Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with lots of malware [Solved]


  • This topic is locked This topic is locked

#1
infected24

infected24

    Member

  • Member
  • PipPip
  • 13 posts

Hi, My sister was trying to search for TV episodes online, and came across a website telling her to install flash player and upgrade the browser. She clicked ok and installed it. This ended up installing a lot of malware on the laptop. Started getting popups to scan for virus, the home page of every browser keeps changing persistently (even after we try to change it back), a black command prompt keeps popping up.

 

I installed malwarebytes anti malware, and scanned the PC for 5 minutes, then cancelled the scan because I thought it would be better to scan in safe mode. In those 5 minutes it detected 73 objects, which were successfully quarantined. In safe mode it detected over 500, which were also quarantined. The PC seems a lot smoother now, but we're still getting the black command prompt pop up, and sometimes web pages take forever to load.

 

I would appreciate it if you can take a look at the logs and clear the remaining threats. Here is the OTL log:

 

 

OTL logfile created on: 19/01/2015 7:46:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Downloads\virusremoval
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 49.18% Memory free
7.23 Gb Paging File | 4.96 Gb Available in Paging File | 68.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 3.32 Gb Free Space | 2.79% Space Free | Partition Type: NTFS
 
Computer Name: GSGILL | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/19 19:45:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\virusremoval\OTL.exe
PRC - [2015/01/15 15:06:21 | 001,845,472 | ---- | M] () -- C:\Users\owner\AppData\Local\GeniusBox\Client.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/19 10:35:41 | 000,707,984 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2014/11/19 10:35:26 | 000,562,576 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2013/08/08 09:10:52 | 000,137,232 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2013/03/12 00:20:34 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/03/12 00:20:32 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/12/04 08:22:01 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2010/07/23 03:45:06 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe
PRC - [2009/11/02 21:52:48 | 000,173,568 | ---- | M] (Sybase, Inc.) -- C:\Program Files (x86)\AClient\Bin\XCDiffCache.exe
PRC - [2009/11/02 21:52:11 | 000,239,104 | ---- | M] (Sybase, Inc.) -- C:\Program Files (x86)\AClient\Bin\XeService.exe
PRC - [2009/11/02 21:50:42 | 000,111,616 | ---- | M] (Sybase, Inc.) -- C:\Program Files (x86)\AClient\Bin\XcListener.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/15 15:06:21 | 001,845,472 | ---- | M] () -- C:\Users\owner\AppData\Local\GeniusBox\Client.exe
MOD - [2014/11/19 10:36:09 | 000,063,376 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2014/10/15 14:37:37 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/15 14:37:31 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/15 14:37:27 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/15 14:37:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/15 14:37:12 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/10 19:32:30 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/04/09 08:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/13 11:47:04 | 000,820,184 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/02/13 11:46:48 | 000,731,648 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/01/14 12:33:18 | 000,503,344 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV:64bit: - [2012/02/09 15:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2015/01/15 00:33:16 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/19 10:35:26 | 000,562,576 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2014/11/03 22:17:20 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/08 09:10:52 | 000,137,232 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2013/03/12 00:20:34 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/03/12 00:20:32 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/01/14 12:33:18 | 000,503,344 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV - [2012/03/06 17:08:50 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2010/07/23 03:45:06 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2009/11/02 21:52:11 | 000,239,104 | ---- | M] (Sybase, Inc.) [Auto | Running] -- C:\Program Files (x86)\AClient\Bin\XeService.exe -- (Afaria Client Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/19 19:35:37 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/01/19 19:35:32 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/11/19 10:11:19 | 000,052,592 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64-6.sys -- (vpnva)
DRV:64bit: - [2014/11/19 10:09:52 | 000,112,496 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/27 02:33:10 | 000,288,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2013/05/02 06:17:04 | 011,530,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/03/14 01:34:46 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2013/03/12 00:20:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/12/04 08:21:10 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/12/04 08:21:10 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/12/04 08:21:09 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/11/19 05:42:50 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2012/08/09 18:29:56 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012/03/26 17:31:32 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/26 17:31:30 | 000,027,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012/03/09 19:41:16 | 000,685,160 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 23:55:24 | 014,741,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/09 15:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012/02/09 15:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2011/12/06 02:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rbc.com/canada.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 C6 96 9F 93 93 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {88FF29BE-E3B7-4A2F-8B67-5B62E78E057D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{88FF29BE-E3B7-4A2F-8B67-5B62E78E057D}: "URL" = http://www.google.co...earchTerms}=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49172;https=127.0.0.1:49172;
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: c6d10446ffd84587ac59c8230189%40815dffea895e418f9d9fd8cf.com:0.95.29
FF - prefs.js..extensions.enabledAddons: %7B921265c3-88e5-40e1-8d74-df5314572900%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 05:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/09/20 10:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2015/01/19 19:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\ka5qcham.default\extensions
[2015/01/19 12:26:36 | 000,007,339 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\ka5qcham.default\extensions\{921265c3-88e5-40e1-8d74-df5314572900}.xpi
[2014/11/03 22:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/03 22:17:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KA5QCHAM.DEFAULT\EXTENSIONS\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekmcmfmgcfmahepmlihdogclgaepcpn\1.0.1_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinCheck] C:\Users\owner\AppData\Local\wincheck\wincheck.exe File not found
O4 - HKCU..\Run: [DiamondView] C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://appliedsyste...rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{278AB6FE-C62A-412A-B0CA-166FFE1BB936}: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7A97284-3CF5-4B62-BE09-36BE38E16C64}: DhcpNameServer = 64.71.255.204 64.71.255.198
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/19 19:24:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2015/01/19 19:13:33 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/19 19:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/19 19:12:31 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/01/19 19:12:31 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/01/19 19:12:31 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/01/19 19:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/01/19 19:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/19 19:12:13 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Programs
[2015/01/19 14:34:04 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\wincheck
[2015/01/19 14:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
[2015/01/19 14:31:38 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\GeniusBox
[2015/01/19 14:30:56 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Pro_PC_Cleaner
[2015/01/19 14:30:50 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\ProPCCleaner
[2015/01/19 14:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\819a0e1c-3061-4a00-b044-57e630e24ac8
[2015/01/19 14:28:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\globalUpdate
[2015/01/19 14:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2015/01/16 03:00:29 | 000,000,000 | ---D | C] -- C:\3b2defc90b763c7a8ee52339
[2013/09/08 18:14:37 | 000,126,976 | ---- | C] (Flexera Software LLC) -- C:\Users\owner\SetupNI.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/19 19:42:37 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/19 19:42:37 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/19 19:40:21 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/19 19:40:21 | 000,666,772 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/19 19:40:21 | 000,126,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/19 19:35:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/19 19:35:44 | 000,001,338 | ---- | M] () -- C:\Windows\tasks\WZMOWX.job
[2015/01/19 19:35:44 | 000,001,336 | ---- | M] () -- C:\Windows\tasks\LHHBL.job
[2015/01/19 19:35:37 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/19 19:35:32 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2015/01/19 19:35:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/19 19:35:24 | 3144,433,664 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/19 18:48:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/01/19 16:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/19 16:20:22 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/19 14:31:47 | 000,000,064 | ---- | M] () -- C:\Users\owner\AppData\Local\76ae5db4606a5d3af500eff5effa28a5
[2015/01/19 12:05:40 | 000,002,044 | -H-- | M] () -- C:\Users\owner\Documents\Default.rdp
[2015/01/04 18:39:03 | 000,000,030 | ---- | M] () -- C:\Windows\MaritimeLife.ini
[2015/01/04 18:37:57 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Manulife Diamond View.lnk
[2015/01/04 18:37:07 | 000,000,029 | ---- | M] () -- C:\Windows\MLI.INI
[2015/01/04 13:00:17 | 000,000,000 | ---- | M] () -- C:\Users\owner\Documents\Printer PDF
[2015/01/03 21:37:48 | 004,895,229 | ---- | M] () -- C:\Users\owner\Documents\GCFBCKUP [email protected]@@
[2015/01/03 14:08:41 | 000,092,837 | ---- | M] () -- C:\Users\owner\Desktop\InderjitPCmembershipcard.pdf
[2014/12/28 15:44:26 | 016,634,822 | ---- | M] () -- C:\ProgramData\RESPXpressUpdate26.zip
[2014/12/28 15:44:10 | 000,000,031 | ---- | M] () -- C:\Windows\WebUpdateSvc4.INI
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/19 18:48:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/01/19 14:31:47 | 000,000,064 | ---- | C] () -- C:\Users\owner\AppData\Local\76ae5db4606a5d3af500eff5effa28a5
[2015/01/19 14:29:22 | 000,001,336 | ---- | C] () -- C:\Windows\tasks\LHHBL.job
[2015/01/19 14:29:04 | 000,001,338 | ---- | C] () -- C:\Windows\tasks\WZMOWX.job
[2015/01/03 21:37:46 | 004,895,229 | ---- | C] () -- C:\Users\owner\Documents\GCFBCKUP [email protected]@@
[2015/01/03 14:08:41 | 000,092,837 | ---- | C] () -- C:\Users\owner\Desktop\InderjitPCmembershipcard.pdf
[2014/12/15 16:38:30 | 016,634,822 | ---- | C] () -- C:\ProgramData\RESPXpressUpdate26.zip
[2014/11/13 11:17:40 | 000,002,491 | ---- | C] () -- C:\ProgramData\regid.2012-05.ca.repsource_EC596C15-1BA5-4A0F-8804-4CC5BB52F1EE.swidtag
[2014/09/01 03:18:44 | 000,002,086 | ---- | C] () -- C:\Users\owner\AppData\Roaming\LHHBL
[2014/09/01 03:18:44 | 000,001,248 | ---- | C] () -- C:\Users\owner\AppData\Roaming\WZMOWX
[2014/08/09 18:07:54 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\{CB6E24F7-5FED-40B8-95B3-3A9380602899}
[2014/07/21 22:47:19 | 004,120,870 | ---- | C] () -- C:\ProgramData\RESPXpressUpdate20.zip
[2013/12/15 09:38:52 | 001,571,160 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2013/09/17 10:43:18 | 020,274,484 | ---- | C] () -- C:\ProgramData\RESPXpressUpdate14.zip
[2013/09/08 20:40:00 | 000,000,031 | ---- | C] () -- C:\Windows\WebUpdateSvc4.INI
[2013/09/08 20:39:48 | 000,048,652 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2013/09/08 20:39:45 | 000,000,211 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/08/19 22:12:35 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2013/08/08 09:29:04 | 000,244,984 | ---- | C] () -- C:\Windows\SysWow64\TUTIL32.DLL
[2013/08/08 09:28:45 | 000,000,391 | ---- | C] () -- C:\Windows\cq.ini
[2013/08/07 21:16:27 | 000,000,030 | ---- | C] () -- C:\Windows\MaritimeLife.ini
[2013/08/07 19:53:39 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\MD5DLL.DLL
[2013/08/07 19:31:24 | 000,000,029 | ---- | C] () -- C:\Windows\MLI.INI
[2013/08/07 18:40:58 | 000,152,920 | R--- | C] () -- C:\Windows\Wiainst64.exe
[2013/08/07 18:32:36 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\Ssdevm.dll
[2013/08/07 13:58:43 | 000,015,787 | ---- | C] () -- C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.145843.wdl
[2013/08/07 13:45:35 | 000,766,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/07 13:19:56 | 000,013,062 | ---- | C] () -- C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.141956.wdl
[2013/08/07 13:18:41 | 000,012,583 | ---- | C] () -- C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.141841.wdl
[2013/08/07 12:25:50 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/08/07 12:25:49 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/08/07 12:25:49 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/08/07 12:25:49 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/08/01 14:08:41 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/08/01 14:08:40 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/08/01 14:08:39 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/08/01 14:08:38 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2013/02/13 11:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/15 09:39:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Samsung
[2013/08/07 13:04:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >

 

 

Thank you


Edited by infected24, 19 January 2015 - 07:16 PM.

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Welcome to Geeks To Go!

 

Can you also post the Extras.txt file that is in your Downloads\virusremoval folder?


  • 0

#3
infected24

infected24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi, Thanks for the quick response. Here it is:

 

OTL Extras logfile created on: 19/01/2015 7:46:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Downloads\virusremoval
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 49.18% Memory free
7.23 Gb Paging File | 4.96 Gb Available in Paging File | 68.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 3.32 Gb Free Space | 2.79% Space Free | Partition Type: NTFS
 
Computer Name: GSGILL | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128A33B-274A-4175-9840-611983A9C0E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{05CB9DB6-752B-47AF-B05E-3E743EF88911}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C5D01A8-B073-40DE-9559-F69BDDD5DFE3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{11B6067F-C723-46AD-80C3-0DB3BB91A358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12E41D29-12A3-479D-A047-5FBD04EB246E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{163BF0AE-8F6C-4C1B-9396-0CAC76EC4BEE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20DA0E7A-5C58-4CCE-82F2-90B2B227EE28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2244723D-F79B-4BDE-A062-6DA2ED55D790}" = rport=138 | protocol=17 | dir=out | app=system |
"{248044A5-1859-49E9-A1C8-7758A1C1468C}" = lport=138 | protocol=17 | dir=in | app=system |
"{26F359B0-8773-41F7-8940-5430534395C8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{58484FEA-3568-4C29-9696-6C5CA81D1C2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59BCF530-A8CD-421E-8BE4-A3C13C9721FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{61F1AFC2-6843-431D-8C9E-77326083B861}" = lport=445 | protocol=6 | dir=in | app=system |
"{7221C8CB-DFCA-4FB6-BD41-ED6443966E10}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7590E663-4BC3-43BF-8256-E72F98F64754}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9082C048-ABAC-403A-A359-4FDEEAF7F43D}" = rport=137 | protocol=17 | dir=out | app=system |
"{A2776E87-588F-45F5-90E5-ABF9B51E9BD4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B902AD28-EE15-4215-828C-F02710B198BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF61930D-A678-4E6D-B0A9-03EBEC4D7BB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF7A48AE-3B41-4AE6-90DB-FEA94E3B6C31}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D24C9BF1-7883-4C71-A92B-F9B7FFF2DA70}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6A7CC4F-D086-47A4-8AEF-7185A2E7D24F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC858822-4EE8-409E-B59F-C69C9645CBCE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07ACC75A-5C04-4910-8926-14E124E24BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{0B56EE01-EC03-4B64-86AE-576B3A7642D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{15D55F78-9853-469C-B6A5-AE03362D424F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{1747A6BC-5C9F-4D11-B4AA-D36CF2D8F79A}" = protocol=58 | dir=out | [email protected],-28546 |
"{24DB7DB4-4F9F-4BF2-8299-FBFBA3CAC3C5}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\slm287x\scnsearch\usdagent.exe |
"{35EEACF6-7218-4BCE-9B91-0F2CFFE34773}" = protocol=17 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{3644FC16-541A-4F87-8EC0-3570729AFEDA}" = protocol=6 | dir=out | app=system |
"{3E5B7B9F-8846-4227-8973-9F98BDDA79B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46BCA239-8DEE-4788-8AF9-D7022E06DAF2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{4C172997-6C79-4D3A-BE3A-D1386F3E2256}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4D545DF1-3E8B-47D3-959A-E627C49F6229}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{59D6686F-8BEF-4912-B5FB-57CC9A103CA0}" = protocol=1 | dir=out | [email protected],-28544 |
"{5D644C3B-B94F-49A6-9434-63B994017EBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6588A297-9AB4-448F-B208-EB86BE2097F7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{67EEE3F2-388D-4261-BDD5-621C048F0FB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6A3C144C-3ACD-47F7-A1F4-0F502DBB7E54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CD77FF0-71AB-4BBE-8869-3EC161F87F96}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{840E6C6A-5323-42AB-9133-F5E2BE747DDE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8BAB4D6F-509A-45F6-AC56-CCAC36A97455}" = protocol=6 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{8E355B30-260B-4E1D-BCB6-6C8BCC33D65D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe |
"{8E3DF9D6-9453-4448-90C5-148DD39F0FF4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90B02FB8-1B9F-41CA-8609-523E26D2A2F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97F1E70A-D1D0-432C-8BFA-59D6D513D299}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{A3930F29-318A-45ED-945D-937088344E71}" = protocol=17 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{A51C4772-2FEA-4CE3-AA44-47F2733EF1D5}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{A6C521FB-8BF3-475C-A100-CA032D7E3A48}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{A902D064-545C-4D0C-BF26-14C644F5096E}" = protocol=1 | dir=in | [email protected],-28543 |
"{AC2422B0-06D1-42E5-8777-6E928473AF11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B381FE10-2D43-4C39-B86E-AD6FDAD65A33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1537068-57D1-4EFC-8E36-306EDFE9E02C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB5FBCED-6134-458E-B81A-6D089C82AE8E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe |
"{CC30219D-037B-4971-98BC-82EF0A8EA283}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE1F6E3-4E65-40AE-8F33-E00F0457412A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D50212C9-106E-4F7A-ACEE-FFAA6681A08D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9D642DC-F199-47D9-9975-404634250168}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{DAF9E200-A4DD-4DA4-8B89-D7AC9C3C6A26}" = protocol=58 | dir=in | [email protected],-28545 |
"{DB6BAC94-7FE9-4014-8954-3B69914EA42C}" = protocol=6 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{E20C386D-C005-4C7F-8CEE-EA3CEDF16428}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\slm287x\scnsearch\usdagent.exe |
"{E239CDFD-45E2-446B-A104-BAE8FD15A12A}" = dir=in | app=d:\setup.exe |
"{E5747608-C995-425C-A79A-15858BF6C184}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8C203AD-BDAE-432F-A51F-E2FFE52B5CB0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{E9395C88-3180-438D-A9A9-0C74C276316F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{E9C756CB-3FEB-4E78-A229-E8F7ECB4F76E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7BBD826-1465-48EA-ACE3-9880B01EB297}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{F8800080-684E-49E5-875B-E14BCEBA9D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{FDBA547E-8E2E-4BE1-A783-A52E47DAFE93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEB64A3C-9AF6-4A89-9317-524C630234F9}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"TCP Query User{BE785E78-885C-4167-A42C-C6EC7CBD8600}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe |
"UDP Query User{B31EBB86-6965-4281-91EF-3884B400FC40}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel® Smart Connect Technology 2.0 x64
"1BB1D7EBACC1BCD1A82C621E1E0BC9B313978951" = Windows Driver Package - Realtek Semiconduct Corp. (RSP2STOR) MTD  (05/27/2013 6.2.9200.29065)
"CA4C707033E6E6839178C28396E96859A3F62C5A" = Windows Driver Package - Intel (ISCT) System  (11/19/2012 1.0.8.0)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010F1EA0-301A-415C-8720-4DF374A810AC}" = GWL Illustrator Config
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04956D2A-B448-4031-89B3-2233199BEDE3}" = Manulife - Level Gold Investment Account - MLLG
"{069B9E08-FF56-45FB-896A-0D7DA894D906}" = Interface
"{0F1D290F-2EF5-4A39-8882-1B28E4B0E421}" = Manulife - Launcher
"{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}" = Manulife - Synergy / Manuvie - Synergie
"{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}" = Manulife - Insure Right / Manuvie - Bien s'assurer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D94A366-64BF-48A1-B86E-BA476C6B616D}" = GWL Illustrator
"{1FB0C2BE-F1C8-4468-A869-BD16A1D11635}" = Interface
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2AE741C4-8076-4FD4-905E-EB2D22389397}" = Interface
"{308FB486-5CAE-4E6E-893D-D63B080148CD}" = Manulife - Term
"{31E7ACDD-E3E1-4F62-BF05-BDB7F06CFBC3}" = Manulife Financial - Health and Dental
"{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update
"{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}" = Manulife - Concepts
"{43FC59FF-0EBF-43D6-8E97-CDE47F1CCE4F}" = GWL Illustrator Par
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF2CAE2-CEC4-4D44-8B6A-569397447B8A}" = Manulife - YRT Gold Investment Account - MLYG
"{5D95EE8F-0063-4239-8B12-DF3BD6E5E775}" = Interface Suite - Industrial Alliance
"{64B54493-BC68-4D6F-B9EB-214E74CC0647}" = Concourse 1.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{70867522-4CC7-4BAD-8EBC-048B18807D4D}" = Manulife - Concept slideshows
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73CE5546-7C57-4A6C-8E57-FC1DE455677C}" = GWL Illustrator Term Config
"{73FB74CA-65C1-45EA-BA04-610679B88DB8}" = Interface
"{7BB2FA8A-3928-47E1-8134-69788367EA8E}" = GWL Illustrator Par Config
"{7C222DD9-097A-4E53-B8BD-883B68D9537A}" = Cisco AnyConnect Secure Mobility Client
"{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}" = MSXML
"{8584238F-0A65-4C3C-A418-99AA83D6AE29}" = RESPXpress
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{956BE19D-1540-4B0E-B3FA-855BD4AC0DC8}" = FNCInstaller
"{95A6F1EB-281E-4613-A7B6-56515A9972C0}" = Manulife - Universal Life
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1A9956A-56A2-4933-A4F0-CC236790CC29}" = Diamond View Launcher
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator
"{BDE84496-A26C-4575-BD6C-6FD04CA852D2}" = Adobe Acrobat Reader 7.03
"{C45C544E-5047-11D9-8216-00B0D075DF5C}" = Diamond View Launcher
"{CDB131D2-E9C0-40E2-9D9E-4E1ADB1B1820}" = Canada Life Reference Material 14.3
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}" = Manulife - Personal Accident/Personal Accident
"{E6D6B0DB-6D17-4DFC-B5B3-E9DB7861EB7F}" = ZoomExpressKeyView14.3
"{E96C8E3B-C2A8-4DCF-BD5D-AEEBBB55EB7A}" = Interface
"{EC40A6DF-F660-4FD7-ACA5-20D98B032124}" = GWL Illustrator Term
"{F04F0485-8587-4EE6-9693-29F0ABFD26F1}" = Manulife - Living Benefits
"{F094278F-F192-4AA4-A918-9405B8620859}" = CL Sales Strategies 11.3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F153B63A-2894-471E-857E-A64550B03F77}" = Concourse 2.3 - Content
"{F746658F-170C-41F0-AD5B-DFFB74833AF8}" = Manulife - Performax Gold - Performax Or - MLPG
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Afaria Client" = Afaria Client
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Easy Wireless Setup" = Samsung Easy Wireless Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GeniusBox" = GeniusBox 2.0
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Samsung Easy Document Creator" = Samsung Easy Document Creator
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung M267x 287x Series" = Samsung M267x 287x Series
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Scan Process Machine" = Samsung Scan Process Machine
"View User Guide" = View User's Guide
"wincheck" = WinCheck
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20/10/2014 12:16:50 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 12:16:50 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 12:16:51 PM | Computer Name = GSGILL | Source = WinMgmt | ID = 10
Description =
 
Error - 20/10/2014 6:02:38 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 6:02:38 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 6:02:38 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 6:02:39 PM | Computer Name = GSGILL | Source = WinMgmt | ID = 10
Description =
 
Error - 21/10/2014 9:30:44 AM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 21/10/2014 9:30:44 AM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 21/10/2014 9:30:44 AM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
[ Cisco AnyConnect Network Access Manager Events ]
Error - 23/11/2014 6:23:55 PM | Computer Name = GSGILL | Source = NAMUI | ID = 67115867
Description = 0: GSGILL: Nov 23 2014 17:23:55.110 +0500: %NAMUI-3-ERROR_MSG: %[tid=4132]:
 NAM API (AdapterList): Unexpected multiple mediaTypes in one linkStateNotification
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 136: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4972]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 138: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4972]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 140: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4972]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 142: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4224]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 150: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=5112]:
 Internal error 11, contact software manufacturer
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19/01/2015 8:43:58 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1749 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588340
 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:43:58 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1384 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 19/01/2015 8:43:58 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 777 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
Error - 19/01/2015 8:44:31 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
 1586 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391704
 (0xFE210028) Description: CERTIFICATE_ERROR_VERIFY_SERVERCERT_FAILED_ASKUSER:Server
 certificate verification failed, and the error was an askuser error server name:
 206.47.156.165
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::postConnectProcessing File: .\IPC\SocketTransport.cpp
Line:
 1867 Invoked Function: ::WSAConnect Return Code: 10061 (0x0000274D) Description: No
 connection could be made because the target machine actively refused it.  
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1355 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31588340 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 304 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588340
 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1749 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588340
 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1384 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 777 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
[ Cisco AnyConnect Web Security Module Events ]
Error - 23/11/2014 7:52:47 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006804B0 | Connection : Failed to connect externally.
 Code : 10060
 
Error - 23/11/2014 7:53:03 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006AF468 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:03 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006804B0 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:04 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00682360 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:07 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00682390 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:11 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006823C0 | Connection : Failed to connect to 72.163.1.80:80.
 Code : 10060
 
Error - 23/11/2014 7:53:11 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006823C0 | Connection : Caught exception. Code : 10060
 
 
Error - 23/11/2014 7:53:11 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006823C0 | Connection : Failed to connect externally.
 Code : 10060
 
Error - 23/11/2014 7:53:40 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00631E18 | License : One or more of the License/Public
 Key can't be NULL
 
Error - 23/11/2014 7:53:40 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00631E18 | SSLExt : Failed to get ScanSafe headers
 
[ System Events ]
Error - 19/01/2015 8:24:55 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:34:49 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:35:32 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 19/01/2015 8:37:33 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7000
Description = The globalUpdate Update Service (globalUpdate) service failed to start
 due to the following error:   %%2
 
 
< End of report >


  • 0

#4
infected24

infected24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi, Thanks for the quick response. Here it is:

 

OTL Extras logfile created on: 19/01/2015 7:46:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Downloads\virusremoval
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 49.18% Memory free
7.23 Gb Paging File | 4.96 Gb Available in Paging File | 68.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 3.32 Gb Free Space | 2.79% Space Free | Partition Type: NTFS
 
Computer Name: GSGILL | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128A33B-274A-4175-9840-611983A9C0E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{05CB9DB6-752B-47AF-B05E-3E743EF88911}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C5D01A8-B073-40DE-9559-F69BDDD5DFE3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{11B6067F-C723-46AD-80C3-0DB3BB91A358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12E41D29-12A3-479D-A047-5FBD04EB246E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{163BF0AE-8F6C-4C1B-9396-0CAC76EC4BEE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20DA0E7A-5C58-4CCE-82F2-90B2B227EE28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2244723D-F79B-4BDE-A062-6DA2ED55D790}" = rport=138 | protocol=17 | dir=out | app=system |
"{248044A5-1859-49E9-A1C8-7758A1C1468C}" = lport=138 | protocol=17 | dir=in | app=system |
"{26F359B0-8773-41F7-8940-5430534395C8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{58484FEA-3568-4C29-9696-6C5CA81D1C2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59BCF530-A8CD-421E-8BE4-A3C13C9721FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{61F1AFC2-6843-431D-8C9E-77326083B861}" = lport=445 | protocol=6 | dir=in | app=system |
"{7221C8CB-DFCA-4FB6-BD41-ED6443966E10}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7590E663-4BC3-43BF-8256-E72F98F64754}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9082C048-ABAC-403A-A359-4FDEEAF7F43D}" = rport=137 | protocol=17 | dir=out | app=system |
"{A2776E87-588F-45F5-90E5-ABF9B51E9BD4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B902AD28-EE15-4215-828C-F02710B198BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF61930D-A678-4E6D-B0A9-03EBEC4D7BB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF7A48AE-3B41-4AE6-90DB-FEA94E3B6C31}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D24C9BF1-7883-4C71-A92B-F9B7FFF2DA70}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6A7CC4F-D086-47A4-8AEF-7185A2E7D24F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC858822-4EE8-409E-B59F-C69C9645CBCE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07ACC75A-5C04-4910-8926-14E124E24BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{0B56EE01-EC03-4B64-86AE-576B3A7642D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{15D55F78-9853-469C-B6A5-AE03362D424F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{1747A6BC-5C9F-4D11-B4AA-D36CF2D8F79A}" = protocol=58 | dir=out | [email protected],-28546 |
"{24DB7DB4-4F9F-4BF2-8299-FBFBA3CAC3C5}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\slm287x\scnsearch\usdagent.exe |
"{35EEACF6-7218-4BCE-9B91-0F2CFFE34773}" = protocol=17 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{3644FC16-541A-4F87-8EC0-3570729AFEDA}" = protocol=6 | dir=out | app=system |
"{3E5B7B9F-8846-4227-8973-9F98BDDA79B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46BCA239-8DEE-4788-8AF9-D7022E06DAF2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{4C172997-6C79-4D3A-BE3A-D1386F3E2256}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4D545DF1-3E8B-47D3-959A-E627C49F6229}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{59D6686F-8BEF-4912-B5FB-57CC9A103CA0}" = protocol=1 | dir=out | [email protected],-28544 |
"{5D644C3B-B94F-49A6-9434-63B994017EBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6588A297-9AB4-448F-B208-EB86BE2097F7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{67EEE3F2-388D-4261-BDD5-621C048F0FB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6A3C144C-3ACD-47F7-A1F4-0F502DBB7E54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CD77FF0-71AB-4BBE-8869-3EC161F87F96}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{840E6C6A-5323-42AB-9133-F5E2BE747DDE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8BAB4D6F-509A-45F6-AC56-CCAC36A97455}" = protocol=6 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{8E355B30-260B-4E1D-BCB6-6C8BCC33D65D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe |
"{8E3DF9D6-9453-4448-90C5-148DD39F0FF4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90B02FB8-1B9F-41CA-8609-523E26D2A2F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97F1E70A-D1D0-432C-8BFA-59D6D513D299}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{A3930F29-318A-45ED-945D-937088344E71}" = protocol=17 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{A51C4772-2FEA-4CE3-AA44-47F2733EF1D5}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{A6C521FB-8BF3-475C-A100-CA032D7E3A48}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{A902D064-545C-4D0C-BF26-14C644F5096E}" = protocol=1 | dir=in | [email protected],-28543 |
"{AC2422B0-06D1-42E5-8777-6E928473AF11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B381FE10-2D43-4C39-B86E-AD6FDAD65A33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1537068-57D1-4EFC-8E36-306EDFE9E02C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB5FBCED-6134-458E-B81A-6D089C82AE8E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe |
"{CC30219D-037B-4971-98BC-82EF0A8EA283}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE1F6E3-4E65-40AE-8F33-E00F0457412A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D50212C9-106E-4F7A-ACEE-FFAA6681A08D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9D642DC-F199-47D9-9975-404634250168}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{DAF9E200-A4DD-4DA4-8B89-D7AC9C3C6A26}" = protocol=58 | dir=in | [email protected],-28545 |
"{DB6BAC94-7FE9-4014-8954-3B69914EA42C}" = protocol=6 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{E20C386D-C005-4C7F-8CEE-EA3CEDF16428}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\slm287x\scnsearch\usdagent.exe |
"{E239CDFD-45E2-446B-A104-BAE8FD15A12A}" = dir=in | app=d:\setup.exe |
"{E5747608-C995-425C-A79A-15858BF6C184}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8C203AD-BDAE-432F-A51F-E2FFE52B5CB0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{E9395C88-3180-438D-A9A9-0C74C276316F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{E9C756CB-3FEB-4E78-A229-E8F7ECB4F76E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7BBD826-1465-48EA-ACE3-9880B01EB297}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{F8800080-684E-49E5-875B-E14BCEBA9D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{FDBA547E-8E2E-4BE1-A783-A52E47DAFE93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEB64A3C-9AF6-4A89-9317-524C630234F9}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"TCP Query User{BE785E78-885C-4167-A42C-C6EC7CBD8600}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe |
"UDP Query User{B31EBB86-6965-4281-91EF-3884B400FC40}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel® Smart Connect Technology 2.0 x64
"1BB1D7EBACC1BCD1A82C621E1E0BC9B313978951" = Windows Driver Package - Realtek Semiconduct Corp. (RSP2STOR) MTD  (05/27/2013 6.2.9200.29065)
"CA4C707033E6E6839178C28396E96859A3F62C5A" = Windows Driver Package - Intel (ISCT) System  (11/19/2012 1.0.8.0)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010F1EA0-301A-415C-8720-4DF374A810AC}" = GWL Illustrator Config
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04956D2A-B448-4031-89B3-2233199BEDE3}" = Manulife - Level Gold Investment Account - MLLG
"{069B9E08-FF56-45FB-896A-0D7DA894D906}" = Interface
"{0F1D290F-2EF5-4A39-8882-1B28E4B0E421}" = Manulife - Launcher
"{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}" = Manulife - Synergy / Manuvie - Synergie
"{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}" = Manulife - Insure Right / Manuvie - Bien s'assurer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D94A366-64BF-48A1-B86E-BA476C6B616D}" = GWL Illustrator
"{1FB0C2BE-F1C8-4468-A869-BD16A1D11635}" = Interface
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2AE741C4-8076-4FD4-905E-EB2D22389397}" = Interface
"{308FB486-5CAE-4E6E-893D-D63B080148CD}" = Manulife - Term
"{31E7ACDD-E3E1-4F62-BF05-BDB7F06CFBC3}" = Manulife Financial - Health and Dental
"{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update
"{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}" = Manulife - Concepts
"{43FC59FF-0EBF-43D6-8E97-CDE47F1CCE4F}" = GWL Illustrator Par
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF2CAE2-CEC4-4D44-8B6A-569397447B8A}" = Manulife - YRT Gold Investment Account - MLYG
"{5D95EE8F-0063-4239-8B12-DF3BD6E5E775}" = Interface Suite - Industrial Alliance
"{64B54493-BC68-4D6F-B9EB-214E74CC0647}" = Concourse 1.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{70867522-4CC7-4BAD-8EBC-048B18807D4D}" = Manulife - Concept slideshows
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73CE5546-7C57-4A6C-8E57-FC1DE455677C}" = GWL Illustrator Term Config
"{73FB74CA-65C1-45EA-BA04-610679B88DB8}" = Interface
"{7BB2FA8A-3928-47E1-8134-69788367EA8E}" = GWL Illustrator Par Config
"{7C222DD9-097A-4E53-B8BD-883B68D9537A}" = Cisco AnyConnect Secure Mobility Client
"{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}" = MSXML
"{8584238F-0A65-4C3C-A418-99AA83D6AE29}" = RESPXpress
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{956BE19D-1540-4B0E-B3FA-855BD4AC0DC8}" = FNCInstaller
"{95A6F1EB-281E-4613-A7B6-56515A9972C0}" = Manulife - Universal Life
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1A9956A-56A2-4933-A4F0-CC236790CC29}" = Diamond View Launcher
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator
"{BDE84496-A26C-4575-BD6C-6FD04CA852D2}" = Adobe Acrobat Reader 7.03
"{C45C544E-5047-11D9-8216-00B0D075DF5C}" = Diamond View Launcher
"{CDB131D2-E9C0-40E2-9D9E-4E1ADB1B1820}" = Canada Life Reference Material 14.3
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}" = Manulife - Personal Accident/Personal Accident
"{E6D6B0DB-6D17-4DFC-B5B3-E9DB7861EB7F}" = ZoomExpressKeyView14.3
"{E96C8E3B-C2A8-4DCF-BD5D-AEEBBB55EB7A}" = Interface
"{EC40A6DF-F660-4FD7-ACA5-20D98B032124}" = GWL Illustrator Term
"{F04F0485-8587-4EE6-9693-29F0ABFD26F1}" = Manulife - Living Benefits
"{F094278F-F192-4AA4-A918-9405B8620859}" = CL Sales Strategies 11.3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F153B63A-2894-471E-857E-A64550B03F77}" = Concourse 2.3 - Content
"{F746658F-170C-41F0-AD5B-DFFB74833AF8}" = Manulife - Performax Gold - Performax Or - MLPG
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Afaria Client" = Afaria Client
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Easy Wireless Setup" = Samsung Easy Wireless Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GeniusBox" = GeniusBox 2.0
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Samsung Easy Document Creator" = Samsung Easy Document Creator
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung M267x 287x Series" = Samsung M267x 287x Series
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Scan Process Machine" = Samsung Scan Process Machine
"View User Guide" = View User's Guide
"wincheck" = WinCheck
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20/10/2014 12:16:50 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 12:16:50 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 12:16:51 PM | Computer Name = GSGILL | Source = WinMgmt | ID = 10
Description =
 
Error - 20/10/2014 6:02:38 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 6:02:38 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 6:02:38 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 6:02:39 PM | Computer Name = GSGILL | Source = WinMgmt | ID = 10
Description =
 
Error - 21/10/2014 9:30:44 AM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 21/10/2014 9:30:44 AM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 21/10/2014 9:30:44 AM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
[ Cisco AnyConnect Network Access Manager Events ]
Error - 23/11/2014 6:23:55 PM | Computer Name = GSGILL | Source = NAMUI | ID = 67115867
Description = 0: GSGILL: Nov 23 2014 17:23:55.110 +0500: %NAMUI-3-ERROR_MSG: %[tid=4132]:
 NAM API (AdapterList): Unexpected multiple mediaTypes in one linkStateNotification
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 136: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4972]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 138: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4972]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 140: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4972]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 142: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4224]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 150: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=5112]:
 Internal error 11, contact software manufacturer
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19/01/2015 8:43:58 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1749 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588340
 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:43:58 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1384 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 19/01/2015 8:43:58 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 777 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
Error - 19/01/2015 8:44:31 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
 1586 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391704
 (0xFE210028) Description: CERTIFICATE_ERROR_VERIFY_SERVERCERT_FAILED_ASKUSER:Server
 certificate verification failed, and the error was an askuser error server name:
 206.47.156.165
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::postConnectProcessing File: .\IPC\SocketTransport.cpp
Line:
 1867 Invoked Function: ::WSAConnect Return Code: 10061 (0x0000274D) Description: No
 connection could be made because the target machine actively refused it.  
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1355 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31588340 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 304 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588340
 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1749 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588340
 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1384 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 777 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
[ Cisco AnyConnect Web Security Module Events ]
Error - 23/11/2014 7:52:47 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006804B0 | Connection : Failed to connect externally.
 Code : 10060
 
Error - 23/11/2014 7:53:03 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006AF468 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:03 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006804B0 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:04 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00682360 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:07 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00682390 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:11 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006823C0 | Connection : Failed to connect to 72.163.1.80:80.
 Code : 10060
 
Error - 23/11/2014 7:53:11 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006823C0 | Connection : Caught exception. Code : 10060
 
 
Error - 23/11/2014 7:53:11 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006823C0 | Connection : Failed to connect externally.
 Code : 10060
 
Error - 23/11/2014 7:53:40 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00631E18 | License : One or more of the License/Public
 Key can't be NULL
 
Error - 23/11/2014 7:53:40 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00631E18 | SSLExt : Failed to get ScanSafe headers
 
[ System Events ]
Error - 19/01/2015 8:24:55 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:34:49 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:35:32 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 19/01/2015 8:37:33 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7000
Description = The globalUpdate Update Service (globalUpdate) service failed to start
 due to the following error:   %%2
 
 
< End of report >


  • 0

#5
infected24

infected24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi, Thanks for the quick response. I've been trying to post this for 20 minutes, pages loading very slow. 3rd attempt, here it is:

 

OTL Extras logfile created on: 19/01/2015 7:46:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Downloads\virusremoval
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 49.18% Memory free
7.23 Gb Paging File | 4.96 Gb Available in Paging File | 68.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 3.32 Gb Free Space | 2.79% Space Free | Partition Type: NTFS
 
Computer Name: GSGILL | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128A33B-274A-4175-9840-611983A9C0E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{05CB9DB6-752B-47AF-B05E-3E743EF88911}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C5D01A8-B073-40DE-9559-F69BDDD5DFE3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{11B6067F-C723-46AD-80C3-0DB3BB91A358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12E41D29-12A3-479D-A047-5FBD04EB246E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{163BF0AE-8F6C-4C1B-9396-0CAC76EC4BEE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20DA0E7A-5C58-4CCE-82F2-90B2B227EE28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2244723D-F79B-4BDE-A062-6DA2ED55D790}" = rport=138 | protocol=17 | dir=out | app=system |
"{248044A5-1859-49E9-A1C8-7758A1C1468C}" = lport=138 | protocol=17 | dir=in | app=system |
"{26F359B0-8773-41F7-8940-5430534395C8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{58484FEA-3568-4C29-9696-6C5CA81D1C2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59BCF530-A8CD-421E-8BE4-A3C13C9721FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{61F1AFC2-6843-431D-8C9E-77326083B861}" = lport=445 | protocol=6 | dir=in | app=system |
"{7221C8CB-DFCA-4FB6-BD41-ED6443966E10}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7590E663-4BC3-43BF-8256-E72F98F64754}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9082C048-ABAC-403A-A359-4FDEEAF7F43D}" = rport=137 | protocol=17 | dir=out | app=system |
"{A2776E87-588F-45F5-90E5-ABF9B51E9BD4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B902AD28-EE15-4215-828C-F02710B198BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF61930D-A678-4E6D-B0A9-03EBEC4D7BB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF7A48AE-3B41-4AE6-90DB-FEA94E3B6C31}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D24C9BF1-7883-4C71-A92B-F9B7FFF2DA70}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6A7CC4F-D086-47A4-8AEF-7185A2E7D24F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC858822-4EE8-409E-B59F-C69C9645CBCE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07ACC75A-5C04-4910-8926-14E124E24BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{0B56EE01-EC03-4B64-86AE-576B3A7642D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{15D55F78-9853-469C-B6A5-AE03362D424F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{1747A6BC-5C9F-4D11-B4AA-D36CF2D8F79A}" = protocol=58 | dir=out | [email protected],-28546 |
"{24DB7DB4-4F9F-4BF2-8299-FBFBA3CAC3C5}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\slm287x\scnsearch\usdagent.exe |
"{35EEACF6-7218-4BCE-9B91-0F2CFFE34773}" = protocol=17 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{3644FC16-541A-4F87-8EC0-3570729AFEDA}" = protocol=6 | dir=out | app=system |
"{3E5B7B9F-8846-4227-8973-9F98BDDA79B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46BCA239-8DEE-4788-8AF9-D7022E06DAF2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{4C172997-6C79-4D3A-BE3A-D1386F3E2256}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4D545DF1-3E8B-47D3-959A-E627C49F6229}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{59D6686F-8BEF-4912-B5FB-57CC9A103CA0}" = protocol=1 | dir=out | [email protected],-28544 |
"{5D644C3B-B94F-49A6-9434-63B994017EBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6588A297-9AB4-448F-B208-EB86BE2097F7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{67EEE3F2-388D-4261-BDD5-621C048F0FB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6A3C144C-3ACD-47F7-A1F4-0F502DBB7E54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6CD77FF0-71AB-4BBE-8869-3EC161F87F96}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{840E6C6A-5323-42AB-9133-F5E2BE747DDE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8BAB4D6F-509A-45F6-AC56-CCAC36A97455}" = protocol=6 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{8E355B30-260B-4E1D-BCB6-6C8BCC33D65D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe |
"{8E3DF9D6-9453-4448-90C5-148DD39F0FF4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90B02FB8-1B9F-41CA-8609-523E26D2A2F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97F1E70A-D1D0-432C-8BFA-59D6D513D299}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{A3930F29-318A-45ED-945D-937088344E71}" = protocol=17 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{A51C4772-2FEA-4CE3-AA44-47F2733EF1D5}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{A6C521FB-8BF3-475C-A100-CA032D7E3A48}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{A902D064-545C-4D0C-BF26-14C644F5096E}" = protocol=1 | dir=in | [email protected],-28543 |
"{AC2422B0-06D1-42E5-8777-6E928473AF11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B381FE10-2D43-4C39-B86E-AD6FDAD65A33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1537068-57D1-4EFC-8E36-306EDFE9E02C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB5FBCED-6134-458E-B81A-6D089C82AE8E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe |
"{CC30219D-037B-4971-98BC-82EF0A8EA283}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE1F6E3-4E65-40AE-8F33-E00F0457412A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D50212C9-106E-4F7A-ACEE-FFAA6681A08D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9D642DC-F199-47D9-9975-404634250168}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{DAF9E200-A4DD-4DA4-8B89-D7AC9C3C6A26}" = protocol=58 | dir=in | [email protected],-28545 |
"{DB6BAC94-7FE9-4014-8954-3B69914EA42C}" = protocol=6 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe |
"{E20C386D-C005-4C7F-8CEE-EA3CEDF16428}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\slm287x\scnsearch\usdagent.exe |
"{E239CDFD-45E2-446B-A104-BAE8FD15A12A}" = dir=in | app=d:\setup.exe |
"{E5747608-C995-425C-A79A-15858BF6C184}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8C203AD-BDAE-432F-A51F-E2FFE52B5CB0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{E9395C88-3180-438D-A9A9-0C74C276316F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{E9C756CB-3FEB-4E78-A229-E8F7ECB4F76E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7BBD826-1465-48EA-ACE3-9880B01EB297}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{F8800080-684E-49E5-875B-E14BCEBA9D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{FDBA547E-8E2E-4BE1-A783-A52E47DAFE93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEB64A3C-9AF6-4A89-9317-524C630234F9}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"TCP Query User{BE785E78-885C-4167-A42C-C6EC7CBD8600}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe |
"UDP Query User{B31EBB86-6965-4281-91EF-3884B400FC40}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel® Smart Connect Technology 2.0 x64
"1BB1D7EBACC1BCD1A82C621E1E0BC9B313978951" = Windows Driver Package - Realtek Semiconduct Corp. (RSP2STOR) MTD  (05/27/2013 6.2.9200.29065)
"CA4C707033E6E6839178C28396E96859A3F62C5A" = Windows Driver Package - Intel (ISCT) System  (11/19/2012 1.0.8.0)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010F1EA0-301A-415C-8720-4DF374A810AC}" = GWL Illustrator Config
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04956D2A-B448-4031-89B3-2233199BEDE3}" = Manulife - Level Gold Investment Account - MLLG
"{069B9E08-FF56-45FB-896A-0D7DA894D906}" = Interface
"{0F1D290F-2EF5-4A39-8882-1B28E4B0E421}" = Manulife - Launcher
"{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}" = Manulife - Synergy / Manuvie - Synergie
"{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}" = Manulife - Insure Right / Manuvie - Bien s'assurer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D94A366-64BF-48A1-B86E-BA476C6B616D}" = GWL Illustrator
"{1FB0C2BE-F1C8-4468-A869-BD16A1D11635}" = Interface
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2AE741C4-8076-4FD4-905E-EB2D22389397}" = Interface
"{308FB486-5CAE-4E6E-893D-D63B080148CD}" = Manulife - Term
"{31E7ACDD-E3E1-4F62-BF05-BDB7F06CFBC3}" = Manulife Financial - Health and Dental
"{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update
"{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}" = Manulife - Concepts
"{43FC59FF-0EBF-43D6-8E97-CDE47F1CCE4F}" = GWL Illustrator Par
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF2CAE2-CEC4-4D44-8B6A-569397447B8A}" = Manulife - YRT Gold Investment Account - MLYG
"{5D95EE8F-0063-4239-8B12-DF3BD6E5E775}" = Interface Suite - Industrial Alliance
"{64B54493-BC68-4D6F-B9EB-214E74CC0647}" = Concourse 1.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{70867522-4CC7-4BAD-8EBC-048B18807D4D}" = Manulife - Concept slideshows
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73CE5546-7C57-4A6C-8E57-FC1DE455677C}" = GWL Illustrator Term Config
"{73FB74CA-65C1-45EA-BA04-610679B88DB8}" = Interface
"{7BB2FA8A-3928-47E1-8134-69788367EA8E}" = GWL Illustrator Par Config
"{7C222DD9-097A-4E53-B8BD-883B68D9537A}" = Cisco AnyConnect Secure Mobility Client
"{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}" = MSXML
"{8584238F-0A65-4C3C-A418-99AA83D6AE29}" = RESPXpress
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{956BE19D-1540-4B0E-B3FA-855BD4AC0DC8}" = FNCInstaller
"{95A6F1EB-281E-4613-A7B6-56515A9972C0}" = Manulife - Universal Life
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1A9956A-56A2-4933-A4F0-CC236790CC29}" = Diamond View Launcher
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator
"{BDE84496-A26C-4575-BD6C-6FD04CA852D2}" = Adobe Acrobat Reader 7.03
"{C45C544E-5047-11D9-8216-00B0D075DF5C}" = Diamond View Launcher
"{CDB131D2-E9C0-40E2-9D9E-4E1ADB1B1820}" = Canada Life Reference Material 14.3
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}" = Manulife - Personal Accident/Personal Accident
"{E6D6B0DB-6D17-4DFC-B5B3-E9DB7861EB7F}" = ZoomExpressKeyView14.3
"{E96C8E3B-C2A8-4DCF-BD5D-AEEBBB55EB7A}" = Interface
"{EC40A6DF-F660-4FD7-ACA5-20D98B032124}" = GWL Illustrator Term
"{F04F0485-8587-4EE6-9693-29F0ABFD26F1}" = Manulife - Living Benefits
"{F094278F-F192-4AA4-A918-9405B8620859}" = CL Sales Strategies 11.3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F153B63A-2894-471E-857E-A64550B03F77}" = Concourse 2.3 - Content
"{F746658F-170C-41F0-AD5B-DFFB74833AF8}" = Manulife - Performax Gold - Performax Or - MLPG
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Afaria Client" = Afaria Client
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Easy Wireless Setup" = Samsung Easy Wireless Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GeniusBox" = GeniusBox 2.0
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Samsung Easy Document Creator" = Samsung Easy Document Creator
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung M267x 287x Series" = Samsung M267x 287x Series
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Scan Process Machine" = Samsung Scan Process Machine
"View User Guide" = View User's Guide
"wincheck" = WinCheck
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20/10/2014 12:16:50 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 12:16:50 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 12:16:51 PM | Computer Name = GSGILL | Source = WinMgmt | ID = 10
Description =
 
Error - 20/10/2014 6:02:38 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 6:02:38 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 6:02:38 PM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 20/10/2014 6:02:39 PM | Computer Name = GSGILL | Source = WinMgmt | ID = 10
Description =
 
Error - 21/10/2014 9:30:44 AM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 21/10/2014 9:30:44 AM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 21/10/2014 9:30:44 AM | Computer Name = GSGILL | Source = ISCT Agent | ID = 1003
Description =
 
[ Cisco AnyConnect Network Access Manager Events ]
Error - 23/11/2014 6:23:55 PM | Computer Name = GSGILL | Source = NAMUI | ID = 67115867
Description = 0: GSGILL: Nov 23 2014 17:23:55.110 +0500: %NAMUI-3-ERROR_MSG: %[tid=4132]:
 NAM API (AdapterList): Unexpected multiple mediaTypes in one linkStateNotification
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 136: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4972]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 138: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4972]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 140: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4972]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 142: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=4224]:
 Internal error 11, contact software manufacturer
 
Error - 23/11/2014 7:51:46 PM | Computer Name = GSGILL | Source = NAM | ID = 67115867
Description = 150: GSGILL: Nov 23 2014 18:51:46.393 +0500: %NAM-3-ERROR_MSG: %[tid=5112]:
 Internal error 11, contact software manufacturer
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19/01/2015 8:43:58 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1749 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588340
 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:43:58 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1384 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 19/01/2015 8:43:58 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 777 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
Error - 19/01/2015 8:44:31 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
 1586 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391704
 (0xFE210028) Description: CERTIFICATE_ERROR_VERIFY_SERVERCERT_FAILED_ASKUSER:Server
 certificate verification failed, and the error was an askuser error server name:
 206.47.156.165
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::postConnectProcessing File: .\IPC\SocketTransport.cpp
Line:
 1867 Invoked Function: ::WSAConnect Return Code: 10061 (0x0000274D) Description: No
 connection could be made because the target machine actively refused it.  
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1355 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31588340 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 304 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588340
 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1749 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588340
 (0xFE1E000C) Description: SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1384 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 19/01/2015 8:44:32 PM | Computer Name = GSGILL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 777 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
[ Cisco AnyConnect Web Security Module Events ]
Error - 23/11/2014 7:52:47 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006804B0 | Connection : Failed to connect externally.
 Code : 10060
 
Error - 23/11/2014 7:53:03 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006AF468 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:03 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006804B0 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:04 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00682360 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:07 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00682390 | Connection : GetHashSHA256 error 299
 
Error - 23/11/2014 7:53:11 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006823C0 | Connection : Failed to connect to 72.163.1.80:80.
 Code : 10060
 
Error - 23/11/2014 7:53:11 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006823C0 | Connection : Caught exception. Code : 10060
 
 
Error - 23/11/2014 7:53:11 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 006823C0 | Connection : Failed to connect externally.
 Code : 10060
 
Error - 23/11/2014 7:53:40 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00631E18 | License : One or more of the License/Public
 Key can't be NULL
 
Error - 23/11/2014 7:53:40 PM | Computer Name = GSGILL | Source = acwebsecagent | ID = 67174656
Description = ERR | Thread 00631E18 | SSLExt : Failed to get ScanSafe headers
 
[ System Events ]
Error - 19/01/2015 8:24:55 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:24:56 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:34:49 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 19/01/2015 8:35:32 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 19/01/2015 8:37:33 PM | Computer Name = GSGILL | Source = Service Control Manager | ID = 7000
Description = The globalUpdate Update Service (globalUpdate) service failed to start
 due to the following error:   %%2
 
 
< End of report >


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. Please read the following and we'll get you cleaned up.
 
 
 
 
Hi. My name is Brian, and I would be happy to look into your issue.
  


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
 
 
 
 
Let's get started. Can I first see the Malwarebytes log before providing a fix?
 
Step#1 - Retrieve Malwarebytes Log
 
1. Open up the Malwarebytes program again. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Put a check mark next to Scan Log as shown in the picture below.
5. Click the view button as shown in the picture below.
GetLog.JPG


  • 0

#7
infected24

infected24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello,

 

Thank you very much for your response.  As requested, here is a copy of the 2 Scan Log files from the Malwarebytes Anti-Malware:

 

1st SCAN LOG:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19/01/2015
Scan Time: 7:14:41 PM
Logfile: scan log 1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.19.16
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 53074
Time Elapsed: 5 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 5
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe, 2020, Delete-on-Reboot, [45071adf47426ec8480fd726a16058a8]
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe, 1268, Delete-on-Reboot, [3f0da257ea9faa8ccb8cc538aa579d63]
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, 2284, Delete-on-Reboot, [b29a9960b1d8f24425c0e0cf49b89b65]
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-6.exe, 3248, Delete-on-Reboot, [4dff08f1236685b171ed438dd431e020]
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-bg.exe, 4228, Delete-on-Reboot, [7fcd8475c5c40333f668448c63a29868]

Modules: 0
(No malicious items detected)

Registry Keys: 37
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Cyti Web, Quarantined, [45071adf47426ec8480fd726a16058a8],
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Cyti Web, Quarantined, [3f0da257ea9faa8ccb8cc538aa579d63],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [b29a9960b1d8f24425c0e0cf49b89b65],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644904461}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655905561}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666906661}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655905561}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666906661}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644904461}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.BHO.1, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.BHO, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.BHO, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.BHO.1, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622902261}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.Sandbox.1, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.Sandbox, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.Sandbox, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.Sandbox.1, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622902261}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611901161}\INPROCSERVER32, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [c18b5e9b15747db9e06dfa2d11f242be],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [c18b5e9b15747db9e06dfa2d11f242be],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{aa2fac44-d24d-4fed-9e32-397d138365f1}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4B030CAE-5396-4E8D-B29F-0BC3213AB606}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A30B13F5-3743-428A-A1FA-6F001D36CC4A}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A30B13F5-3743-428A-A1FA-6F001D36CC4A}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4B030CAE-5396-4E8D-B29F-0BC3213AB606}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [f65653a62861b87e8f6032bbc53d1ee2],

Registry Values: 0
(No malicious items detected)

Registry Data: 2
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll),Replaced,[a2aa30c910797cbaa540654aaa577a86]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll),Replaced,[c9831edb2a5f6dc9984da30c3bc6946c]

Folders: 0
(No malicious items detected)

Files: 29
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe, Delete-on-Reboot, [45071adf47426ec8480fd726a16058a8],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe, Delete-on-Reboot, [3f0da257ea9faa8ccb8cc538aa579d63],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Delete-on-Reboot, [b29a9960b1d8f24425c0e0cf49b89b65],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Delete-on-Reboot, [aca0e91005840a2c17ce248b05fc44bc],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-6.exe, Delete-on-Reboot, [4dff08f1236685b171ed438dd431e020],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Delete-on-Reboot, [0745956434553bfbac391699f30e25db],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-bg.exe, Delete-on-Reboot, [7fcd8475c5c40333f668448c63a29868],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, Delete-on-Reboot, [a2aa30c910797cbaa540654aaa577a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, Delete-on-Reboot, [c9831edb2a5f6dc9984da30c3bc6946c],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-bho64.dll, Delete-on-Reboot, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-bho.dll, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\CytiWebbho.dll, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CrossRider.A, C:\Users\owner\AppData\Roaming\LHHBL.exe, Quarantined, [400c58a1cbbe3df9c39b349c0500b14f],
PUP.Optional.CrossRider.A, C:\Users\owner\AppData\Roaming\WZMOWX.exe, Quarantined, [91bbe21795f48bab2539bc146f96c33d],
PUP.Optional.Nova.A, C:\Program Files (x86)\819a0e1c-3061-4a00-b044-57e630e24ac8\617e305a-a7e3-422e-9421-7b2dea222166.dll, Quarantined, [ef5d9168d1b84fe7a99e28db36cc5ca4],
PUP.Optional.Nova.A, C:\Program Files (x86)\Adobe\bbe6fb49-7649-4fd9-a3e2-88ca666bb02e.dll, Quarantined, [6be142b72069b1852e196c9733cf42be],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-64.exe, Quarantined, [084448b1a8e1171f104ebc141ce94db3],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-10.exe, Quarantined, [dc70f1086e1bb97d9bc3953be91c29d7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-2.exe, Quarantined, [57f57287424794a2e07e69671fe616ea],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-3.exe, Quarantined, [4b018277a7e2c76ffa64953b6e9704fc],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-4.exe, Quarantined, [c389ee0b8dfc8bab68f6854bba4bd729],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-5.exe, Quarantined, [0844c138aadf03337ae47759fe07ab55],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-7.exe, Quarantined, [fc502ecbd2b7ed49085630a0cf3659a7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-codedownloader.exe, Quarantined, [2c2006f34a3ff5411b43d3fd56afab55],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\utils.exe, Quarantined, [82cafffa7a0fca6c055d0b41e21e17e9],
PUP.Optional.ClientConnect, C:\$Recycle.Bin\S-1-5-21-119208243-2725590792-2346737686-1000\$RZADOVP.exe, Quarantined, [78d45c9ddfaa02348647cef47f8229d7],
Trojan.Dropper.NS, C:\$Recycle.Bin\S-1-5-21-119208243-2725590792-2346737686-1000\$RE2ZP88.exe, Quarantined, [aaa219e01970dd592ba010fefb0732ce],
Trojan.Downloader.Upatre, C:\Users\owner\AppData\Local\Temp\cohhost.exe, Quarantined, [0c4031c8fe8bf14551671e7344bd1de3],
PUP.Optional.SearchProtect.A, C:\Users\owner\AppData\Local\Temp\SPINT-G.exe, Quarantined, [1d2fce2bb5d49a9c70430d977f82738d],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

2nd SCAN LOG:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19/01/2015
Scan Time: 7:14:41 PM
Logfile: scan log 2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.19.16
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 53074
Time Elapsed: 5 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 5
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe, 2020, Delete-on-Reboot, [45071adf47426ec8480fd726a16058a8]
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe, 1268, Delete-on-Reboot, [3f0da257ea9faa8ccb8cc538aa579d63]
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, 2284, Delete-on-Reboot, [b29a9960b1d8f24425c0e0cf49b89b65]
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-6.exe, 3248, Delete-on-Reboot, [4dff08f1236685b171ed438dd431e020]
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-bg.exe, 4228, Delete-on-Reboot, [7fcd8475c5c40333f668448c63a29868]

Modules: 0
(No malicious items detected)

Registry Keys: 37
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Cyti Web, Quarantined, [45071adf47426ec8480fd726a16058a8],
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Cyti Web, Quarantined, [3f0da257ea9faa8ccb8cc538aa579d63],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [b29a9960b1d8f24425c0e0cf49b89b65],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644904461}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655905561}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666906661}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655905561}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666906661}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644904461}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.BHO.1, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.BHO, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.BHO, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.BHO.1, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611901161}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622902261}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.Sandbox.1, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.Sandbox, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.Sandbox, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\4ce52bb2ec374d3c8814e9633e4ff8bc0069061.Sandbox.1, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622902261}, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611901161}\INPROCSERVER32, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [c18b5e9b15747db9e06dfa2d11f242be],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [c18b5e9b15747db9e06dfa2d11f242be],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{aa2fac44-d24d-4fed-9e32-397d138365f1}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4B030CAE-5396-4E8D-B29F-0BC3213AB606}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A30B13F5-3743-428A-A1FA-6F001D36CC4A}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A30B13F5-3743-428A-A1FA-6F001D36CC4A}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4B030CAE-5396-4E8D-B29F-0BC3213AB606}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CytiWeb.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-119208243-2725590792-2346737686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [f65653a62861b87e8f6032bbc53d1ee2],

Registry Values: 0
(No malicious items detected)

Registry Data: 2
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll),Replaced,[a2aa30c910797cbaa540654aaa577a86]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll),Replaced,[c9831edb2a5f6dc9984da30c3bc6946c]

Folders: 0
(No malicious items detected)

Files: 29
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe, Delete-on-Reboot, [45071adf47426ec8480fd726a16058a8],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe, Delete-on-Reboot, [3f0da257ea9faa8ccb8cc538aa579d63],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Delete-on-Reboot, [b29a9960b1d8f24425c0e0cf49b89b65],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Delete-on-Reboot, [aca0e91005840a2c17ce248b05fc44bc],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-6.exe, Delete-on-Reboot, [4dff08f1236685b171ed438dd431e020],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Delete-on-Reboot, [0745956434553bfbac391699f30e25db],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-bg.exe, Delete-on-Reboot, [7fcd8475c5c40333f668448c63a29868],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, Delete-on-Reboot, [a2aa30c910797cbaa540654aaa577a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, Delete-on-Reboot, [c9831edb2a5f6dc9984da30c3bc6946c],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-bho64.dll, Delete-on-Reboot, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-bho.dll, Quarantined, [fb518574a1e8d660015d626e8f761ce4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\CytiWebbho.dll, Quarantined, [5af29564fd8ce6506a656c7d11f1b749],
PUP.Optional.CrossRider.A, C:\Users\owner\AppData\Roaming\LHHBL.exe, Quarantined, [400c58a1cbbe3df9c39b349c0500b14f],
PUP.Optional.CrossRider.A, C:\Users\owner\AppData\Roaming\WZMOWX.exe, Quarantined, [91bbe21795f48bab2539bc146f96c33d],
PUP.Optional.Nova.A, C:\Program Files (x86)\819a0e1c-3061-4a00-b044-57e630e24ac8\617e305a-a7e3-422e-9421-7b2dea222166.dll, Quarantined, [ef5d9168d1b84fe7a99e28db36cc5ca4],
PUP.Optional.Nova.A, C:\Program Files (x86)\Adobe\bbe6fb49-7649-4fd9-a3e2-88ca666bb02e.dll, Quarantined, [6be142b72069b1852e196c9733cf42be],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-64.exe, Quarantined, [084448b1a8e1171f104ebc141ce94db3],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-10.exe, Quarantined, [dc70f1086e1bb97d9bc3953be91c29d7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-2.exe, Quarantined, [57f57287424794a2e07e69671fe616ea],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-3.exe, Quarantined, [4b018277a7e2c76ffa64953b6e9704fc],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-4.exe, Quarantined, [c389ee0b8dfc8bab68f6854bba4bd729],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-5.exe, Quarantined, [0844c138aadf03337ae47759fe07ab55],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\da1eb969-1232-4912-9efc-cbb21be64a86-7.exe, Quarantined, [fc502ecbd2b7ed49085630a0cf3659a7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\HQCinema Pro 2.1V19.01-codedownloader.exe, Quarantined, [2c2006f34a3ff5411b43d3fd56afab55],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQCinema Pro 2.1V19.01\utils.exe, Quarantined, [82cafffa7a0fca6c055d0b41e21e17e9],
PUP.Optional.ClientConnect, C:\$Recycle.Bin\S-1-5-21-119208243-2725590792-2346737686-1000\$RZADOVP.exe, Quarantined, [78d45c9ddfaa02348647cef47f8229d7],
Trojan.Dropper.NS, C:\$Recycle.Bin\S-1-5-21-119208243-2725590792-2346737686-1000\$RE2ZP88.exe, Quarantined, [aaa219e01970dd592ba010fefb0732ce],
Trojan.Downloader.Upatre, C:\Users\owner\AppData\Local\Temp\cohhost.exe, Quarantined, [0c4031c8fe8bf14551671e7344bd1de3],
PUP.Optional.SearchProtect.A, C:\Users\owner\AppData\Local\Temp\SPINT-G.exe, Quarantined, [1d2fce2bb5d49a9c70430d977f82738d],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Thank you again for all of your help in advance!


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks. Please do the following.

 

 

Step#1 - Warnings

 

Low on Disk Space
Your C:\ drive is very low on space. It has about 2.79% percent free disk space. This can adversely affect the performance of your computer. It's recommended to have at least 15% free disk space so that tools such as the automated defragger can keep your drive optimized. I would recommend that you move any personal files, like pictures, music, video and any really large data files to removable media such as a thumb drive or a CD/DVD before we begin. If you want to run the fixes anyway you can do so but just be aware that you may end up having to clear the disk space in order to get them to run completely.

 

Step#2 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
 

McAfee Security Scan Plus
Java 7 Update 25
GeniusBox 2.0
WinCheck

 

 

Step#3 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 
 

:Commands
[CreateRestorePoint]

 

:OTL
PRC - [2015/01/15 15:06:21 | 001,845,472 | ---- | M] () -- C:\Users\owner\AppData\Local\GeniusBox\Client.exe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49172;https=127.0.0.1:49172;
FF - prefs.js..extensions.enabledAddons: c6d10446ffd84587ac59c8230189%40815dffea895e418f9d9fd8cf.com:0.95.29
FF - prefs.js..extensions.enabledAddons: %7B921265c3-88e5-40e1-8d74-df5314572900%7D:1.0.1
[2015/01/19 12:26:36 | 000,007,339 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\ka5qcham.default\extensions\{921265c3-88e5-40e1-8d74-df5314572900}.xpi
File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KA5QCHAM.DEFAULT\EXTENSIONS\[email protected]
O4 - HKLM..\Run: [WinCheck] C:\Users\owner\AppData\Local\wincheck\wincheck.exe File not found
[2015/01/19 14:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\819a0e1c-3061-4a00-b044-57e630e24ac8
[2015/01/19 14:28:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\globalUpdate
[2015/01/19 14:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2015/01/19 19:35:44 | 000,001,338 | ---- | M] () -- C:\Windows\tasks\WZMOWX.job
[2015/01/19 19:35:44 | 000,001,336 | ---- | M] () -- C:\Windows\tasks\LHHBL.job
[2015/01/19 14:31:47 | 000,000,064 | ---- | M] () -- C:\Users\owner\AppData\Local\76ae5db4606a5d3af500eff5effa28a5
[2014/09/01 03:18:44 | 000,002,086 | ---- | C] () -- C:\Users\owner\AppData\Roaming\LHHBL
[2014/09/01 03:18:44 | 000,001,248 | ---- | C] () -- C:\Users\owner\AppData\Roaming\WZMOWX
[2014/08/09 18:07:54 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\{CB6E24F7-5FED-40B8-95B3-3A9380602899}

 

:Files
C:\Users\owner\AppData\Local\GeniusBox
C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KA5QCHAM.DEFAULT\EXTENSIONS\[email protected]
C:\Users\owner\AppData\Local\wincheck
C:\Users\owner\AppData\Local\Pro_PC_Cleaner
c:\users\owner\appdata\local\temp\cyofbo

 

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{BE785E78-885C-4167-A42C-C6EC7CBD8600}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe"=-
"UDP Query User{B31EBB86-6965-4281-91EF-3884B400FC40}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe"=-

 

:Commands
[EmptyTemp]

 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#5 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

 

 

Items for your next post

1. OTL Fix Log

2. AdwCleaner Log

3. FRST and Addition logs
 


  • 0

#9
infected24

infected24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello,
 
So I freed up some space on the drive, uninstalled the four programs, and performed the scans using the 3 tools. Here are the logs:
 
OTL:
 
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named Client.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: c6d10446ffd84587ac59c8230189%40815dffea895e418f9d9fd8cf.com:0.95.29 removed from extensions.enabledAddons
Prefs.js: %7B921265c3-88e5-40e1-8d74-df5314572900%7D:1.0.1 removed from extensions.enabledAddons
C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\ka5qcham.default\extensions\{921265c3-88e5-40e1-8d74-df5314572900}.xpi moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinCheck not found.
C:\Program Files (x86)\819a0e1c-3061-4a00-b044-57e630e24ac8 folder moved successfully.
C:\Users\owner\AppData\Local\globalUpdate\CrashReports folder moved successfully.
C:\Users\owner\AppData\Local\globalUpdate folder moved successfully.
C:\Program Files (x86)\globalUpdate\CrashReports folder moved successfully.
C:\Program Files (x86)\globalUpdate folder moved successfully.
C:\Windows\Tasks\WZMOWX.job moved successfully.
C:\Windows\Tasks\LHHBL.job moved successfully.
C:\Users\owner\AppData\Local\76ae5db4606a5d3af500eff5effa28a5 moved successfully.
C:\Users\owner\AppData\Roaming\LHHBL moved successfully.
C:\Users\owner\AppData\Roaming\WZMOWX moved successfully.
C:\Users\owner\AppData\Local\{CB6E24F7-5FED-40B8-95B3-3A9380602899} moved successfully.
========== FILES ==========
File\Folder C:\Users\owner\AppData\Local\GeniusBox not found.
File\Folder C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KA5QCHAM.DEFAULT\EXTENSIONS\[email protected] not found.
File\Folder C:\Users\owner\AppData\Local\wincheck not found.
C:\Users\owner\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_twd2ze3eaqaiwzlxig5riiby3fd4fyue\2.5.5.0 folder moved successfully.
C:\Users\owner\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_twd2ze3eaqaiwzlxig5riiby3fd4fyue folder moved successfully.
C:\Users\owner\AppData\Local\Pro_PC_Cleaner folder moved successfully.
c:\users\owner\appdata\local\temp\Cyofbo folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BE785E78-885C-4167-A42C-C6EC7CBD8600}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B31EBB86-6965-4281-91EF-3884B400FC40}C:\users\owner\appdata\local\temp\cyofbo\yrvuor.exe deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: owner
->Temp folder emptied: 1575375078 bytes
->Temporary Internet Files folder emptied: 261562443 bytes
->Java cache emptied: 423694 bytes
->FireFox cache emptied: 19333035 bytes
->Google Chrome cache emptied: 21565158 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 294336 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 343497182 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 28290571 bytes
RecycleBin emptied: 109975401 bytes
 
Total Files Cleaned = 2,251.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01202015_180426
Files\Folders moved on Reboot...
C:\Users\owner\AppData\Local\Temp\TeamViewer\tv_x64.dll moved successfully.
C:\Users\owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\owner\AppData\Local\Temp\~DF0CBA1A1D03085E21.TMP not found!
File\Folder C:\Users\owner\AppData\Local\Temp\~DF2F94BA4A0143BD72.TMP not found!
File\Folder C:\Users\owner\AppData\Local\Temp\~DF93E67BDF8290F331.TMP not found!
File\Folder C:\Users\owner\AppData\Local\Temp\~DFA30B3F04313EE4DF.TMP not found!
File\Folder C:\Users\owner\AppData\Local\Temp\~DFD9D76956B0EED541.TMP not found!
File\Folder C:\Users\owner\AppData\Local\Temp\~DFED537D1B29E1D34D.TMP not found!
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S5I3RQ2F\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S5I3RQ2F\nQhiC-wSiJx0pvEuJl8d8A[1].eot moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBUN21C3\sf_postLocalStorage[1].htm moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q11B8TFQ\RjgO7rYTmqiVp7vzi-Q5UfY6323mHUZFJMgTvxaG2iE[3].eot moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q11B8TFQ\userData[1].htm moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\970CTUFV\register_server_layer[1].htm moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0KTD1FZU\server_layer[1].htm moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
C:\Windows\temp\wbxtra_01202015_174935.wbt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
 
Adwcleaner:
 
 
# AdwCleaner v4.108 - Report created 20/01/2015 at 18:17:10
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : owner - GSGILL
# Running from : C:\Users\owner\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default\user.js
File Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7601.18667

-\\ Mozilla Firefox v31.0 (x86 en-US)

-\\ Google Chrome v39.0.2171.99
[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323886&octid=EB_ORIGINAL_CTID&ISID=M156D227A-B6F3-4869-A2E3-D78FFB3E96BD&SearchSource=58&CUI=&UM=8&UP=SPFF0B8D81-4902-4EE9-A46D-5736EF79CC0F&q={searchTerms}&SSPV=
[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323886&octid=EB_ORIGINAL_CTID&ISID=M156D227A-B6F3-4869-A2E3-D78FFB3E96BD&SearchSource=58&CUI=&UM=8&UP=SPFF0B8D81-4902-4EE9-A46D-5736EF79CC0F&q={searchTerms}&SSPV=
*************************
AdwCleaner[R0].txt - [6435 octets] - [20/01/2015 18:14:10]
AdwCleaner[S0].txt - [6343 octets] - [20/01/2015 18:17:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6403 octets] ##########
 
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by owner (administrator) on GSGILL on 20-01-2015 18:22:48
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available profiles: owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Sybase, Inc.) C:\Program Files (x86)\AClient\Bin\XeService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Sybase, Inc.) C:\Program Files (x86)\AClient\Bin\XcListener.exe
(Sybase, Inc.) C:\Program Files (x86)\AClient\Bin\XCDiffCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(TeamViewer GmbH) C:\Users\owner\AppData\Local\Temp\TeamViewer\TeamViewer_Service_2015-01-20-18-19-03.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(TeamViewer GmbH) C:\Users\owner\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Users\owner\AppData\Local\Temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Users\owner\AppData\Local\Temp\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Users\owner\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-03-26] (Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-04] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [DiamondView] => "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
HKU\S-1-5-20\...\Run: [DiamondView] => "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
HKU\S-1-5-21-119208243-2725590792-2346737686-1000\...\Run: [DiamondView] => C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe [956408 2014-06-19] (Manulife Financial)
HKU\S-1-5-18\...\Run: [DiamondView] => "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-119208243-2725590792-2346737686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rbc.com/canada.html
HKU\S-1-5-21-119208243-2725590792-2346737686-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-119208243-2725590792-2346737686-1000 -> DefaultScope {88FF29BE-E3B7-4A2F-8B67-5B62E78E057D} URL = http://www.google.co...earchTerms}=
SearchScopes: HKU\S-1-5-21-119208243-2725590792-2346737686-1000 -> {88FF29BE-E3B7-4A2F-8B67-5B62E78E057D} URL = http://www.google.co...earchTerms}=
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://appliedsyste...rt/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default\extensions\{921265c3-88e5-40e1-8d74-df5314572900}.xpi [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323886&octid=EB_ORIGINAL_CTID&ISID=M156D227A-B6F3-4869-A2E3-D78FFB3E96BD&SearchSource=55&CUI=&UM=8&UP=SPFF0B8D81-4902-4EE9-A46D-5736EF79CC0F&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323886&octid=EB_ORIGINAL_CTID&ISID=M156D227A-B6F3-4869-A2E3-D78FFB3E96BD&SearchSource=55&CUI=&UM=8&UP=SPFF0B8D81-4902-4EE9-A46D-5736EF79CC0F&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.co...79CC0F&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.secci...ix={searchTerms}
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]
CHR Extension: (Cyti Web) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekmcmfmgcfmahepmlihdogclgaepcpn [2015-01-19]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Afaria Client Service; C:\Program Files (x86)\AClient\Bin\XeService.exe [239104 2009-11-02] (Sybase, Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [503344 2013-01-14] (Samsung Electronics Co., Ltd.)
R2 TeamViewer; c:\users\owner\appdata\local\temp\teamviewer\TeamViewer_Service.exe [4428048 2014-12-15] (TeamViewer GmbH)
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800 2010-07-23] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [288840 2013-05-27] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-20] ()
S3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 18:22 - 2015-01-20 18:23 - 00015563 _____ () C:\Users\owner\Desktop\FRST.txt
2015-01-20 18:22 - 2015-01-20 18:22 - 02126848 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2015-01-20 18:22 - 2015-01-20 18:22 - 00000000 ____D () C:\FRST
2015-01-20 18:18 - 2015-01-20 18:18 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-01-20 18:13 - 2015-01-20 18:17 - 00000000 ____D () C:\AdwCleaner
2015-01-20 18:12 - 2015-01-20 18:12 - 02186752 _____ () C:\Users\owner\Desktop\AdwCleaner.exe
2015-01-20 18:04 - 2015-01-20 18:04 - 00000000 ____D () C:\_OTL
2015-01-20 17:55 - 2015-01-20 17:55 - 00000000 ____D () C:\Users\owner\AppData\Roaming\TeamViewer
2015-01-19 19:45 - 2015-01-20 17:54 - 00000000 ____D () C:\Users\owner\Downloads\virusremoval
2015-01-19 19:24 - 2015-01-19 19:24 - 00000000 ____D () C:\Windows\pss
2015-01-19 19:13 - 2015-01-20 18:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 19:12 - 2015-01-19 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 19:12 - 2015-01-19 19:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 19:12 - 2015-01-19 19:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 19:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 19:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-19 19:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-19 19:11 - 2015-01-19 19:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-19 18:48 - 2015-01-20 11:47 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-19 14:32 - 2015-01-19 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
2015-01-19 14:30 - 2015-01-19 15:02 - 00000000 ____D () C:\Users\owner\Documents\ProPCCleaner
2015-01-19 14:29 - 2015-01-19 14:29 - 00004360 _____ () C:\Windows\System32\Tasks\WZMOWX
2015-01-19 14:29 - 2015-01-19 14:29 - 00004358 _____ () C:\Windows\System32\Tasks\LHHBL
2015-01-16 03:00 - 2015-01-16 03:00 - 00000000 ____D () C:\3b2defc90b763c7a8ee52339
2015-01-15 08:07 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 08:07 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 08:07 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 08:07 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 08:07 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 08:07 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 08:07 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 08:07 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 08:07 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 08:07 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 09:20 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:20 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:20 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-03 21:37 - 2015-01-03 21:37 - 04895229 _____ () C:\Users\owner\Documents\GCFBCKUP [email protected]@@
2014-12-24 04:10 - 2014-12-24 04:10 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 18:21 - 2013-08-01 14:01 - 01563516 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 18:18 - 2014-06-07 21:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 18:18 - 2013-08-07 13:56 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-01-20 18:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 18:18 - 2009-07-13 23:51 - 00111930 _____ () C:\Windows\setupact.log
2015-01-20 18:17 - 2010-11-20 22:47 - 00643370 _____ () C:\Windows\PFRO.log
2015-01-20 18:15 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 18:15 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 18:14 - 2009-07-14 00:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 18:02 - 2014-06-07 21:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 16:07 - 2013-08-07 18:43 - 00000121 _____ () C:\Users\Public\LMDebug.log
2015-01-20 11:33 - 2013-08-07 12:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 20:55 - 2013-09-03 09:53 - 00000000 ____D () C:\Users\owner\Desktop\Sunny
2015-01-19 19:20 - 2013-08-07 12:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-19 19:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2015-01-19 19:14 - 2013-08-08 07:53 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2015-01-19 19:08 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-19 15:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-19 12:05 - 2014-12-01 14:22 - 00002044 ____H () C:\Users\owner\Documents\Default.rdp
2015-01-19 11:45 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-15 10:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-15 08:03 - 2009-07-14 00:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 00:33 - 2013-08-07 12:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 00:33 - 2013-08-07 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 00:33 - 2013-08-07 12:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 21:25 - 2014-12-07 20:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:22 - 2014-12-07 20:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-04 18:39 - 2013-08-07 21:16 - 00000030 _____ () C:\Windows\MaritimeLife.ini
2015-01-04 18:38 - 2013-08-07 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manulife Financial
2015-01-04 18:37 - 2013-10-10 14:42 - 00002077 _____ () C:\Users\Public\Desktop\Manulife Diamond View.lnk
2015-01-04 18:37 - 2013-08-07 19:31 - 00000029 _____ () C:\Windows\MLI.INI
2015-01-04 13:00 - 2014-01-28 20:04 - 00000000 _____ () C:\Users\owner\Documents\Printer PDF
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 22:14 - 2013-10-24 19:21 - 00000000 ____D () C:\Users\owner\Desktop\Rates
2014-12-29 22:14 - 2013-08-08 09:23 - 00000000 ____D () C:\CQWIN
2014-12-28 15:44 - 2014-12-15 16:38 - 16634822 _____ () C:\ProgramData\RESPXpressUpdate26.zip
2014-12-28 15:44 - 2013-09-08 20:40 - 00010446 _____ () C:\Windows\SysWOW64\WebUpdateSvc4.log
2014-12-28 15:44 - 2013-09-08 20:40 - 00000031 _____ () C:\Windows\WebUpdateSvc4.INI
==================== Files in the root of some directories =======
2013-08-07 13:18 - 2013-08-07 13:18 - 0012583 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.141841.wdl
2013-08-07 13:19 - 2013-08-07 13:20 - 0013062 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.141956.wdl
2013-08-07 13:40 - 2013-08-07 13:41 - 0020877 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.144057.txt
2013-08-07 13:58 - 2013-08-07 13:58 - 0015787 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.145843.wdl
2013-08-07 13:59 - 2013-08-07 13:59 - 0010791 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.145918.txt
2014-11-13 11:17 - 2014-11-13 11:17 - 0002491 _____ () C:\ProgramData\regid.2012-05.ca.repsource_EC596C15-1BA5-4A0F-8804-4CC5BB52F1EE.swidtag
2013-09-17 10:43 - 2013-09-17 10:43 - 20274484 _____ () C:\ProgramData\RESPXpressUpdate14.zip
2014-07-21 22:47 - 2014-07-21 22:47 - 4120870 _____ () C:\ProgramData\RESPXpressUpdate20.zip
2014-12-15 16:38 - 2014-12-28 15:44 - 16634822 _____ () C:\ProgramData\RESPXpressUpdate26.zip
Files to move or delete:
====================
C:\Users\owner\SetupNI.dll

Some content of TEMP:
====================
C:\Users\owner\AppData\Local\Temp\Quarantine.exe
C:\Users\owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 19:13
==================== End Of Log ============================
 
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by owner at 2015-01-20 18:23:17
Running from C:\Users\owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader 7.03 (HKLM-x32\...\{BDE84496-A26C-4575-BD6C-6FD04CA852D2}) (Version: 1.00.0000 - MultiCompany)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Afaria Client (HKLM-x32\...\Afaria Client) (Version:  - )
Canada Life Reference Material 14.3 (HKLM-x32\...\{CDB131D2-E9C0-40E2-9D9E-4E1ADB1B1820}) (Version: 14.3 - Canada Life)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-119208243-2725590792-2346737686-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CL Sales Strategies 11.3 (HKLM-x32\...\{F094278F-F192-4AA4-A918-9405B8620859}) (Version: 11.3 - Canada Life )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Concourse 1.0 (HKLM-x32\...\{64B54493-BC68-4D6F-B9EB-214E74CC0647}) (Version: 1.0 - London Life)
Concourse 2.3 - Content (HKLM-x32\...\{F153B63A-2894-471E-857E-A64550B03F77}) (Version: 2.3 - London Life)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
Diamond View Launcher (HKLM-x32\...\{A1A9956A-56A2-4933-A4F0-CC236790CC29}) (Version: 4.13.0.1 - Manulife Financial)
Diamond View Launcher (HKLM-x32\...\{C45C544E-5047-11D9-8216-00B0D075DF5C}) (Version: 3.36.0.5 - Manulife Financial)
Diamond View Update (HKLM-x32\...\{32D3C724-3E32-11D9-8211-00B0D075DF5C}) (Version: 7.4.0.1 - Manulife Financial)
FNCInstaller (x32 Version: 12.01.0000 - Flexera Software, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GWL Illustrator (HKLM-x32\...\{1D94A366-64BF-48A1-B86E-BA476C6B616D}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Config (HKLM-x32\...\{010F1EA0-301A-415C-8720-4DF374A810AC}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Par (HKLM-x32\...\{43FC59FF-0EBF-43D6-8E97-CDE47F1CCE4F}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Par Config (HKLM-x32\...\{7BB2FA8A-3928-47E1-8134-69788367EA8E}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Term (HKLM-x32\...\{EC40A6DF-F660-4FD7-ACA5-20D98B032124}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Term Config (HKLM-x32\...\{73CE5546-7C57-4A6C-8E57-FC1DE455677C}) (Version: 2.3.0.0 - Novinsoft Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2669 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Interface (x32 Version: 7.3.0 - Industrial Alliance) Hidden
Interface Suite - Industrial Alliance (HKLM-x32\...\{5D95EE8F-0063-4239-8B12-DF3BD6E5E775}) (Version: 7.4.0 - Industrial Alliance)
K-Lite Codec Pack 8.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Manulife - Concept slideshows (HKLM-x32\...\{70867522-4CC7-4BAD-8EBC-048B18807D4D}) (Version: 15.0.0.0 - Novinsoft Inc.)
Manulife - Concepts (HKLM-x32\...\{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}) (Version: 12.3.0.1 - Novinsoft Inc.)
Manulife - Insure Right / Manuvie - Bien s'assurer (HKLM-x32\...\{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}) (Version: 11.5.0.0 - Novinsoft Inc.)
Manulife - Launcher (HKLM-x32\...\{0F1D290F-2EF5-4A39-8882-1B28E4B0E421}) (Version: 15.0.0.2 - Novinsoft Inc.)
Manulife - Level Gold Investment Account - MLLG (HKLM-x32\...\{04956D2A-B448-4031-89B3-2233199BEDE3}) (Version: 15.2.0.7 - Novinsoft Inc.)
Manulife - Living Benefits (HKLM-x32\...\{F04F0485-8587-4EE6-9693-29F0ABFD26F1}) (Version: 15.1.0.0 - Novinsoft Inc.)
Manulife - Performax Gold - Performax Or - MLPG (HKLM-x32\...\{F746658F-170C-41F0-AD5B-DFFB74833AF8}) (Version: 15.2.0.2 - Novinsoft Inc.)
Manulife - Personal Accident/Personal Accident (HKLM-x32\...\{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}) (Version: 14.10.0.1 - Novinsoft Inc.)
Manulife - Synergy / Manuvie - Synergie (HKLM-x32\...\{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}) (Version: 14.15.0.3 -  Novinsoft Inc.)
Manulife - Term (HKLM-x32\...\{308FB486-5CAE-4E6E-893D-D63B080148CD}) (Version: 15.2.0.1 - Novinsoft Inc.)
Manulife - Universal Life (HKLM-x32\...\{95A6F1EB-281E-4613-A7B6-56515A9972C0}) (Version: 15.2.0.2 - Novinsoft Inc.)
Manulife - YRT Gold Investment Account - MLYG (HKLM-x32\...\{4BF2CAE2-CEC4-4D44-8B6A-569397447B8A}) (Version: 15.2.0.7 - Novinsoft Inc.)
Manulife Financial - Health and Dental (HKLM-x32\...\{31E7ACDD-E3E1-4F62-BF05-BDB7F06CFBC3}) (Version: 3.33.0.0 - Manulife Financial)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML (HKLM-x32\...\{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}) (Version: 4.20.9818 - London Life Insurance Company)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{235BBFC6-D863-4066-A01A-3BD504C31033}) (Version: 7.02.2620 - Nero AG)
RESPXpress (HKLM-x32\...\{8584238F-0A65-4C3C-A418-99AA83D6AE29}) (Version: 5.0.2 - Heritage Education Funds Inc)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.04.63 (28/02/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.99.00(04/02/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.40.03 - Samsung Electronics Co., Ltd.)
Samsung M267x 287x Series (HKLM-x32\...\Samsung M267x 287x Series) (Version: 1.12 (08/03/2013) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.09.11 (14/01/2013) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.00.49.00 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.5.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.02.0 - )
Windows Driver Package - Intel (ISCT) System  (11/19/2012 1.0.8.0) (HKLM\...\CA4C707033E6E6839178C28396E96859A3F62C5A) (Version: 11/19/2012 1.0.8.0 - Intel)
Windows Driver Package - Realtek Semiconduct Corp. (RSP2STOR) MTD  (05/27/2013 6.2.9200.29065) (HKLM\...\1BB1D7EBACC1BCD1A82C621E1E0BC9B313978951) (Version: 05/27/2013 6.2.9200.29065 - Realtek Semiconduct Corp.)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
ZoomExpressKeyView14.3 (HKLM-x32\...\{E6D6B0DB-6D17-4DFC-B5B3-E9DB7861EB7F}) (Version: 14.3.05 - ...)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================
20-01-2015 17:59:02 Removed Java 7 Update 25
20-01-2015 18:04:37 OTL Restore Point - 20/01/2015 6:04:37 PM
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00C2502F-C85A-410B-A678-3A8926B9CACF} - \da1eb969-1232-4912-9efc-cbb21be64a86-5 No Task File <==== ATTENTION
Task: {16F30BA7-7041-4679-A2D4-638935445461} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {185D3625-2105-4A88-B8D4-DF797B671D4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)
Task: {201F327B-6461-4F30-90CD-705105719AB5} - System32\Tasks\WZMOWX => C:\Users\owner\AppData\Roaming\WZMOWX.exe <==== ATTENTION
Task: {414D4EB1-F335-4434-8294-2C289617E339} - \da1eb969-1232-4912-9efc-cbb21be64a86-3 No Task File <==== ATTENTION
Task: {6E60D7BE-F0C4-46BF-B4EC-CBF2F4D9AB4C} - \da1eb969-1232-4912-9efc-cbb21be64a86-2 No Task File <==== ATTENTION
Task: {94C4C5F3-D714-46D4-9656-019B245930FC} - \da1eb969-1232-4912-9efc-cbb21be64a86-4 No Task File <==== ATTENTION
Task: {A1F0A8EE-554B-4FEF-ACC6-4B08F4ED285E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A3DBE1B2-6213-4A02-BD5D-7D4D9771DB01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {B9785BC3-16CD-4CC0-BC34-E35186F751B4} - \da1eb969-1232-4912-9efc-cbb21be64a86-1 No Task File <==== ATTENTION
Task: {BF6EEE63-1240-4FEC-87DC-4052953A586A} - \da1eb969-1232-4912-9efc-cbb21be64a86-10_user No Task File <==== ATTENTION
Task: {CA0DC3C1-2380-481A-BC51-68FCCE984E89} - \da1eb969-1232-4912-9efc-cbb21be64a86-6 No Task File <==== ATTENTION
Task: {CA343D3F-7731-47AE-A871-CC280EDEF437} - System32\Tasks\LHHBL => C:\Users\owner\AppData\Roaming\LHHBL.exe <==== ATTENTION
Task: {CEAC31B7-19EE-4EC8-B372-17A6193CA9B1} - \da1eb969-1232-4912-9efc-cbb21be64a86-5_user No Task File <==== ATTENTION
Task: {D57E298D-70AF-403E-AA79-1856D36068CD} - \da1eb969-1232-4912-9efc-cbb21be64a86-7 No Task File <==== ATTENTION
Task: {D998D867-27FA-458E-AA9D-2816CC895D79} - System32\Tasks\{C2A82D9A-6DB8-4A47-B568-E9722D87E19E} => pcalua.exe -a D:\setup.exe -d D:\
Task: {E9765CCE-6FC5-4FD1-AC1E-4C27164FAF29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-06-26 10:42 - 2013-06-26 10:42 - 00034304 _____ () C:\Windows\System32\ssa6mlm.dll
2012-02-09 15:26 - 2012-02-09 15:26 - 00133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 15:26 - 2012-02-09 15:26 - 00048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 15:26 - 2012-02-09 15:26 - 00036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2013-08-07 12:23 - 2012-01-09 18:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-01 14:08 - 2012-02-27 23:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-11-19 10:36 - 2014-11-19 10:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-08-01 14:10 - 2013-03-12 00:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================
Administrator (S-1-5-21-119208243-2725590792-2346737686-500 - Administrator - Disabled)
Guest (S-1-5-21-119208243-2725590792-2346737686-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-119208243-2725590792-2346737686-1002 - Limited - Enabled)
owner (S-1-5-21-119208243-2725590792-2346737686-1000 - Administrator - Enabled) => C:\Users\owner
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 06:18:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 06:18:02 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
Error: (01/20/2015 06:18:02 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource    Failed to set max wake duration, error=0.
Error: (01/20/2015 06:18:02 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration   *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/20/2015 06:08:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 06:08:23 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
Error: (01/20/2015 06:08:23 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource    Failed to set max wake duration, error=0.
Error: (01/20/2015 06:08:23 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration   *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2
Error: (01/20/2015 06:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer_Desktop.exe, version: 10.0.36897.0, time stamp: 0x548ed427
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0x1180
Faulting application start time: 0xTeamViewer_Desktop.exe0
Faulting application path: TeamViewer_Desktop.exe1
Faulting module path: TeamViewer_Desktop.exe2
Report Id: TeamViewer_Desktop.exe3
Error: (01/20/2015 05:49:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/20/2015 06:18:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/20/2015 06:17:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Web Update Wizard Service V4 service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/20/2015 06:17:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ISCT Always Updated Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (01/20/2015 06:17:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (01/20/2015 06:17:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/20/2015 06:17:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/20/2015 06:17:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/20/2015 06:17:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/20/2015 06:17:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Samsung Network Fax Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (01/20/2015 06:17:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 59%
Total physical RAM: 3998.36 MB
Available physical RAM: 1619.96 MB
Total Pagefile: 7994.89 MB
Available Pagefile: 5499.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:4.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: FFA717BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 
 
 

Thanks again for your help.


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

You did the steps perfectly. Good job. Still more to clean up. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   3.35KB   115 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#2 - JRT
Note: Please disable your Antivirus Software before doing Bullet#1. Info on how to do this is here.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

Step#4 - Malwarebytes Scan

  • I know you already ran this a couple times but I want to change an option and run again if you don't mind. Please open the program.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

Step#5 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix log

2. Junkware Log

3. Rootkit Scan Log

4. Malwarebytes Log
5. Fresh FRST and Addition logs

 


  • 0

Advertisements


#11
infected24

infected24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello - thank you again for your quick and detailed response.  I really appreciate all of your help.  Here are the logs you have requested:

 

 

1. FRST Fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by owner at 2015-01-20 21:21:31 Run:1
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available profiles: owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default\extensions\{921265c3-88e5-40e1-8d74-df5314572900}.xpi [Not Found]
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323886&octid=EB_ORIGINAL_CTID&ISID=M156D227A-B6F3-4869-A2E3-D78FFB3E96BD&SearchSource=55&CUI=&UM=8&UP=SPFF0B8D81-4902-4EE9-A46D-5736EF79CC0F&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323886&octid=EB_ORIGINAL_CTID&ISID=M156D227A-B6F3-4869-A2E3-D78FFB3E96BD&SearchSource=55&CUI=&UM=8&UP=SPFF0B8D81-4902-4EE9-A46D-5736EF79CC0F&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.co...79CC0F&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.secci...ix={searchTerms}
CHR Extension: (Cyti Web) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekmcmfmgcfmahepmlihdogclgaepcpn [2015-01-19]
2015-01-19 14:32 - 2015-01-19 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
2015-01-19 14:30 - 2015-01-19 15:02 - 00000000 ____D () C:\Users\owner\Documents\ProPCCleaner
2015-01-19 14:29 - 2015-01-19 14:29 - 00004360 _____ () C:\Windows\System32\Tasks\WZMOWX
2015-01-19 14:29 - 2015-01-19 14:29 - 00004358 _____ () C:\Windows\System32\Tasks\LHHBL
2013-09-17 10:43 - 2013-09-17 10:43 - 20274484 _____ () C:\ProgramData\RESPXpressUpdate14.zip
2014-07-21 22:47 - 2014-07-21 22:47 - 4120870 _____ () C:\ProgramData\RESPXpressUpdate20.zip
2014-12-15 16:38 - 2014-12-28 15:44 - 16634822 _____ () C:\ProgramData\RESPXpressUpdate26.zip
C:\Users\owner\SetupNI.dll
Task: {00C2502F-C85A-410B-A678-3A8926B9CACF} - \da1eb969-1232-4912-9efc-cbb21be64a86-5 No Task File <==== ATTENTION
Task: {201F327B-6461-4F30-90CD-705105719AB5} - System32\Tasks\WZMOWX => C:\Users\owner\AppData\Roaming\WZMOWX.exe <==== ATTENTION
Task: {414D4EB1-F335-4434-8294-2C289617E339} - \da1eb969-1232-4912-9efc-cbb21be64a86-3 No Task File <==== ATTENTION
Task: {6E60D7BE-F0C4-46BF-B4EC-CBF2F4D9AB4C} - \da1eb969-1232-4912-9efc-cbb21be64a86-2 No Task File <==== ATTENTION
Task: {94C4C5F3-D714-46D4-9656-019B245930FC} - \da1eb969-1232-4912-9efc-cbb21be64a86-4 No Task File <==== ATTENTION
C:\Users\owner\AppData\Roaming\WZMOWX.exe
Task: {B9785BC3-16CD-4CC0-BC34-E35186F751B4} - \da1eb969-1232-4912-9efc-cbb21be64a86-1 No Task File <==== ATTENTION
Task: {BF6EEE63-1240-4FEC-87DC-4052953A586A} - \da1eb969-1232-4912-9efc-cbb21be64a86-10_user No Task File <==== ATTENTION
Task: {CA0DC3C1-2380-481A-BC51-68FCCE984E89} - \da1eb969-1232-4912-9efc-cbb21be64a86-6 No Task File <==== ATTENTION
Task: {CA343D3F-7731-47AE-A871-CC280EDEF437} - System32\Tasks\LHHBL => C:\Users\owner\AppData\Roaming\LHHBL.exe <==== ATTENTION
Task: {CEAC31B7-19EE-4EC8-B372-17A6193CA9B1} - \da1eb969-1232-4912-9efc-cbb21be64a86-5_user No Task File <==== ATTENTION
Task: {D57E298D-70AF-403E-AA79-1856D36068CD} - \da1eb969-1232-4912-9efc-cbb21be64a86-7 No Task File <==== ATTENTION
C:\Users\owner\AppData\Roaming\LHHBL.exe
cmd: bitsadmin /allusers /reset
EmptyTemp:

*****************

Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default\extensions\[email protected] not found.
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default\extensions\{921265c3-88e5-40e1-8d74-df5314572900}.xpi not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultNewTabURL: Default -> https://www.trovi.co...79CC0F&SAT=CNTS => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekmcmfmgcfmahepmlihdogclgaepcpn => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream => Moved successfully.
C:\Users\owner\Documents\ProPCCleaner => Moved successfully.
C:\Windows\System32\Tasks\WZMOWX => Moved successfully.
C:\Windows\System32\Tasks\LHHBL => Moved successfully.
C:\ProgramData\RESPXpressUpdate14.zip => Moved successfully.
C:\ProgramData\RESPXpressUpdate20.zip => Moved successfully.
C:\ProgramData\RESPXpressUpdate26.zip => Moved successfully.
C:\Users\owner\SetupNI.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00C2502F-C85A-410B-A678-3A8926B9CACF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00C2502F-C85A-410B-A678-3A8926B9CACF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da1eb969-1232-4912-9efc-cbb21be64a86-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{201F327B-6461-4F30-90CD-705105719AB5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{201F327B-6461-4F30-90CD-705105719AB5}" => Key deleted successfully.
C:\Windows\System32\Tasks\WZMOWX not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WZMOWX" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{414D4EB1-F335-4434-8294-2C289617E339}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{414D4EB1-F335-4434-8294-2C289617E339}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da1eb969-1232-4912-9efc-cbb21be64a86-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E60D7BE-F0C4-46BF-B4EC-CBF2F4D9AB4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E60D7BE-F0C4-46BF-B4EC-CBF2F4D9AB4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da1eb969-1232-4912-9efc-cbb21be64a86-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94C4C5F3-D714-46D4-9656-019B245930FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94C4C5F3-D714-46D4-9656-019B245930FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da1eb969-1232-4912-9efc-cbb21be64a86-4" => Key deleted successfully.
"C:\Users\owner\AppData\Roaming\WZMOWX.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9785BC3-16CD-4CC0-BC34-E35186F751B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9785BC3-16CD-4CC0-BC34-E35186F751B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da1eb969-1232-4912-9efc-cbb21be64a86-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF6EEE63-1240-4FEC-87DC-4052953A586A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF6EEE63-1240-4FEC-87DC-4052953A586A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da1eb969-1232-4912-9efc-cbb21be64a86-10_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA0DC3C1-2380-481A-BC51-68FCCE984E89}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA0DC3C1-2380-481A-BC51-68FCCE984E89}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da1eb969-1232-4912-9efc-cbb21be64a86-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA343D3F-7731-47AE-A871-CC280EDEF437}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA343D3F-7731-47AE-A871-CC280EDEF437}" => Key deleted successfully.
C:\Windows\System32\Tasks\LHHBL not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LHHBL" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEAC31B7-19EE-4EC8-B372-17A6193CA9B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEAC31B7-19EE-4EC8-B372-17A6193CA9B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da1eb969-1232-4912-9efc-cbb21be64a86-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D57E298D-70AF-403E-AA79-1856D36068CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D57E298D-70AF-403E-AA79-1856D36068CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da1eb969-1232-4912-9efc-cbb21be64a86-7" => Key deleted successfully.
"C:\Users\owner\AppData\Roaming\LHHBL.exe" => File/Directory not found.

=========  bitsadmin /allusers /reset =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Invalid command
USAGE: BITSADMIN [/RAWRETURN] [/WRAP | /NOWRAP] command
The following commands are available:

/HELP           Prints this help
/?              Prints this help
/UTIL /?        Prints the list of utilities commands
/PEERCACHING /?   Prints the list of commands to manage Peercaching
/CACHE /?       Prints the list of cache management commands
/PEERS /?       Prints the list of peer management commands

/LIST    [/ALLUSERS] [/VERBOSE]     List the jobs
/MONITOR [/ALLUSERS] [/REFRESH sec] Monitors the copy manager
/RESET   [/ALLUSERS]                Deletes all jobs in the manager

/TRANSFER <job name> [type] [/PRIORITY priority] [/ACLFLAGS flags]
          remote_url local_name
    Transfers one of more files.
    [type] may be /DOWNLOAD or /UPLOAD; default is download
    Multiple URL/file pairs may be specified.
    Unlike most commands, <job name> may only be a name and not a GUID.

/CREATE [type] <job name>               Creates a job
    [type] may be /DOWNLOAD, /UPLOAD, or /UPLOAD-REPLY; default is download
    Unlike most commands, <job name> may only be a name and not a GUID.

/INFO <job> [/VERBOSE]                   Displays information about the job
/ADDFILE <job> <remote_url> <local_name> Adds a file to the job
/ADDFILESET <job> <textfile>             Adds multiple files to the job
   Each line of <textfile> lists a file's remote name and local name, separated
   by spaces.  A line beginning with '#' is treated as a comment.
   Once the file set is read into memory, the contents are added to the job.

/ADDFILEWITHRANGES  <job> <remote_url> <local_name range_list>
   Like /ADDFILE, but BITS will read only selected byte ranges of the URL.
   range_list is a comma-delimited series of offset and length pairs.
   For example,

       0:100,2000:100,5000:eof

   instructs BITS to read 100 bytes starting at offset zero, 100 bytes starting
   at offset 2000, and the remainder of the URL starting at offset 5000.

/REPLACEREMOTEPREFIX <job> <old_prefix> <new_prefix>
    All files whose URL begins with <old_prefix> are changed to use <new_prefix>

Note that BITS currently supports HTTP/HTTPS downloads and uploads.
It also supports UNC paths and file:// paths as URLS

/LISTFILES <job>                     Lists the files in the job
/SUSPEND <job>                       Suspends the job
/RESUME <job>                        Resumes the job
/CANCEL <job>                        Cancels the job
/COMPLETE <job>                      Completes the job

/GETTYPE <job>                       Retrieves the job type
/GETACLFLAGS <job>                   Retrieves the ACL propagation flags

/SETACLFLAGS <job> <ACL_flags>       Sets the ACL propagation flags for the job
  O - OWNER       G - GROUP
  D - DACL        S - SACL 

  Examples:
      bitsadmin /setaclflags MyJob OGDS
      bitsadmin /setaclflags MyJob OGD

/GETBYTESTOTAL <job>                 Retrieves the size of the job
/GETBYTESTRANSFERRED <job>           Retrieves the number of bytes transferred
/GETFILESTOTAL <job>                 Retrieves the number of files in the job
/GETFILESTRANSFERRED <job>           Retrieves the number of files transferred
/GETCREATIONTIME <job>               Retrieves the job creation time
/GETMODIFICATIONTIME <job>           Retrieves the job modification time
/GETCOMPLETIONTIME <job>             Retrieves the job completion time
/GETSTATE <job>                      Retrieves the job state
/GETERROR <job>                      Retrieves detailed error information
/GETOWNER <job>                      Retrieves the job owner
/GETDISPLAYNAME <job>                Retrieves the job display name
/SETDISPLAYNAME <job> <display_name> Sets the job display name
/GETDESCRIPTION <job>                Retrieves the job description
/SETDESCRIPTION <job> <description>  Sets the job description
/GETPRIORITY    <job>                Retrieves the job priority
/SETPRIORITY    <job> <priority>     Sets the job priority
   Priority usage choices:
      FOREGROUND
      HIGH
      NORMAL
      LOW
/GETNOTIFYFLAGS <job>                 Retrieves the notify flags
/SETNOTIFYFLAGS <job> <notify_flags>  Sets the notify flags
    For more help on this option, please refer to the MSDN help page for SetNotifyFlags/GETNOTIFYINTERFACE <job>             Determines if notify interface is registered
/GETMINRETRYDELAY <job>               Retrieves the retry delay in seconds
/SETMINRETRYDELAY <job> <retry_delay> Sets the retry delay in seconds
/GETNOPROGRESSTIMEOUT <job>           Retrieves the no progress timeout in seconds
/SETNOPROGRESSTIMEOUT <job> <timeout> Sets the no progress timeout in seconds
/GETMAXDOWNLOADTIME <job>             Retrieves the download timeout in seconds
/SETMAXDOWNLOADTIME <job> <timeout>   Sets the download timeout in seconds
/GETERRORCOUNT <job>                  Retrieves an error count for the job

/SETPROXYSETTINGS <job> <usage>      Sets the proxy usage
   usage choices:
    PRECONFIG   - Use the owner's default Internet settings.
    AUTODETECT  - Force autodetection of proxy.
    NO_PROXY    - Do not use a proxy server.
    OVERRIDE    - Use an explicit proxy list and bypass list.
                  Must be followed by a proxy list and a proxy bypass list.
                  NULL or "" may be used for an empty proxy bypass list.
  Examples:
      bitsadmin /setproxysettings MyJob PRECONFIG
      bitsadmin /setproxysettings MyJob AUTODETECT
      bitsadmin /setproxysettings MyJob NO_PROXY
      bitsadmin /setproxysettings MyJob OVERRIDE proxy1:80 "<local>"
      bitsadmin /setproxysettings MyJob OVERRIDE proxy1,proxy2,proxy3 NULL

/GETPROXYUSAGE <job>                 Retrieves the proxy usage setting
/GETPROXYLIST <job>                  Retrieves the proxy list
/GETPROXYBYPASSLIST <job>            Retrieves the proxy bypass list

/TAKEOWNERSHIP <job>                 Take ownership of the job

/SETNOTIFYCMDLINE <job> <program_name> [program_parameters]
    Sets a program to execute for notification, and optionally parameters.
    The program name and parameters can be NULL.
    IMPORTANT: if parameters are non-NULL, then the program name should be the
               first parameter.

  Examples:
    bitsadmin /SetNotifyCmdLine MyJob c:\winnt\system32\notepad.exe  NULL
    bitsadmin /SetNotifyCmdLine MyJob c:\foo.exe "c:\foo.exe parm1 parm2"
    bitsadmin /SetNotifyCmdLine MyJob NULL NULL

/GETNOTIFYCMDLINE <job>              Returns the job's notification command line

/SETCREDENTIALS <job> <target> <scheme> <username> <password>
  Adds credentials to a job.
  <target> may be either SERVER or PROXY
  <scheme> may be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT.

/REMOVECREDENTIALS <job> <target> <scheme>
  Removes credentials from a job.
/GETCUSTOMHEADERS <job>                           Gets the Custom HTTP Headers
/SETCUSTOMHEADERS <job> <header1> <header2> <...> Sets the Custom HTTP Headers
/GETCLIENTCERTIFICATE <job>                       Gets the job's Client Certificate Information
/SETCLIENTCERTIFICATEBYID <job> <store_location> <store_name> <hexa-decimal_cert_id>
  Sets a client authentication certificate to a job.
  <store_location> may be
 1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),
 4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),
 7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE).

/SETCLIENTCERTIFICATEBYNAME <job> <store_location> <store_name> <subject_name>
  Sets a client authentication certificate to a job.
  <store_location> may be
 1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),
 4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),
 7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE).

/REMOVECLIENTCERTIFICATE <job>                Removes the Client Certificate Information from the job

/SETSECURITYFLAGS <job> <value>  
   Sets the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.
   The value is an unsigned integer with the following interpretation for the bits in the binary representation.
     Enable CRL Check                                 : Set the least significant bit
     Ignore invalid common name in server certificate : Set the 2nd bit from right
     Ignore invalid date in  server certificate       : Set the 3rd bit from right
     Ignore invalid certificate authority in server
       certificate                                    : Set the 4th bit from right
     Ignore invalid usage of certificate              : Set the 5th bit from right
     Redirection policy                               : Controlled by the 9th-11th bits from right
         0,0,0  - Redirects will be automatically allowed.
         0,0,1  - Remote name in the IBackgroundCopyFile interface will be updated if a redirect occurs.
         0,1,0  - BITS will fail the job if a redirect occurs.

     Allow redirection from HTTPS to HTTP             : Set the 12th bit from right

/GETSECURITYFLAGS <job>  
   Reports the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.

/SETVALIDATIONSTATE  <job>  <file-index> <true|false>
      <file-index> starts from 0         
    Sets the content-validation state of the given file within the job.

/GETVALIDATIONSTATE  <job>  <file-index> 
      <file-index> starts from 0         
    Reports the content-validation state of the given file within the job.

/GETTEMPORARYNAME  <job>  <file-index> 
      <file-index> starts from 0         
    Reports the temporary filename of the given file within the job.

The following options control peercaching of a particular job:

/SETPEERCACHINGFLAGS  <job> <value>  
    Sets the flags for the job's peercaching behavior.
    The value is an unsigned integer with the following interpretation for the bits in the binary representation.
        Allow the job's data to be downloaded from a peer : Set the least significant bit
        Allow the job's data to be served to peers        : Set the 2nd bit from right

/GETPEERCACHINGFLAGS  <job>              
    Reports the flags for the job's peercaching behavior.

The following options are valid for UPLOAD-REPLY jobs only:

/GETREPLYFILENAME <job>        Gets the path of the file containing the server reply
/SETREPLYFILENAME <job> <path> Sets the path of the file containing the server reply
/GETREPLYPROGRESS <job>        Gets the size and progress of the server reply
/GETREPLYDATA     <job>        Dumps the server's reply data in hex format

The following options can be placed before the command:
/RAWRETURN                     Return data more suitable for parsing
/WRAP                          Wrap output around console (default)
/NOWRAP                        Don't wrap output around console

The /RAWRETURN option strips new line characters and formatting.
It is recognized by the /CREATE and /GET* commands.

Commands that take a <job> parameter will accept either a job name or a job ID
GUID inside braces.  BITSADMIN reports an error if a name is ambiguous.

========= End of CMD: =========

EmptyTemp: => Removed 79.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 21:22:07 ====

 

 

2. Junkware Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by owner on 20/01/2015 at 21:30:34.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Emptied folder: C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\ka5qcham.default\minidumps [7 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/01/2015 at 21:34:38.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

3. Rootkit Scan Log

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-20 21:52:50
-----------------------------
21:52:50.086    OS Version: Windows x64 6.1.7601 Service Pack 1
21:52:50.086    Number of processors: 4 586 0x3A09
21:52:50.086    ComputerName: GSGILL  UserName: owner
21:52:50.242    Initialize success
21:52:50.289    VM: initialized successfully
21:52:50.289    VM: Intel CPU BiosDisabled
21:54:21.447    AVAST engine defs: 15012001
21:54:28.108    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:54:28.108    Disk 0 Vendor: SAMSUNG_MZMPC128HBFU-000H1 CXM12H1Q Size: 122104MB BusType: 11
21:54:28.124    Disk 0 MBR read successfully
21:54:28.139    Disk 0 MBR scan
21:54:28.202    Disk 0 Windows 7 default MBR code
21:54:28.202    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:54:28.217    Disk 0 default boot code
21:54:28.249    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
21:54:28.342    Disk 0 scanning C:\Windows\system32\drivers
21:54:34.442    Service scanning
21:54:49.231    Modules scanning
21:54:49.246    Disk 0 trace - called modules:
21:54:49.246    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:54:49.246    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004827060]
21:54:49.262    3 CLASSPNP.SYS[fffff880018ec43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004326060]
21:54:49.433    AVAST engine scan C:\Windows
21:54:51.087    AVAST engine scan C:\Windows\system32
21:56:40.599    AVAST engine scan C:\Windows\system32\drivers
21:56:47.666    AVAST engine scan C:\Users\owner
22:00:04.460    AVAST engine scan C:\ProgramData
22:01:33.724    Disk 0 statistics 3656425/0/0 @ 14.58 MB/s
22:01:33.724    Scan finished successfully
22:02:19.837    Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
22:02:19.869    The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

 

4. Malwarebytes Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/01/2015
Scan Time: 10:04:25 PM
Logfile: Step 4 Log file.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.21.03
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339789
Time Elapsed: 7 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

5. Fresh FRST and Addition logs

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by owner (administrator) on GSGILL on 20-01-2015 22:43:46
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available profiles: owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Sybase, Inc.) C:\Program Files (x86)\AClient\Bin\XeService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Sybase, Inc.) C:\Program Files (x86)\AClient\Bin\XcListener.exe
(Sybase, Inc.) C:\Program Files (x86)\AClient\Bin\XCDiffCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(TeamViewer GmbH) C:\Users\owner\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-03-26] (Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-04] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [DiamondView] => "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
HKU\S-1-5-20\...\Run: [DiamondView] => "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
HKU\S-1-5-21-119208243-2725590792-2346737686-1000\...\Run: [DiamondView] => C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe [956408 2014-06-19] (Manulife Financial)
HKU\S-1-5-18\...\Run: [DiamondView] => "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-119208243-2725590792-2346737686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rbc.com/canada.html
HKU\S-1-5-21-119208243-2725590792-2346737686-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-119208243-2725590792-2346737686-1000 -> DefaultScope {88FF29BE-E3B7-4A2F-8B67-5B62E78E057D} URL = http://www.google.co...earchTerms}=
SearchScopes: HKU\S-1-5-21-119208243-2725590792-2346737686-1000 -> {88FF29BE-E3B7-4A2F-8B67-5B62E78E057D} URL = http://www.google.co...earchTerms}=
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://appliedsyste...rt/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ka5qcham.default\extensions\{921265c3-88e5-40e1-8d74-df5314572900}.xpi [Not Found]

Chrome:
=======
CHR DefaultSearchURL: Default -> http://www.trovi.com...archTerms}=
CHR DefaultNewTabURL: Default -> https://www.trovi.co...79CC0F&SAT=CNTS
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Afaria Client Service; C:\Program Files (x86)\AClient\Bin\XeService.exe [239104 2009-11-02] (Sybase, Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [503344 2013-01-14] (Samsung Electronics Co., Ltd.)
R2 TeamViewer; c:\users\owner\appdata\local\temp\teamviewer\TeamViewer_Service.exe [4428048 2014-12-15] (TeamViewer GmbH)
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800 2010-07-23] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [288840 2013-05-27] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-20] ()
S3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
U3 aswMBR; \??\C:\Users\owner\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\owner\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 22:02 - 2015-01-20 22:02 - 00002042 _____ () C:\Users\owner\Desktop\aswMBR.txt
2015-01-20 22:02 - 2015-01-20 22:02 - 00000512 _____ () C:\Users\owner\Desktop\MBR.dat
2015-01-20 21:52 - 2015-01-20 21:52 - 05198336 _____ (AVAST Software) C:\Users\owner\Desktop\aswMBR.exe
2015-01-20 21:34 - 2015-01-20 21:34 - 00000756 _____ () C:\Users\owner\Desktop\JRT.txt
2015-01-20 21:30 - 2015-01-20 21:30 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:29 - 2015-01-20 21:29 - 01707939 _____ (Thisisu) C:\Users\owner\Desktop\JRT.exe
2015-01-20 18:23 - 2015-01-20 18:23 - 00023342 _____ () C:\Users\owner\Desktop\Addition.txt
2015-01-20 18:22 - 2015-01-20 22:43 - 00014536 _____ () C:\Users\owner\Desktop\FRST.txt
2015-01-20 18:22 - 2015-01-20 22:43 - 00000000 ____D () C:\FRST
2015-01-20 18:22 - 2015-01-20 18:22 - 02126848 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2015-01-20 18:18 - 2015-01-20 21:46 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-01-20 18:13 - 2015-01-20 18:17 - 00000000 ____D () C:\AdwCleaner
2015-01-20 18:12 - 2015-01-20 18:12 - 02186752 _____ () C:\Users\owner\Desktop\AdwCleaner.exe
2015-01-20 18:04 - 2015-01-20 18:04 - 00000000 ____D () C:\_OTL
2015-01-20 17:55 - 2015-01-20 17:55 - 00000000 ____D () C:\Users\owner\AppData\Roaming\TeamViewer
2015-01-19 19:45 - 2015-01-20 21:42 - 00000000 ____D () C:\Users\owner\Downloads\virusremoval
2015-01-19 19:24 - 2015-01-19 19:24 - 00000000 ____D () C:\Windows\pss
2015-01-19 19:13 - 2015-01-20 22:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 19:12 - 2015-01-19 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 19:12 - 2015-01-19 19:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 19:12 - 2015-01-19 19:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 19:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 19:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-19 19:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-19 19:11 - 2015-01-19 19:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-19 18:48 - 2015-01-20 21:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-16 03:00 - 2015-01-16 03:00 - 00000000 ____D () C:\3b2defc90b763c7a8ee52339
2015-01-15 08:07 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 08:07 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 08:07 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 08:07 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 08:07 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 08:07 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 08:07 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 08:07 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 08:07 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 08:07 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 09:20 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:20 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:20 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-03 21:37 - 2015-01-03 21:37 - 04895229 _____ () C:\Users\owner\Documents\GCFBCKUP [email protected]@@
2014-12-24 04:10 - 2014-12-24 04:10 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 22:33 - 2013-08-07 12:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 22:32 - 2013-08-01 14:01 - 01654568 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 22:02 - 2014-06-07 21:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 21:53 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 21:53 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 21:51 - 2009-07-14 00:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 21:46 - 2014-06-07 21:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 21:46 - 2013-08-07 13:56 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-01-20 21:46 - 2010-11-20 22:47 - 00645042 _____ () C:\Windows\PFRO.log
2015-01-20 21:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 21:46 - 2009-07-13 23:51 - 00112210 _____ () C:\Windows\setupact.log
2015-01-20 21:21 - 2013-08-07 12:08 - 00000000 ____D () C:\Users\owner
2015-01-20 21:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-20 19:27 - 2013-08-07 18:43 - 00000121 _____ () C:\Users\Public\LMDebug.log
2015-01-19 20:55 - 2013-09-03 09:53 - 00000000 ____D () C:\Users\owner\Desktop\Sunny
2015-01-19 19:20 - 2013-08-07 12:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-19 19:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2015-01-19 19:14 - 2013-08-08 07:53 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2015-01-19 19:08 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-19 12:05 - 2014-12-01 14:22 - 00002044 ____H () C:\Users\owner\Documents\Default.rdp
2015-01-19 11:45 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-15 10:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-15 08:03 - 2009-07-14 00:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 00:33 - 2013-08-07 12:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 00:33 - 2013-08-07 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 00:33 - 2013-08-07 12:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 21:25 - 2014-12-07 20:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:22 - 2014-12-07 20:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-04 18:39 - 2013-08-07 21:16 - 00000030 _____ () C:\Windows\MaritimeLife.ini
2015-01-04 18:38 - 2013-08-07 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manulife Financial
2015-01-04 18:37 - 2013-10-10 14:42 - 00002077 _____ () C:\Users\Public\Desktop\Manulife Diamond View.lnk
2015-01-04 18:37 - 2013-08-07 19:31 - 00000029 _____ () C:\Windows\MLI.INI
2015-01-04 13:00 - 2014-01-28 20:04 - 00000000 _____ () C:\Users\owner\Documents\Printer PDF
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 22:14 - 2013-10-24 19:21 - 00000000 ____D () C:\Users\owner\Desktop\Rates
2014-12-29 22:14 - 2013-08-08 09:23 - 00000000 ____D () C:\CQWIN
2014-12-28 15:44 - 2013-09-08 20:40 - 00010446 _____ () C:\Windows\SysWOW64\WebUpdateSvc4.log
2014-12-28 15:44 - 2013-09-08 20:40 - 00000031 _____ () C:\Windows\WebUpdateSvc4.INI

==================== Files in the root of some directories =======
2013-08-07 13:18 - 2013-08-07 13:18 - 0012583 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.141841.wdl
2013-08-07 13:19 - 2013-08-07 13:20 - 0013062 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.141956.wdl
2013-08-07 13:40 - 2013-08-07 13:41 - 0020877 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.144057.txt
2013-08-07 13:58 - 2013-08-07 13:58 - 0015787 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.145843.wdl
2013-08-07 13:59 - 2013-08-07 13:59 - 0010791 _____ () C:\Users\owner\AppData\Local\WiDiSetupLog.20130807.145918.txt
2014-11-13 11:17 - 2014-11-13 11:17 - 0002491 _____ () C:\ProgramData\regid.2012-05.ca.repsource_EC596C15-1BA5-4A0F-8804-4CC5BB52F1EE.swidtag

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 19:13

==================== End Of Log ============================

 

Addition Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by owner at 2015-01-20 22:44:07
Running from C:\Users\owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader 7.03 (HKLM-x32\...\{BDE84496-A26C-4575-BD6C-6FD04CA852D2}) (Version: 1.00.0000 - MultiCompany)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Afaria Client (HKLM-x32\...\Afaria Client) (Version:  - )
Canada Life Reference Material 14.3 (HKLM-x32\...\{CDB131D2-E9C0-40E2-9D9E-4E1ADB1B1820}) (Version: 14.3 - Canada Life)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-119208243-2725590792-2346737686-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CL Sales Strategies 11.3 (HKLM-x32\...\{F094278F-F192-4AA4-A918-9405B8620859}) (Version: 11.3 - Canada Life )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Concourse 1.0 (HKLM-x32\...\{64B54493-BC68-4D6F-B9EB-214E74CC0647}) (Version: 1.0 - London Life)
Concourse 2.3 - Content (HKLM-x32\...\{F153B63A-2894-471E-857E-A64550B03F77}) (Version: 2.3 - London Life)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
Diamond View Launcher (HKLM-x32\...\{A1A9956A-56A2-4933-A4F0-CC236790CC29}) (Version: 4.13.0.1 - Manulife Financial)
Diamond View Launcher (HKLM-x32\...\{C45C544E-5047-11D9-8216-00B0D075DF5C}) (Version: 3.36.0.5 - Manulife Financial)
Diamond View Update (HKLM-x32\...\{32D3C724-3E32-11D9-8211-00B0D075DF5C}) (Version: 7.4.0.1 - Manulife Financial)
FNCInstaller (x32 Version: 12.01.0000 - Flexera Software, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GWL Illustrator (HKLM-x32\...\{1D94A366-64BF-48A1-B86E-BA476C6B616D}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Config (HKLM-x32\...\{010F1EA0-301A-415C-8720-4DF374A810AC}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Par (HKLM-x32\...\{43FC59FF-0EBF-43D6-8E97-CDE47F1CCE4F}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Par Config (HKLM-x32\...\{7BB2FA8A-3928-47E1-8134-69788367EA8E}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Term (HKLM-x32\...\{EC40A6DF-F660-4FD7-ACA5-20D98B032124}) (Version: 2.3.0.0 - Novinsoft Inc.)
GWL Illustrator Term Config (HKLM-x32\...\{73CE5546-7C57-4A6C-8E57-FC1DE455677C}) (Version: 2.3.0.0 - Novinsoft Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2669 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Interface (x32 Version: 7.3.0 - Industrial Alliance) Hidden
Interface Suite - Industrial Alliance (HKLM-x32\...\{5D95EE8F-0063-4239-8B12-DF3BD6E5E775}) (Version: 7.4.0 - Industrial Alliance)
K-Lite Codec Pack 8.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Manulife - Concept slideshows (HKLM-x32\...\{70867522-4CC7-4BAD-8EBC-048B18807D4D}) (Version: 15.0.0.0 - Novinsoft Inc.)
Manulife - Concepts (HKLM-x32\...\{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}) (Version: 12.3.0.1 - Novinsoft Inc.)
Manulife - Insure Right / Manuvie - Bien s'assurer (HKLM-x32\...\{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}) (Version: 11.5.0.0 - Novinsoft Inc.)
Manulife - Launcher (HKLM-x32\...\{0F1D290F-2EF5-4A39-8882-1B28E4B0E421}) (Version: 15.0.0.2 - Novinsoft Inc.)
Manulife - Level Gold Investment Account - MLLG (HKLM-x32\...\{04956D2A-B448-4031-89B3-2233199BEDE3}) (Version: 15.2.0.7 - Novinsoft Inc.)
Manulife - Living Benefits (HKLM-x32\...\{F04F0485-8587-4EE6-9693-29F0ABFD26F1}) (Version: 15.1.0.0 - Novinsoft Inc.)
Manulife - Performax Gold - Performax Or - MLPG (HKLM-x32\...\{F746658F-170C-41F0-AD5B-DFFB74833AF8}) (Version: 15.2.0.2 - Novinsoft Inc.)
Manulife - Personal Accident/Personal Accident (HKLM-x32\...\{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}) (Version: 14.10.0.1 - Novinsoft Inc.)
Manulife - Synergy / Manuvie - Synergie (HKLM-x32\...\{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}) (Version: 14.15.0.3 -  Novinsoft Inc.)
Manulife - Term (HKLM-x32\...\{308FB486-5CAE-4E6E-893D-D63B080148CD}) (Version: 15.2.0.1 - Novinsoft Inc.)
Manulife - Universal Life (HKLM-x32\...\{95A6F1EB-281E-4613-A7B6-56515A9972C0}) (Version: 15.2.0.2 - Novinsoft Inc.)
Manulife - YRT Gold Investment Account - MLYG (HKLM-x32\...\{4BF2CAE2-CEC4-4D44-8B6A-569397447B8A}) (Version: 15.2.0.7 - Novinsoft Inc.)
Manulife Financial - Health and Dental (HKLM-x32\...\{31E7ACDD-E3E1-4F62-BF05-BDB7F06CFBC3}) (Version: 3.33.0.0 - Manulife Financial)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML (HKLM-x32\...\{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}) (Version: 4.20.9818 - London Life Insurance Company)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{235BBFC6-D863-4066-A01A-3BD504C31033}) (Version: 7.02.2620 - Nero AG)
RESPXpress (HKLM-x32\...\{8584238F-0A65-4C3C-A418-99AA83D6AE29}) (Version: 5.0.2 - Heritage Education Funds Inc)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.04.63 (28/02/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.99.00(04/02/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.40.03 - Samsung Electronics Co., Ltd.)
Samsung M267x 287x Series (HKLM-x32\...\Samsung M267x 287x Series) (Version: 1.12 (08/03/2013) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.09.11 (14/01/2013) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.00.49.00 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.5.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.02.0 - )
Windows Driver Package - Intel (ISCT) System  (11/19/2012 1.0.8.0) (HKLM\...\CA4C707033E6E6839178C28396E96859A3F62C5A) (Version: 11/19/2012 1.0.8.0 - Intel)
Windows Driver Package - Realtek Semiconduct Corp. (RSP2STOR) MTD  (05/27/2013 6.2.9200.29065) (HKLM\...\1BB1D7EBACC1BCD1A82C621E1E0BC9B313978951) (Version: 05/27/2013 6.2.9200.29065 - Realtek Semiconduct Corp.)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
ZoomExpressKeyView14.3 (HKLM-x32\...\{E6D6B0DB-6D17-4DFC-B5B3-E9DB7861EB7F}) (Version: 14.3.05 - ...)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

20-01-2015 21:21:32 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16F30BA7-7041-4679-A2D4-638935445461} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {185D3625-2105-4A88-B8D4-DF797B671D4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)
Task: {A1F0A8EE-554B-4FEF-ACC6-4B08F4ED285E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A3DBE1B2-6213-4A02-BD5D-7D4D9771DB01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {D998D867-27FA-458E-AA9D-2816CC895D79} - System32\Tasks\{C2A82D9A-6DB8-4A47-B568-E9722D87E19E} => pcalua.exe -a D:\setup.exe -d D:\
Task: {E9765CCE-6FC5-4FD1-AC1E-4C27164FAF29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-26 10:42 - 2013-06-26 10:42 - 00034304 _____ () C:\Windows\System32\ssa6mlm.dll
2012-02-09 15:26 - 2012-02-09 15:26 - 00133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 15:26 - 2012-02-09 15:26 - 00048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 15:26 - 2012-02-09 15:26 - 00036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2013-08-07 12:23 - 2012-01-09 18:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-01 14:08 - 2012-02-27 23:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-11-19 10:36 - 2014-11-19 10:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-08-01 14:10 - 2013-03-12 00:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-119208243-2725590792-2346737686-500 - Administrator - Disabled)
Guest (S-1-5-21-119208243-2725590792-2346737686-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-119208243-2725590792-2346737686-1002 - Limited - Enabled)
owner (S-1-5-21-119208243-2725590792-2346737686-1000 - Administrator - Enabled) => C:\Users\owner

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2015 09:46:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 09:46:22 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2015 09:46:22 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource    Failed to set max wake duration, error=0.

Error: (01/20/2015 09:46:22 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration   *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2

Error: (01/20/2015 09:36:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 09:36:33 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2015 09:36:33 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::SetTimerSource    Failed to set max wake duration, error=0.

Error: (01/20/2015 09:36:33 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CISCTPnpDriverApi::SetMaxWakeDuration   *****IOCTL_ISCT_SAWD(SAWD) Failed, Error=0x2

System errors:
=============
Error: (01/20/2015 09:46:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/20/2015 09:36:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 38%
Total physical RAM: 3998.36 MB
Available physical RAM: 2451.47 MB
Total Pagefile: 7994.89 MB
Available Pagefile: 6294.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:4.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: FFA717BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thank you again for your help!


  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem. Do you still get the black command prompt popup or is that resolved?

 

Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   132bytes   104 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

Step#3 - FRST Registry Search
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the word
Trovi into the Search box and click the Search Registry button.
    Search.JPG
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

 

Step#4 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

1. How's your computer doing?

2. FRST Fix log

3. SecurityCheck log

4. Registry Search results
5. Contents of the ESET log file

 


  • 0

#13
infected24

infected24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello,

 

Thank you again for your reply.  Here the logs requested:

 

1. How's your computer doing?

 

Computer is doing much better.  The black command prompt popup does not appear anymore. We also do not see any pop ups anymore.  Thank you.

My grandfather said his hotmail appeared to be really slow yesterday.  I'm not sure if that was because of the virus or maybe the hotmail server in general?

 

2. FRST Fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by owner at 2015-01-21 19:09:37 Run:2
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available profiles: owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CHR DefaultSearchURL: Default -> http://www.trovi.com...archTerms}=
cmd:bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
Chrome DefaultSearchURL deleted successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 203.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog 19:09:56 ====

 

 

3. SecurityCheck log

 

 Results of screen317's Security Check version 0.99.94 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 16.0.0.257 
 Adobe Reader XI 
 Mozilla Firefox 31.0 Firefox out of Date! 
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 23% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

4. Registry Search results

 

Hi - please note that I had redo this step as the "search" notepad on my desktop was blank when I tried to open it.  I also ended up re-doing step 3 security check above by mistake.

 

Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by owner at 2015-01-21 21:18:02
Running from C:\Users\owner\Desktop
Boot Mode: Normal

================== Search Registry: "Trovi" ===========

====== End Of Search ======

 

 

5. Contents of the ESET log file

 

C:\FRST\Quarantine\C\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekmcmfmgcfmahepmlihdogclgaepcpn\1.0.1_0\background.js Win32/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekmcmfmgcfmahepmlihdogclgaepcpn\1.0.1_0\content.js Win32/BrowseFox.Q potentially unwanted application
C:\Program Files (x86)\Adobe\819a0e1c-3061-4a00-b044-57e630e24ac8.dll a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\Windows\Installer\MSIBD4A.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\_OTL\MovedFiles\01202015_180426\C_Program Files (x86)\819a0e1c-3061-4a00-b044-57e630e24ac8\4f1bfb37-7858-41c2-a6c3-635d20fd3a8f.dll a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\_OTL\MovedFiles\01202015_180426\C_Users\owner\AppData\Roaming\LHHBL JS/Toolbar.Crossrider.C potentially unwanted application
C:\_OTL\MovedFiles\01202015_180426\C_Users\owner\AppData\Roaming\WZMOWX JS/Toolbar.Crossrider.C potentially unwanted application
 

Thank you!


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
I'm not sure if that was because of the virus or maybe the hotmail server in general?

 

Let me know how it is after this fix.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   306bytes   106 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Update or Remove Firefox

I see that Google Chrome is your primary browser which is fine. My recommendation is to either uninstall Firefox or Update to the latest version to avoid getting exploited by malware.

 

 

Let me know when these are done. Thanks.

 

 

 

 

 

 


  • 0

#15
infected24

infected24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello,

 

I have completed the steps you have requested.  Here they are:

 

Step#1 - FRST Fix
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by owner at 2015-01-22 14:12:16 Run:3
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available profiles: owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
C:\Program Files (x86)\Adobe\819a0e1c-3061-4a00-b044-57e630e24ac8.dll a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\Windows\Installer\MSIBD4A.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
cmd:ipconfig /flushdns
EmptyTemp:
*****************

Restore point was successfully created.
"C:\Program Files (x86)\Adobe\819a0e1c-3061-4a00-b044-57e630e24ac8.dll a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" => File/Directory not found.
"C:\Windows\Installer\MSIBD4A.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" => File/Directory not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 20 MB temporary data.

The system needed a reboot.

==== End of Fixlog 14:12:31 ====

 

 

Step#2 - Update or Remove Firefox

 

I have updated to the most recent version of Firefox.

 

Thank you!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP