\Temp
2014-12-16 00:48 - 2014-09-04 18:15 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-15 10:26 - 2014-09-04 17:21 - 00000000 ____D () C:\Windows\Panther
2014-12-12 19:41 - 2014-09-04 18:02 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-12 13:10 - 2014-09-04 17:29 - 00123392 _____ () C:\Users\ORNERY\Documents\Useful Words 01182013.xlsx
2014-12-12 10:27 - 2014-09-14 19:46 - 00000000 ____D () C:\Users\ORNERY\Documents\ORDERS
2014-12-11 10:29 - 2014-09-04 16:53 - 00002974 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-12-11 10:29 - 2014-09-04 16:53 - 00001108 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-12-11 10:28 - 2014-10-30 00:16 - 14742952 _____ () C:\Users\ORNERY\Downloads\gup5setup.exe
2014-12-11 10:25 - 2014-09-04 16:56 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 05:28 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 16:48 - 2014-11-19 09:31 - 00000000 ____D () C:\Users\ORNERY\Documents\RCIA
2014-12-10 05:03 - 2014-09-04 16:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 05:03 - 2013-08-22 08:44 - 00488832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-10 05:02 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 05:01 - 2014-09-21 16:32 - 00000000 ___RD () C:\Users\ORNERY\Dropbox
2014-12-10 00:14 - 2014-10-07 13:08 - 00000000 ____D () C:\Users\ORNERY\Downloads\ITBOOKS
2014-12-09 21:59 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-09 21:59 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-09 21:58 - 2014-09-04 19:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 19:02 - 2014-09-04 15:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 19:00 - 2014-09-04 15:22 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 02:09 - 2014-11-20 14:34 - 00000000 ____D () C:\Users\ORNERY\Documents\REBATES
2014-12-08 16:07 - 2014-09-04 16:55 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-08 16:07 - 2014-09-04 16:55 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\Dropbox
2014-12-08 16:06 - 2014-10-15 16:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-08 16:06 - 2014-09-04 16:54 - 00002114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-12-08 16:01 - 2014-09-04 16:48 - 00000000 ____D () C:\Program Files\Start Menu X
2014-12-08 11:19 - 2014-09-04 16:48 - 00000000 ____D () C:\ProgramData\StartMenuX
2014-12-08 11:19 - 2014-09-04 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu X
2014-12-05 04:43 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-12-04 13:42 - 2014-10-14 00:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-04 13:42 - 2014-09-04 14:28 - 00000000 ____D () C:\Users\ORNERY
2014-12-04 01:25 - 2014-09-04 18:18 - 00000000 ____D () C:\ProgramData\install_clap
2014-12-04 01:24 - 2014-09-04 17:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-04 01:11 - 2014-10-21 00:50 - 00000000 ____D () C:\Users\ORNERY\Documents\CyberLink
2014-12-04 01:11 - 2014-09-04 18:19 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\CyberLink
2014-12-04 01:08 - 2014-09-04 18:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2014-12-04 01:06 - 2014-09-04 18:16 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-04 01:04 - 2014-09-04 18:19 - 00000000 ____D () C:\Users\ORNERY\AppData\Local\Cyberlink
2014-12-02 14:50 - 2014-09-09 11:39 - 00000000 ____D () C:\Users\ORNERY\Documents\My Scans
2014-12-01 03:44 - 2014-10-05 05:00 - 00000000 ____D () C:\Windows\Minidump
2014-12-01 00:23 - 2014-09-04 18:20 - 00000000 ____D () C:\Program Files (x86)\123CopyDVDPlatinum 2012
2014-11-30 23:27 - 2014-09-04 18:22 - 01756657 _____ () C:\Users\ORNERY\Downloads\AddInSetup.exe
2014-11-30 23:08 - 2014-09-04 16:56 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-30 23:08 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-30 23:07 - 2014-09-04 14:28 - 00000000 ____D () C:\Users\ORNERY\AppData\Roaming\Adobe
2014-11-26 15:10 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:10 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 12:42 - 2014-09-04 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-26 03:54 - 2014-09-05 01:49 - 00000000 ____D () C:\Users\ORNERY\Documents\Cook'n Backups
2014-11-21 06:14 - 2014-10-14 00:07 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-10-14 00:07 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-10-14 00:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-20 05:30
 
==================== End Of Log ============================

  • 0

#4
rzrbck

rzrbck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Farbar Additions info:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014
Ran by ORNERY at 2014-12-21 00:37:42
Running from C:\Users\ORNERY\Desktop\MALWARE CLEANUP
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Symantec Endpoint Protection (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
123CopyDVDPlatinum (HKLM-x32\...\123CopyDVDPlatinum 2012) (Version: 2012 - Bling Software Ltd.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909a (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
ABBYY PDF Transformer 3.0 (HKLM-x32\...\ABBYY PDF Transformer 3.0) (Version: 3.00.317.68010 - ABBYY)
ABBYY PDF Transformer 3.0 (Version: 3.00.317.68010 - ABBYY) Hidden
Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.65 - Hulubulu Software)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Aneesoft Flash Gallery Classic (HKLM-x32\...\{714549D0-C470-4757-B10C-FB932F3C98D0}}_is1) (Version:  - Aneesoft Corporation)
AOMEI Partition Assistant Pro Edition 5.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Art Effects for PDR10 (HKLM-x32\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
Ashampoo Snap 7 v.7.0.10 (HKLM-x32\...\{C92AB6F1-9C93-0F51-ED50-15ABBCBDD142}_is1) (Version: 7.0.10 - Ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BackRex Outlook Backup Demo (HKLM-x32\...\BackRex Outlook Backup Demo) (Version: 2.9 - BackRex Software)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cook'n (HKLM-x32\...\Cook'n) (Version:  - )
Cool Record Edit Pro v8.8.3 (HKLM-x32\...\Cool Record Edit Pro_is1) (Version:  - Copyright© 2005-2014 CoolMedia, Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10 - CyberLink Corp.)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.3318.57 - CyberLink Corp.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.2 - DivX, Inc.)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EaseUS Partition Master 10.1 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
f.lux (HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\Flux) (Version:  - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Glary Utilities PRO 5.14 (HKLM-x32\...\Glary Utilities 5) (Version: 5.14.0.27 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8500 A909 Series (HKLM\...\{49C2B7C1-A4E7-4770-8E30-255795AD4712}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LeaderTask 9.0 (HKLM-x32\...\LeaderTask_is1) (Version:  - Organizer LeaderTask LLC)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
MakeMKV v1.9.0 (HKLM-x32\...\MakeMKV) (Version: v1.9.0 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1027 - Marvell)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MPM (HKLM-x32\...\{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}) (Version: 1.00.0000 - Hewlett-Packard)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OEM Share Pack (x32 Version: 2.0 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.20 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.20.104 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Start Menu X version 5.30 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.30 - OrdinarySoft)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Video Rotator V1.0.9 (HKLM-x32\...\{EC0FD3E2-A241-4D37-BF16-7815EC1E7A29}_is1) (Version:  - VideoRotator.com)
Video to Picture version 5.0 (HKLM-x32\...\{3CE42A9D-F659-4FF0-87EB-A14699AB2D1C}_is1) (Version: 5.0 - watermark-software.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.1.5 - Vudu)
VUDU To Go (x32 Version: 2.1.5 - Vudu) Hidden
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
Wise Care 365 3.34 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.34 - WiseCleaner.com, Inc.)
WonderFox DVD Video Converter version 7.0 (HKLM-x32\...\{278D58D4-2B08-4ABF-957C-F0A2F8A1FBB7}_is1) (Version: 7.0 - WonderFox Soft, Inc)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ORNERY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
09-12-2014 18:56:32 Windows Update
11-12-2014 12:36:45 Installed Microsoft Fix it Solution - 4E1293AF-F324-411D-BB3A-2ACF5B7A744E
15-12-2014 10:27:04 Created by Wise Care 365
16-12-2014 00:48:09 Installed Suite
16-12-2014 01:20:31 Installed LS_HSI.
19-12-2014 00:54:23 Removed SpiderOak x64
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04B5A1CE-CA12-42DB-A704-876E58AA7CFB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {123CEAD9-B89B-4632-8E0D-078740116E68} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-12-07] (Glarysoft Ltd)
Task: {8A0205B3-FE39-4DED-AA9B-8D51B6E82CB6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AC1A71E9-9B1B-4DBF-B7F7-AF837EB4463D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {B3BABBB9-2316-48FC-9F24-7427047480F4} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-03-13] (CyberLink)
Task: {CD662987-1FF5-4EF9-B00A-C92F61FFBAB9} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-12-07] (Glarysoft Ltd)
Task: {E2064A04-28E2-4622-AB43-D100E40B49BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-05] (Google Inc.)
Task: {E540E4EE-1FE2-47EE-BBA9-BFCBFA67BD35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-09] (Microsoft Corporation)
Task: {ED863216-AF4E-406B-B157-770D959A31C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-05] (Google Inc.)
Task: {F17CD818-DFDF-4737-9979-7209B5787BF4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-04 00:44 - 2012-09-18 03:36 - 00085104 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2014-09-04 18:25 - 2012-04-25 03:39 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-04-14 13:41 - 2014-04-14 13:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-12-04 00:44 - 2011-11-04 01:28 - 00260096 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll
2014-12-04 01:24 - 2013-11-29 04:09 - 00857864 _____ () C:\Program Files (x86)\CyberLink\PowerDVD12\common\UNO\UNO.dll
2014-09-04 18:26 - 2011-08-23 20:39 - 00081920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd
2014-09-04 18:26 - 2011-08-23 20:39 - 00053248 _____ () C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
2014-09-04 18:26 - 2011-08-23 20:39 - 00655360 _____ () C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
2014-12-11 04:33 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 04:33 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 04:33 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 04:33 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "InstantBurn"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "UpdatePPShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl11"
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\...\StartupApproved\Run: => "LightScribe Control Panel"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1209595130-3215103928-1571922239-500 - Administrator - Disabled)
Guest (S-1-5-21-1209595130-3215103928-1571922239-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1209595130-3215103928-1571922239-1003 - Limited - Enabled)
ORNERY (S-1-5-21-1209595130-3215103928-1571922239-1001 - Administrator - Enabled) => C:\Users\ORNERY
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 1394 OHCI Compliant Host Controller
Description: 1394 OHCI Compliant Host Controller
Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Manufacturer: 1394 OHCI Compliant Host Controller
Service: 1394ohci
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/21/2014 00:36:25 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\ORNERY\Desktop\MALWARE CLEANUP\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/21/2014 00:34:47 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\ORNERY\Desktop\MALWARE CLEANUP\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/21/2014 00:34:20 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\ORNERY\Desktop\MALWARE CLEANUP\FRST.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/20/2014 01:26:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc0000022
Fault offset: 0x000a36e5
Faulting process id: 0x1db4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (12/20/2014 11:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpqgpc01.exe, version: 130.0.14.16, time stamp: 0x49dd90d9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x07000007
Faulting process id: 0x19d4
Faulting application start time: 0xhpqgpc01.exe0
Faulting application path: hpqgpc01.exe1
Faulting module path: hpqgpc01.exe2
Report Id: hpqgpc01.exe3
Faulting package full name: hpqgpc01.exe4
Faulting package-relative application ID: hpqgpc01.exe5
 
Error: (12/20/2014 05:31:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/20/2014 05:31:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/19/2014 04:54:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/19/2014 04:54:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/19/2014 00:07:35 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
 
System errors:
=============
Error: (12/20/2014 05:31:52 AM) (Source: DCOM) (EventID: 10010) (User: SNOOPYII)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/20/2014 05:31:22 AM) (Source: DCOM) (EventID: 10010) (User: SNOOPYII)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/19/2014 07:59:11 PM) (Source: DCOM) (EventID: 10010) (User: SNOOPYII)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/19/2014 04:41:36 PM) (Source: DCOM) (EventID: 10005) (User: SNOOPYII)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/19/2014 04:41:26 PM) (Source: DCOM) (EventID: 10005) (User: SNOOPYII)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/19/2014 04:41:19 PM) (Source: DCOM) (EventID: 10005) (User: SNOOPYII)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/19/2014 04:41:19 PM) (Source: DCOM) (EventID: 10005) (User: SNOOPYII)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/19/2014 04:41:19 PM) (Source: DCOM) (EventID: 10005) (User: SNOOPYII)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/19/2014 04:41:19 PM) (Source: DCOM) (EventID: 10005) (User: SNOOPYII)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/19/2014 04:41:19 PM) (Source: DCOM) (EventID: 10005) (User: SNOOPYII)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office Sessions:
=========================
Error: (12/21/2014 00:36:25 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\ORNERY\Desktop\MALWARE CLEANUP\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/21/2014 00:34:47 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\ORNERY\Desktop\MALWARE CLEANUP\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/21/2014 00:34:20 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\ORNERY\Desktop\MALWARE CLEANUP\FRST.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/20/2014 01:26:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1741554504b0dc0000022000a36e51db401d01c8ad64f2bbdC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dll143155f6-887e-11e4-828d-485b3931c18e
 
Error: (12/20/2014 11:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpqgpc01.exe130.0.14.1649dd90d9unknown0.0.0.000000000c00000050700000719d401d01bf674ad25b9C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeunknownf87700c7-886f-11e4-828d-485b3931c18e
 
Error: (12/20/2014 05:31:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files (x86)\cyberlink\power2go8\CES_CacheAgent.exe.Manifest
 
Error: (12/20/2014 05:31:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files (x86)\cyberlink\power2go8\CES_AudioCacheAgent.exe.Manifest
 
Error: (12/19/2014 04:54:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files (x86)\cyberlink\power2go8\CES_CacheAgent.exe.Manifest
 
Error: (12/19/2014 04:54:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files (x86)\cyberlink\power2go8\CES_AudioCacheAgent.exe.Manifest
 
Error: (12/19/2014 00:07:35 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 37%
Total physical RAM: 12279.07 MB
Available physical RAM: 7723.54 MB
Total Pagefile: 24567.07 MB
Available Pagefile: 20196.96 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.47 GB) (Free:120.35 GB) NTFS
Drive d: (SGT15TB) (Fixed) (Total:1397.26 GB) (Free:528.55 GB) NTFS
Drive e: (MSTRBCKUP) (Fixed) (Total:2794.52 GB) (Free:1480.7 GB) NTFS
Drive i: (WD1500) (Fixed) (Total:1397.26 GB) (Free:387.94 GB) NTFS
Drive j: () (Fixed) (Total:931.41 GB) (Free:225.42 GB) NTFS
Drive q: (Cookn 11) (CDROM) (Total:0.45 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 376469FC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: A6DEA6DE)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: A907A907)
Partition 2: (Not Active) - (Size=1397.3 GB) - (Type=OF Extended)
 
========================================================
Disk: 3 (Size: 2794.5 GB) (Disk ID: 095CA2B8)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 4 (Size: 238.5 GB) (Disk ID: 98C4F504)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
rzrbck

rzrbck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Security check info: 

Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender               
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Adobe Flash Player 16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0) 
 Mozilla Thunderbird (31.3.0) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 WinPatrol winpatrol.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 ORNERY Desktop MALWARE CLEANUP FRST64.exe 
 ORNERY Desktop MALWARE CLEANUP SecurityCheck.exe 
 Ruiware WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

  • 0

#6
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi rzrbck,

Great job keeping your applications updated! Just a little something more--please uninstall Java 7 Update 67 so no component remains vulnerable. :)
  • Step 1

    Certain programs can hinder the cleaning process. As such, I ask that you remove the below program(s) to ensure no such conflict arises:
    • SUPERAntiSpyware
    • WinPatrol
    While disabling is an option, for a more hassle-free solution, I recommend uninstalling the above program(s) through Control Panel > Add or Remove Programs (Windows XP) or Control Panel > Programs and Features > Uninstall a Program (Windows Vista & Windows 7).

    You may re-install the program(s) later once I have declared you clean.
  • Step 2

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF SearchPlugin: C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\searchplugins\firefox-add-ons.xml
    FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\trash [2014-10-06]
    FF Extension: Hola Unblocker - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] [2014-09-04]
    CHR Extension: (AutoZoom) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch [2014-09-26]
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
  • Step 3

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • JRT.txt (Junkware Removal Tool)

  • 0

#7
rzrbck

rzrbck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for the complement.  I try to keep all updated and system is usually clean.  This has been difficult to eradicate and there is not much out there on it.
  • 0

#8
rzrbck

rzrbck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

JRT Scan info:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by ORNERY on Mon 12/22/14 at 21:17:33.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
 
Successfully deleted the following from C:\Users\ORNERY\AppData\Roaming\mozilla\firefox\profiles\eilbmdnu.Default User\prefs.js
 
user_pref("extensions.disconnect.blacklist", "{\"foxnews.com\":{\"Content\":{\"Google\":true,\"Visual Revenue\":true,\"Parse.ly\":true,\"Livefyre\":true,\"Facebook\":true}},\"
user_pref("extensions.disconnect.whitelist", "{\"latimes.com\":{\"Disconnect\":{\"whitelisted\":false,\"services\":{\"Google\":true}}},\"mediafire.com\":{\"Disconnect\":{\"whi
~~~ Event Viewer Logs were cleared
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/22/14 at 21:24:23.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#9
rzrbck

rzrbck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014
Ran by ORNERY at 2014-12-22 21:15:08 Run:1
Running from C:\Users\ORNERY\Desktop
Loaded Profile: ORNERY (Available profiles: ORNERY & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF SearchPlugin: C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\searchplugins\firefox-add-ons.xml
FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\trash [2014-10-06]
FF Extension: Hola Unblocker - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] [2014-09-04]
CHR Extension: (AutoZoom) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch [2014-09-26]
 
*****************
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\searchplugins\firefox-add-ons.xml => Moved successfully.
C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\trash => Moved successfully.
C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] => Moved successfully.
C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch => Moved successfully.
 
==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014
Ran by ORNERY at 2014-12-22 21:15:08 Run:1
Running from C:\Users\ORNERY\Desktop
Loaded Profile: ORNERY (Available profiles: ORNERY & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1209595130-3215103928-1571922239-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF SearchPlugin: C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\searchplugins\firefox-add-ons.xml
FF Extension: No Name - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\trash [2014-10-06]
FF Extension: Hola Unblocker - C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] [2014-09-04]
CHR Extension: (AutoZoom) - C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch [2014-09-26]
 
*****************
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1209595130-3215103928-1571922239-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\searchplugins\firefox-add-ons.xml => Moved successfully.
C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\trash => Moved successfully.
C:\Users\ORNERY\AppData\Roaming\Mozilla\Firefox\Profiles\8fhkkg6b.default\Extensions\[email protected] => Moved successfully.
C:\Users\ORNERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch => Moved successfully.
 
==== End of Fixlog ====

  • 0

#10
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi rzrbck,

Let's see what AdwCleaner has to say now. :)
  • Step 1

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      nvMhqop.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, select List of found threats > Export to text file....
    • Press Back and put a check on the following:
      • Uninstall application on close
      • Delete quarantined files
    • Click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • AdwCleaner[S*].txt (AdwCleaner)
    • log.txt (ESET Online Scan)

  • 0

Advertisements


#11
rzrbck

rzrbck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Adwcleaner info;

# AdwCleaner v4.106 - Report created 22/12/2014 at 23:09:22
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : ORNERY - SNOOPYII
# Running from : C:\Users\ORNERY\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v34.0 (x86 en-US)
-\\ Google Chrome v39.0.2171.95
*************************
AdwCleaner[R0].txt - [2282 octets] - [07/12/2014 01:30:18]
AdwCleaner[R1].txt - [2342 octets] - [07/12/2014 02:22:25]
AdwCleaner[R2].txt - [1179 octets] - [18/12/2014 23:59:30]
AdwCleaner[R3].txt - [1438 octets] - [19/12/2014 00:08:26]
AdwCleaner[R4].txt - [1194 octets] - [19/12/2014 01:26:06]
AdwCleaner[R5].txt - [1540 octets] - [19/12/2014 02:21:05]
AdwCleaner[R6].txt - [1600 octets] - [19/12/2014 03:01:57]
AdwCleaner[R7].txt - [1426 octets] - [22/12/2014 23:07:49]
AdwCleaner[S0].txt - [2441 octets] - [07/12/2014 02:38:30]
AdwCleaner[S1].txt - [1245 octets] - [19/12/2014 00:02:50]
AdwCleaner[S2].txt - [1505 octets] - [19/12/2014 01:01:44]
AdwCleaner[S3].txt - [1256 octets] - [19/12/2014 01:28:28]
AdwCleaner[S4].txt - [1347 octets] - [22/12/2014 23:09:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1407 octets] ##########

  • 0

#12
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi rzrbck,

Looks like it was speechless, eh?  :lol: Waiting on the ESET Online Scan log now. It may take quite a while so do not rush yourself.

Post when ready!
  • 0

#13
rzrbck

rzrbck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

sorry for the delay  it took over 6 hours to run:

ESET log:

C:\Program Files (x86)\Cool Record Edit Pro\goup.exe Win32/Tsingsoft.A potentially unwanted application deleted - quarantined
C:\Users\ORNERY\Downloads\CCleaner_v4.18.4842.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\ORNERY\Downloads\CCleaner_v5.00.5050.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\ORNERY\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\ORNERY\Downloads\Speccy_v1.27.703.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\DPSetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\defragsetup.exe Win32/ELEX.AH potentially unwanted application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\gupsetup-13776.exe a variant of Win32/ELEX.AG potentially unwanted application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\rcsetup142.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\AVERY DESIGN PRO\ccsetup317.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\HDD RECOVERY\HDDGURU\HDD RECOVERY\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\HDD RECOVERY\PROGRAMS\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\HPV125\HDD RECOVERY\HDDGURU\HDD RECOVERY\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\RONSDOCS\HPV125\HDD RECOVERY\PROGRAMS\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\SNOOPYII INSTALL0N 1172012\SOFTWARE\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\SNOOPYII INSTALL0N 1172012\SOFTWARE\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
D:\IMPORTANT BACKUPS\SNOOPYII INSTALL0N 1172012\SOFTWARE\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\IMPORTANT BACKUPS\SNOOPYII INSTALL0N 1172012\SOFTWARE\spsetup119.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\AVERY\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\AVERY\DPSetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\HDD Data Recovery\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\HDD Data Recovery\HDDGURU\HDD RECOVERY\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\MOVIES\FreeYouTubeToMp3Converter.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\UTILITIES\spsetup122.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\UTILITIES\DEFRAGGLER\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\UTILITIES\DEFRAGGLER\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\UTILITIES\DEFRAGGLER\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
D:\SOFTWAREDOWNLOADS\UTILITIES\PIRI - CCCLEANER\ccsetup315.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\UTILITIES\PIRI - CCCLEANER\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
D:\SOFTWAREDOWNLOADS\UTILITIES\PIRIFORM\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
E:\RONSDOCS\DPSetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
E:\RONSDOCS\COMPUTERS\LangeLaptop\Downloads\spsetup123.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
E:\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\defragsetup.exe Win32/ELEX.AH potentially unwanted application deleted - quarantined
E:\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\gupsetup-13776.exe a variant of Win32/ELEX.AG potentially unwanted application deleted - quarantined
E:\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\rcsetup142.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
E:\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
E:\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
E:\RONSDOCS\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\AVERY DESIGN PRO\ccsetup317.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
E:\RONSDOCS\HDD RECOVERY\HDDGURU\HDD RECOVERY\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
E:\RONSDOCS\HDD RECOVERY\PROGRAMS\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
E:\RONSDOCS\HPV125\HDD RECOVERY\HDDGURU\HDD RECOVERY\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
E:\RONSDOCS\HPV125\HDD RECOVERY\PROGRAMS\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
E:\RONSDOCS\MEMORYY STICK\HPV125\HDD RECOVERY\HDDGURU\HDD RECOVERY\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
E:\RONSDOCS\MEMORYY STICK\HPV125\HDD RECOVERY\PROGRAMS\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
E:\RONSDOCS\SOFTWARE\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
E:\RONSDOCS\SOFTWARE\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\RONSDOCS\SOFTWARE\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\RONSDOCS\SOFTWARE\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\RONSDOCS\SOFTWARE\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\RONSDOCS\SOFTWARE\ccsetup402(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\RONSDOCS\SOFTWARE\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\RONSDOCS\SOFTWARE\spsetup121.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
I:\DPSetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
I:\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
I:\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\defragsetup.exe Win32/ELEX.AH potentially unwanted application deleted - quarantined
I:\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\gupsetup-13776.exe a variant of Win32/ELEX.AG potentially unwanted application deleted - quarantined
I:\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\rcsetup142.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
I:\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
I:\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
I:\COMPUTERS\SNOOPY2\042012REBUILD\UTILITIES\AVERY DESIGN PRO\ccsetup317.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
I:\HDD RECOVERY\HDDGURU\HDD RECOVERY\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
I:\HDD RECOVERY\PROGRAMS\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
I:\MEMORYY STICK\HPV125\HDD RECOVERY\HDDGURU\HDD RECOVERY\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
I:\MEMORYY STICK\HPV125\HDD RECOVERY\PROGRAMS\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
I:\SONY\SNOOPYII\ORNERY12252012\ORNERY\Desktop\REINSTALLATION\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
I:\SONY\SNOOPYII\ORNERY12252012\ORNERY\Desktop\REINSTALLATION\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
I:\SONY\SNOOPYII\ORNERY12252012\ORNERY\Desktop\REINSTALLATION\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
I:\SONY\SNOOPYII\ORNERY12252012\ORNERY\Desktop\REINSTALLATION\spsetup119.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Desktop\ANGEL\DOCS\pogingangel\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Desktop\ANGEL\DOCS\pogingangel\AppData\Local\Temp\ASK1E2A.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Desktop\ANGEL\DOCS\pogingangel\AppData\Local\Temp\ASK9BE2.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Desktop\ANGEL\DOCS\pogingangel\AppData\Local\Temp\ASKE3B9.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Desktop\ANGEL\DOCS\pogingangel\AppData\Local\Temp\ietE207.tmp.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Desktop\ANGEL\DOCS\pogingangel\AppData\LocalLow\BitTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Desktop\ANGEL\HDD INFO\DRIVE 1\Program Files (x86)\BitTorrentBar\tbBitT.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Desktop\ANGEL\HDD INFO\DRIVE 2\Windows 7 Ultimate (64 Bit)\Windows 7 Ultimate (64 Bit)\File Sharing Programs\Bit-Lord 1.1.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Desktop\LANGEBACKUP\LANGEREINSTL\My Documents\Downloads\cbsidlm-cbsi134-ShowPassword-SEO-75910197 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Desktop\LANGEBACKUP\LANGEREINSTL\My Documents\Downloads\cbsidlm-cbsi134-ShowPassword-SEO-75910197.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Desktop\LANGEBACKUP\SOFTWARE\PASSWORDS\cbsidlm-cbsi134-ShowPassword-SEO-75910197 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Desktop\LANGEBACKUP\SOFTWARE\PASSWORDS\cbsidlm-cbsi134-ShowPassword-SEO-75910197.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Desktop\TESTBENCH\APPLICATIONS\burnaware_free.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Desktop\TESTBENCH\WIN7\WIN7 Home Premium\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Desktop\TESTBENCH\WIN7\WIN7 Home Premium\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Documents\SOFTWARE\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Documents\SOFTWARE\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Documents\SOFTWARE\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Documents\SOFTWARE\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Documents\SOFTWARE\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Documents\SOFTWARE\ccsetup402(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Documents\SOFTWARE\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Documents\SOFTWARE\spsetup121.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Downloads\DPSetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
J:\Users\ORNERY\Downloads\Smart_Defrag_v3.2.0.332.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
J:\Users\ORNERY\Downloads\MALWARE TOOLKIT\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

  • 0

#14
rzrbck

rzrbck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

alot of the things look like remnants from helping to clean others machines and bundled toolbars that I know, from experience, to be on the lookout for.   Thanks you for taking the time to help others figure things out.  Is there any particular product that installs Searchscopes?  IN the future,  I think I'm going to use my testbench to clean others computers


Edited by rzrbck, 23 December 2014 - 11:33 AM.

  • 0

#15
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi rzrbck,

'SearchScopes' in themselves are not bad--malware just happens to alter them. There is also an adware (SearchScope, in singular) that seemed to have named itself after it.  :lol: Your hunch is also correct--bundled toolbars and whatnot are the most common sources for the alteration.

Thank you for your cooperation. Your logs show no sign of infection. Congratulations, your system is now clean. :thumbsup: Below are the last few steps for you to accomplish.

Remove Temporary Files with TFC by OldTimer
  • Download 'TFC by OldTimer' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click the Start button and wait for the process to complete.
    • You will be prompted to reboot. Please allow it by choosing Yes.
Remove Special Tools with DelFix by Xplode
  • Download 'DelFix by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Ensure the following options are checked:
      • Remove Disinfection Tools
      • Create Registry Backup
      • Purge System Restore
    • Press Run.
    • A log will automatically pop-up. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware, sluggish machines, infections, malware removal, searchscopes

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP