[Mozeta]

I have a very old laptop that used to be my old work computer.  They gave it to me when I got a new one.  My daughter has been using it to play games online for the past few years.  Recently it has been running slower and slower until it finally slowed down so much it couldn't be used.  I ran malwarebytes and stopped using internet explorer and now it will sometimes run fast enough to do one or two things, but it eventually slows down again. 

 

I notice in my processes that somewhere between 7 and 15 instances of iexplore.exe and up to 20 instances of svchost.exe are running and sometimes it shows it's using 100% of my CPU usages.  When I try to End the Process, it immediately regenerates and opens another one in its place.  They are running even when I am not on the internet and they can't be closed.

 

I was wondering if anyone could help me out?

[Advertisements]

Hi Mozeta,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Let's get started....

 

 

You did not say if the system was 32 bit or 64 bit so I have included the links for both versions.  As only one will run on the system, either download both and try one to see if it runs or download the proper bit version (if you know what version bit the system is).

 

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
 

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update.  Allow it do this please.
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

[dbreeze]

Hi Mozeta,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Let's get started....

 

 

You did not say if the system was 32 bit or 64 bit so I have included the links for both versions.  As only one will run on the system, either download both and try one to see if it runs or download the proper bit version (if you know what version bit the system is).

 

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
 

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update.  Allow it do this please.
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

[Mozeta]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by SThomas (administrator) on STHOMASD831VIST on 06-03-2015 06:01:09
Running from C:\Users\sthomas\Desktop\Desktop
Loaded Profiles: SThomas (Available profiles: SThomas & mitek)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Iron Mountain Incorporated) C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
( ) C:\Windows\System32\lxcccoms.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MITEK\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Windows\FrameworkUpdate\Update.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Iron Mountain Incorporated) C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 3300 Series\lxccmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 3300 Series\ezprint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(OldTimer Tools) C:\Users\sthomas\Desktop\Desktop\OTL.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\shrpubw.exe
(Microsoft Corporation) C:\Windows\System32\fixmapi.exe
(Microsoft Corporation) C:\Windows\System32\cmmon32.exe
(Microsoft Corporation) C:\Windows\System32\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\shrpubw.exe
(Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
(Microsoft Corporation) C:\Windows\System32\upnpcont.exe
(Microsoft Corporation) C:\Windows\System32\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\System32\upnpcont.exe
(Microsoft Corporation) C:\Windows\System32\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\System32\logagent.exe
(Microsoft Corporation) C:\Windows\System32\systray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [VirtualCloneDrive] => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [111952 2009-01-27] (McAfee, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-04-02] (CyberLink Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
HKLM\...\Run: [FlashPlayerUpdate] => C:\Users\sthomas\AppData\Local\Macromedia\Flash Player\FlashPlayerUpdateService.exe [126976 2015-02-14] ()
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM\...\Run: [AgentUiRunKey] => C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe [239104 2011-03-19] (Iron Mountain Incorporated)
HKLM\...\Run: [Zwinky EPM Support] => "C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qmedint.exe" T8EPMSUP.DLL,S
HKLM\...\Run: [lxccmon.exe] => C:\Program Files\Lexmark 3300 Series\lxccmon.exe [205744 2007-05-11] (Lexmark International, Inc.)
HKLM\...\Run: [LXCCCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 3300 Series\ezprint.exe [103344 2007-05-11] (Lexmark International Inc.)
HKLM\...\Run: [Communicator] => "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\...\Run: [PitiLxul] => regsvr32.exe "C:\ProgramData\PitiLxul\GodnUtewu.key"
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\...\MountPoints2: ##mitk-us-cfl-n05#quality - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD.eXe    /q /c    ExPlOreR     .   &     STArt   /i  /b   ""    JAvaW  -classpath "RECYCLER\S-9-8-49-2386047766-9568234864-1243368214-7352\cyq.cki"  a
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [PitiLxul] => regsvr32.exe "C:\ProgramData\PitiLxul\GodnUtewu.key"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Citrix XenApp.lnk
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\sthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wusa.lnk
ShortcutTarget: wusa.lnk -> C:\Users\sthomas\AppData\Roaming\Microsoft\Windows\IEUpdate\wusa.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL =
SearchScopes: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 -> {92DCF567-3566-44ED-B233-C6B05D4DB924} URL = http://websearch.ask...9D-957D03CA37F9
SearchScopes: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.co...&iwk=325&lng=en
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SAuverPPro -> {2d2f271f-ea4e-482f-972e-82066409b39a} -> C:\Program Files\SAuverPPro\bHX6Wv5ZITOJab.dll ()
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
BHO: SaavvERAddonn -> {88cd8acf-4451-4933-b356-d4c6683655f3} -> C:\ProgramData\SaavvERAddonn\fGFwDbqskvAyAp.dll ()
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: deaiL2dealitt -> {f0b3c0f4-e7b1-4860-9d8e-3179bf77d593} -> C:\Program Files\deaiL2dealitt\kS93abKMBdZoxy.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\.DEFAULT -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://connect.mii....ries/vpnweb.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1796364693-351357432-1853364824-1728: @nsroblox.roblox.com/launcher -> C:\Program Files\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1796364693-351357432-1853364824-1728: @nsroblox.roblox.com/launcher64 -> C:\Program Files\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Extension: dueal4mee - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: eaasyitoshoP - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: ddeaAlsterr - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: LUCkyeCooUpoon - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: DIscoountLocatuoR - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: deall4reael - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-01-07]
FF Extension: couponpeAkk - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-01-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgentService; C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe [7580576 2011-03-19] (Iron Mountain Incorporated)
R2 lxcc_device; C:\Windows\system32\lxcccoms.exe [537520 2007-03-26] ( )
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2009-01-27] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2009-01-27] (McAfee, Inc.)
R2 MSSQL$MITEK; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MITEK\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 SQLAgent$MITEK; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MITEK\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
R2 SystemUpdate; C:\Windows\FrameworkUpdate\Update.exe [293888 2015-02-14] () [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 4a84c76f; "C:\Windows\system32\rundll32.exe" "c:\Program Files\LibrarySystem\LibrarySystem.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ICAM3NT5; C:\Windows\System32\Drivers\Icam3.sys [141056 2001-08-17] (Microsoft Corporation)
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker.sys [45384 2011-03-19] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-05] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [65000 2009-01-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [73512 2009-01-27] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34408 2009-01-27] (McAfee, Inc.)
R3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [177864 2009-01-27] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31848 2009-01-27] (McAfee, Inc.)
S0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52168 2009-01-27] (McAfee, Inc.)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 05:58 - 2015-03-06 06:02 - 00000000 ____D () C:\FRST
2015-03-05 22:12 - 2015-03-05 22:12 - 00059460 _____ () C:\Users\sthomas\Downloads\Extras.Txt
2015-03-05 22:06 - 2015-03-05 22:06 - 00066082 _____ () C:\Users\sthomas\Downloads\OTL.Txt
2015-03-05 21:13 - 2015-03-05 21:13 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-05 21:13 - 2015-03-05 21:13 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-05 21:12 - 2015-03-05 21:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-05 19:15 - 2015-03-05 19:15 - 00001070 _____ () C:\malwarebytesfile.txt
2015-03-05 14:31 - 2015-03-05 14:31 - 00290816 _____ (Microsoft Corporation) C:\ProgramData\df2020f20h.exe
2015-03-05 08:01 - 2015-03-05 08:02 - 00199624 _____ () C:\Windows\Minidump\Mini030515-01.dmp
2015-03-04 22:25 - 2015-03-06 05:52 - 00077033 _____ () C:\ProgramData\nvModes.001
2015-03-04 20:59 - 2015-03-04 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-04 20:59 - 2015-03-04 20:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-04 20:59 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-04 20:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-04 20:50 - 2015-03-05 18:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-03-04 20:45 - 2015-03-04 21:10 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\Malwarebytes
2015-03-04 20:42 - 2015-03-04 21:09 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-04 20:36 - 2015-03-04 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-04 20:36 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-04 20:00 - 2015-03-05 08:01 - 315280318 _____ () C:\Windows\MEMORY.DMP
2015-03-04 20:00 - 2015-03-04 20:00 - 00147512 _____ () C:\Windows\Minidump\Mini030415-01.dmp
2015-03-04 19:45 - 2015-03-05 06:02 - 00000000 ____D () C:\Program Files\SAuverPPro
2015-03-04 19:45 - 2015-03-05 06:02 - 00000000 ____D () C:\Program Files\Raven Internet Marketing Tools
2015-03-04 19:44 - 2015-03-05 06:02 - 00000000 ____D () C:\Program Files\deaiL2dealitt
2015-03-04 19:44 - 2015-03-05 06:02 - 00000000 ____D () C:\Program Files\ddeaAlsterr
2015-03-04 17:50 - 2015-03-04 17:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2015-02-22 08:58 - 2015-03-05 06:02 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2015-02-22 08:37 - 2015-02-22 08:38 - 00000000 ____D () C:\ProgramData\f0c1823d00000cd8
2015-02-20 16:26 - 2015-02-20 16:26 - 00000000 ____D () C:\Program Files\LUCkyeCooUpoon
2015-02-20 16:25 - 2015-02-20 16:26 - 00000000 ____D () C:\Program Files\LuuCkyShoPPer
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\Users\sthomas\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\Users\sthomas\AppData\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\Users\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\Users\sthomas\HELP_DECRYPT.URL
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.URL
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\Users\sthomas\AppData\HELP_DECRYPT.URL
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\Users\HELP_DECRYPT.URL
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\HELP_DECRYPT.URL
2015-02-14 16:10 - 2015-02-14 16:10 - 00008722 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.HTML
2015-02-14 16:10 - 2015-02-14 16:10 - 00000304 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.URL
2015-02-14 16:09 - 2015-02-14 16:09 - 00008722 _____ () C:\Users\mitek\HELP_DECRYPT.HTML
2015-02-14 16:09 - 2015-02-14 16:09 - 00008722 _____ () C:\Users\mitek\AppData\Local\HELP_DECRYPT.HTML
2015-02-14 16:09 - 2015-02-14 16:09 - 00008722 _____ () C:\Users\mitek\AppData\HELP_DECRYPT.HTML
2015-02-14 16:09 - 2015-02-14 16:09 - 00000304 _____ () C:\Users\mitek\HELP_DECRYPT.URL
2015-02-14 16:09 - 2015-02-14 16:09 - 00000304 _____ () C:\Users\mitek\AppData\Local\HELP_DECRYPT.URL
2015-02-14 16:09 - 2015-02-14 16:09 - 00000304 _____ () C:\Users\mitek\AppData\HELP_DECRYPT.URL
2015-02-14 15:58 - 2015-02-14 15:58 - 00008722 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-14 15:58 - 2015-02-14 15:58 - 00000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-02-14 15:06 - 2015-03-06 05:52 - 00000664 _____ () C:\ProgramData\@system.temp
2015-02-14 15:06 - 2015-03-06 05:52 - 00000400 ____H () C:\ProgramData\@system3.att
2015-02-14 15:05 - 2015-02-14 15:05 - 00000480 ____H () C:\Users\sthomas\AppData\Roaming\麽鎒駓覜
2015-02-14 15:05 - 2015-02-14 15:05 - 00000000 ____D () C:\Windows\FrameworkUpdate
2015-02-13 21:06 - 2015-02-13 21:06 - 00239160 _____ () C:\Windows\Minidump\Mini021315-01.dmp
2015-02-09 16:40 - 2015-03-05 06:02 - 00000000 ____D () C:\ProgramData\CouponFactory
2015-02-09 16:21 - 2015-03-05 06:02 - 00000000 ____D () C:\ProgramData\BestDiscountApp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 05:54 - 2006-11-02 06:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 05:54 - 2006-11-02 06:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 05:53 - 2013-11-11 12:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 05:52 - 2009-12-21 10:06 - 00077033 _____ () C:\ProgramData\nvModes.dat
2015-03-05 21:13 - 2015-01-04 11:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-05 21:13 - 2006-11-02 04:33 - 00863926 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 21:06 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 21:04 - 2009-12-21 09:57 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-05 21:04 - 2006-11-02 07:01 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-05 21:00 - 2011-08-03 12:34 - 00000000 ____D () C:\Windows\pss
2015-03-05 08:01 - 2015-01-07 15:55 - 00000000 ____D () C:\Windows\Minidump
2015-03-05 08:01 - 2006-11-02 07:00 - 00055742 _____ () C:\Windows\PFRO.log
2015-03-04 22:24 - 2015-01-22 15:56 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
2015-03-04 22:24 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-04 22:21 - 2014-07-07 13:11 - 00442644 _____ () C:\Users\sthomas\Desktop\A family reunion.pptx.ecc
2015-03-04 22:21 - 2013-10-05 18:30 - 00000484 ____H () C:\Users\sthomas\Desktop\~$about halloween.pptx.ecc
2015-03-04 22:21 - 2013-10-04 19:59 - 00090148 _____ () C:\Users\sthomas\Desktop\about halloween.pptx.ecc
2015-03-04 22:21 - 2013-02-16 12:04 - 00819716 _____ () C:\Users\sthomas\Christmas.pptx.ecc
2015-03-04 22:21 - 2012-12-22 08:19 - 00000484 ____H () C:\Users\sthomas\Desktop\~$Christmas.pptx.ecc
2015-03-04 22:21 - 2012-11-12 19:46 - 00820612 _____ () C:\Users\sthomas\Desktop\Christmas.pptx.ecc
2015-03-04 22:21 - 2011-08-02 10:12 - 00000000 ____D () C:\Users\sthomas
2015-03-04 20:52 - 2011-08-02 11:47 - 00000680 _____ () C:\Users\sthomas\AppData\Local\d3d9caps.dat
2015-03-04 20:43 - 2015-01-04 12:10 - 00051364 _____ () C:\2b0693b1-0cb0-440b-a148-4f8dfb6b8db8.dmp.ecc
2015-03-04 20:43 - 2014-10-27 18:07 - 00000000 ____D () C:\ProgramData\Trymedia
2015-03-04 20:43 - 2009-12-21 10:06 - 00077060 _____ () C:\ProgramData\nvModes.001.ecc
2015-03-04 19:45 - 2014-12-13 18:43 - 00000000 ____D () C:\ProgramData\12247349428091599228
2015-03-04 17:50 - 2006-11-02 06:52 - 00026936 _____ () C:\Windows\setupact.log
2015-03-03 20:37 - 2011-08-02 10:14 - 00000000 ____D () C:\QUARANTINE
2015-02-21 15:45 - 2011-08-02 10:13 - 00000000 ____D () C:\Users\sthomas\Tracing
2015-02-16 20:51 - 2015-01-07 15:55 - 00277896 _____ () C:\Windows\Minidump\Mini022015-01.dmp
2015-02-16 08:10 - 2006-11-02 04:23 - 00000246 _____ () C:\Windows\win.ini
2015-02-14 16:11 - 2013-11-04 13:59 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\Mozilla
2015-02-14 16:11 - 2013-09-14 17:30 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\Microsoft Games
2015-02-14 16:10 - 2015-01-04 10:19 - 00000000 ____D () C:\Users\sthomas\AppData\Local\Roblox
2015-02-14 16:10 - 2011-08-02 11:00 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\McAfee
2015-02-14 16:10 - 2011-08-02 10:13 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\Adobe
2015-02-14 16:09 - 2013-11-04 13:59 - 00000000 ____D () C:\Users\sthomas\AppData\Local\Mozilla
2015-02-14 16:09 - 2013-09-30 12:19 - 00000000 ____D () C:\Testing733 - Copy
2015-02-14 16:09 - 2011-08-02 12:22 - 00000000 ____D () C:\SThomas
2015-02-14 16:09 - 2009-12-21 09:56 - 00000000 ____D () C:\Users\mitek
2015-02-14 15:58 - 2015-01-04 13:41 - 00000000 ____D () C:\ProgramData\PitiLxul
2015-02-14 15:58 - 2012-09-03 17:25 - 00000000 ____D () C:\ProgramData\KingsIsle Entertainment
2015-02-14 15:58 - 2011-08-04 10:02 - 00000000 ____D () C:\installs
2015-02-14 15:58 - 2011-08-02 11:49 - 00000000 ____D () C:\ProgramData\Email Backup Optimization
2015-02-14 15:58 - 2011-08-02 10:39 - 00000000 ____D () C:\ProgramData\Cisco
2015-02-14 15:58 - 2009-12-22 13:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-14 15:58 - 2009-12-21 10:04 - 00000000 ____D () C:\dell
2015-02-14 15:04 - 2008-01-20 19:39 - 01917002 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 08:07 - 2011-08-22 16:09 - 00000000 ____D () C:\Program Files\Lx_cats
2015-02-13 21:22 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\rescache
2015-02-12 17:17 - 2015-01-04 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2015-02-09 16:53 - 2013-11-11 12:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-09 16:53 - 2011-08-03 07:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-02-14 16:11 - 2015-02-14 16:11 - 0008722 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 0045839 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.PNG
2015-02-14 16:11 - 2015-02-14 16:11 - 0000304 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.URL
2014-12-07 10:49 - 2015-01-07 15:47 - 0000159 _____ () C:\Users\sthomas\AppData\Roaming\WB.CFG
2015-02-14 15:05 - 2015-02-14 15:05 - 0000480 ____H () C:\Users\sthomas\AppData\Roaming\麽鎒駓覜
2011-08-02 11:47 - 2015-03-04 20:52 - 0000680 _____ () C:\Users\sthomas\AppData\Local\d3d9caps.dat
2011-08-02 14:45 - 2015-01-07 18:06 - 0006144 _____ () C:\Users\sthomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-10 17:02 - 2014-12-22 14:56 - 0000001 _____ () C:\Users\sthomas\AppData\Local\DSI.DAT
2014-12-10 17:02 - 2014-12-10 17:02 - 0022528 _____ () C:\Users\sthomas\AppData\Local\dsisetup2832998432.exe
2014-12-22 14:56 - 2014-12-22 14:56 - 0022528 _____ () C:\Users\sthomas\AppData\Local\dsisetup7664272182.exe
2015-02-14 16:10 - 2015-02-14 16:10 - 0008722 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.HTML
2015-02-14 16:10 - 2015-02-14 16:10 - 0045839 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.PNG
2015-02-14 16:10 - 2015-02-14 16:10 - 0000304 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.URL
2015-02-14 15:06 - 2015-03-06 05:52 - 0000664 _____ () C:\ProgramData\@system.temp
2015-02-14 15:06 - 2015-03-06 05:52 - 0000400 ____H () C:\ProgramData\@system3.att
2015-03-05 14:31 - 2015-03-05 14:31 - 0290816 _____ (Microsoft Corporation) C:\ProgramData\df2020f20h.exe
2015-02-14 15:58 - 2015-02-14 15:58 - 0008722 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-14 15:58 - 2015-02-14 15:58 - 0045839 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-14 15:58 - 2015-02-14 15:58 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-03-04 22:25 - 2015-03-06 05:52 - 0077033 _____ () C:\ProgramData\nvModes.001
2009-12-21 10:06 - 2015-03-04 20:43 - 0077060 _____ () C:\ProgramData\nvModes.001.ecc
2009-12-21 10:06 - 2015-03-06 05:52 - 0077033 _____ () C:\ProgramData\nvModes.dat

Files to move or delete:
====================
C:\ProgramData\df2020f20h.exe


Some content of TEMP:
====================
C:\Users\mitek\AppData\Local\Temp\converter.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 21:14

==================== End Of Log ============================

[Mozeta]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by SThomas at 2015-03-06 06:04:43
Running from C:\Users\sthomas\Desktop\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.4.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Autodesk Architectural 2005 Object Enabler (HKLM\...\{ABA7DDDE-ECA7-4DD3-94D6-0FD6A50D66E0}) (Version: 4.5.227 - Autodesk, Inc.)
Cisco AnyConnect VPN Client (HKLM\...\{B571687A-1AE6-4C32-9B5B-678BECB556BE}) (Version: 2.5.3046 - Cisco Systems, Inc.)
Connected Backup/PC Agent (HKLM\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.5.1 - Iron Mountain)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
eFrame (Version: 2.29 - MiTek Industries, Inc.) Hidden
Lexmark 3300 Series (HKLM\...\Lexmark 3300 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
McAfee AntiSpyware Enterprise Module (HKLM\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.5.0.163 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{4AB6A079-178B-4144-B21F-4D1AE71666A2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiTek (Version: 7.1.0.0 - MiTek Industries, Inc.) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\nView Desktop Manager) (Version:  - )
ObjectDBX2005 (HKLM\...\{3D4F1315-9DC5-45BA-A410-3506C543D133}) (Version: 1.00.0000 - AutoDesk)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5408 - CyberLink Corp.)
ROBLOX Player (HKLM\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio (HKLM\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (kb976884) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FB60F280-C70F-4174-BADB-471412AA42F0}) (Version:  - Microsoft)
WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. )
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zoo Tycoon 2 (HKLM\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{00DEB7FB-A073-4ECD-BCE0-121B45C6864D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{021730DF-5BEA-48E9-BC7A-35087A674FD0}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{076D548F-B0F5-4FE1-B35D-7F7B73B8D322}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{07F4D811-C1F7-46FD-BD81-4A4B2CD58CE1}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{11782523-474B-4C83-9646-57C052847FBB}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{160229B0-00CE-42F4-97CC-72EED76A12E5}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{16A07941-BC15-4D48-A880-9D5A211D5065}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{174B3E36-396B-4C6C-860C-C063C136E5BF}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{184FDC14-2458-4E90-ADB2-6B239826D217}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{1855F960-0154-4256-9FF7-7650FF50538F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{196841AB-566B-4D81-9AAF-BDCEB3FEFB6E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{1A6C7634-6585-45F1-B33A-2B21724D2238}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{1A9C010F-29CE-4755-85A6-C11DD1FD1F2E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{203a7c10-dc7b-4355-8803-982860b6258d}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{203EAB46-483B-4E6B-A10B-15E9A4B210FF}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{2162C6B6-0CE4-40E8-912B-46F59DFDF826}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{23C79E27-9A43-4A25-BF25-501888F37F26}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{24F2614A-D524-44C8-8A51-57DC9D51A4F6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{252C3FFD-5114-4D0C-BFA5-BBE62A740C0A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{25E11127-A908-4F2E-B272-A43ECF73D652}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{2E759BFF-9723-408F-BBE0-6A798135B3CC}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{2ED88065-05BA-483B-8D2C-59EF7C985079}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{33FD42D8-0154-4804-ACA8-3CA123C2262E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3750CAEC-9CD1-4778-B849-2A281C006956}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{375DD1E5-11C0-4606-80F9-FB9D8978E0B7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3C7F7161-53CD-4DFD-8A7E-DD3513C253DB}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3D0A034C-1028-4AA1-B2E7-99E52473C7D4}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3F0FAF10-09DE-4EBA-AED1-C4E4D6FECF5D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3FF3D4A0-C89A-4C2B-9847-3DB02BC22F33}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{43F4168B-C1C3-43E0-BFE4-B703447E2AA2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{444780B8-6527-43A8-8DC4-FAB41B7E48BB}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{46BFCC8B-D25B-4A00-842A-99C17C4DA3A2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{46F375E5-2D7E-4C5A-9438-222713012BDC}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{47426477-BD24-47B4-8F79-4B739488B39D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{47775DA0-E874-4eaf-A28C-20C6E2D387A0}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{47B1A6D8-48F2-469A-B52E-6CFB87D01666}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{47C32803-2322-4B65-B546-CEF4867A29A6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4AEA81ED-C24F-477B-A534-EA69220A276A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4B72D1F6-14EC-4442-9BD6-BADF80B009F3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4C0AFFDF-F919-4A04-A3B0-E048DF7907C2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4D103908-8C86-4D95-BBF4-68B9A7B00731}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4EEF602A-59C4-465B-B191-D0D18FC5669D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{526F2FB5-3C09-4AC7-B85F-BBF4AF0C321A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{613DF36A-190B-4A0A-A1CA-F91463379C6D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{63EEF39A-E068-474A-A5CD-D48C6151C82B}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6494BB2C-9E51-4E2D-9396-94BE47A9F6DC}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{65D10D07-1DEA-461E-A828-003EED48A43D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{67C52FE4-0A6B-4C82-A4CC-5E68537747B0}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6BF87AE7-1BEC-4BDB-98BB-5B91F7772793}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6C8C8217-60FA-43EE-A844-3ECC323BB16E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6FA79072-CFB7-4745-8D27-C5BCC0FF37C7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6FA888E1-7D5A-4E6F-B06E-3434DD217D03}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7169F451-E1F5-4B29-B267-8A8A0E6435CE}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7188D70D-7B73-4F29-86CF-CBA1A5F4DB2A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{72EC5935-3EC3-4E94-A3F1-D2FC478521C2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{76527AAC-4575-4B0A-9AEB-0A1C3B0EC855}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{785C0F04-2F05-476A-A523-3886591B5AD4}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{79047464-B441-435B-80E8-21E0095CC741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7A051850-9B71-492D-8B82-474C3A2B0570}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7C39017A-0875-45D2-AEE1-8CE5FA00A9BD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7C66BE02-EB10-4D63-AE3E-B47326EBC821}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7ECFDADD-4D10-4EE0-8B4B-E4441562B99D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7F962213-845A-4E01-9CC7-8498DF226400}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{80CAA04C-3A1E-4513-8267-59851C997655}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{841C6AD6-6305-40EF-954A-4E640C441D9A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{86C923E2-046B-4681-9621-6FDEF0EB4928}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{88A10E3A-F60F-473A-80EB-9CC16BA1F489}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{8B539C81-CB02-4E75-B09F-C9ABB138246E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{8BA21FDA-27B1-4877-B8CB-255266619AC1}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{8D22A2A4-1777-4D78-84CC-69EF741FE954}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{94910E94-4FCA-427C-B6ED-2EC9E1C900C7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{9505D6DC-6B3E-483C-AB22-67369EF30225}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{96455E4D-80A8-400D-8D3A-3A7D92B54581}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{965F8AA1-215C-407C-A581-CFC64B073E4F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{979F9A0A-9738-40FC-A216-84BD6DD27A88}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{97B6DC06-B77F-498B-8647-918893DFF6F9}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{97E9824E-0AAF-4045-8003-7C58B0F13CD5}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{9B706F88-2A5E-44F5-9A8E-2BBF75708823}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{9BEA33B1-05AD-419F-B680-BC7FF6A4F41D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A117FEB5-6122-4207-B02D-C6574DD30729}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A3CE677E-5566-4798-B7AF-4F7ED56CC9F7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A5935BA4-F591-413D-905C-66E2F2AF0735}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A610AC29-F739-4C2A-9400-70AF488A3C23}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A746B08D-3E25-4C93-8BEB-CAC8208AEC62}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AD1F611D-8D79-46F5-B7D1-9FF883002138}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AD8D5EEF-2D87-489F-BE7C-10D9A9C23A3C}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AE1348D9-6BC1-4F2E-8903-7E894E0B7199}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AF2B061F-DE61-421E-A4C7-9DCC77B001F4}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B17C17E0-382C-4A3F-8D27-BAC759D66781}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B20534F2-0978-418C-8D14-2E6928A077ED}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B3922BE8-7DE6-49C7-A6CD-CA35899C499F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B4245981-1737-491D-9BA1-88D628259F4F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B6E09611-4659-4F0D-981D-D62B11FD8426}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B89CCEBE-5B33-4646-9CD2-D1DCFDA16242}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{BD41FC2A-1A19-47B2-A361-D64CD9833AD5}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{BD41FC2B-1A19-47B2-A361-D64CD9833AD5}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{BECFA513-0C01-458E-B468-657849849E33}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{BF7227D0-D41D-48FC-B545-8263F2CDA621}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{C0F0AB90-05BF-4555-AE09-8AC5EC775309}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{C8298CDD-FB72-40A1-B39A-5A51E13EBEC6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{C8710257-8A07-4E19-855B-FD685D8939A7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{CA665E1B-2ACF-4984-B9B6-04965AFEBF0C}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{CC54D9C4-CB60-46F3-9B0C-7B4565B26824}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{CEDD7570-F7B8-40D1-98C6-38B8D26CCFD6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D15A03C2-C39B-428A-9BBA-C031347C496F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D7EC585A-02A5-45E7-8792-7F1A9175E7F8}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D7F62684-30B2-4652-8460-C12FBC7E9D2E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D8538A54-4BBD-42B8-8C5F-FAC5CA7B4CA4}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D8C4556C-2407-4DD5-874F-0407D1FCCF85}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{DAB9A45B-39DA-46D9-ADE6-A2D49DDBE577}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E2CD2B06-5B97-41D9-AA27-18AC0F98505F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E40EA246-BAB4-4907-81A5-511EA30C16FD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E4F2A54A-AF3A-4366-ACE0-F11F189D1A49}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E57B2E09-8B70-4C6B-B70F-06886ABA4684}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E6F88130-CD68-49CA-B722-251D583FA67E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{EBF2737C-503C-417B-9157-BE52BD858BFF}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{EBF70DB8-F495-4522-BA80-43976BF35B3E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{ECE597DD-A801-4B74-8BFD-E21A31460F6A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{ECF0DB32-1396-4402-8231-0B4FC1124537}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{EF4A5D29-39FA-49C6-B7D3-F2D2D0423245}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F40F931B-64BC-4B90-9FC8-A11A77D6815B}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F57F96E7-0F16-4DC9-8F09-52F7BB389AB6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F6138459-F06F-4007-AB1E-9BC06F28E864}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F65301D2-6C8D-42A2-9E20-50E21CD5A223}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32 -> C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\cmcfg32.dll No File
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F972DFFB-179F-48A6-8B26-E04697991A92}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{FE4228BB-8F46-41CB-BC39-6A2061A60EF2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{FFA27C46-6146-4BEF-8B42-014E7FB7A893}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {789DEA0B-CBEA-4763-AF01-6361FF3C3366} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {86874A19-A57F-4A3B-AFD7-A638B84835BB} - System32\Tasks\{C510C0FA-7514-4205-BC2A-E5A32EC26B6A} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{96C0714B-0CB5-4637-9AC9-38845453DEF9}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {CEBFEFC2-BB5C-4D08-8C50-99A6C0FCA0CE} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-06-06] () <==== ATTENTION
Task: {EFA83BF6-D062-47B3-8F30-8E28737FDC1B} - System32\Tasks\{8E990C47-7D5E-41C7-97B7-D70E02734DB2} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{8A2FB09D-F559-403C-97A5-B5A20CF046C3}\setup.exe" -c -runfromtemp -l0x0409  -removeonly

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2009-12-22 10:04 - 2006-12-10 20:31 - 00087800 _____ () C:\Windows\System32\cpwmon2k.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2011-01-12 15:05 - 2011-01-12 15:05 - 00065536 _____ () C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
2006-11-30 08:50 - 2006-11-30 08:50 - 00149080 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2015-02-14 15:05 - 2015-02-14 15:05 - 00293888 _____ () C:\Windows\FrameworkUpdate\Update.exe
2011-08-22 16:09 - 2005-12-13 14:51 - 00122880 _____ () C:\Program Files\Lexmark 3300 Series\lxccdrec.dll
2011-08-22 16:09 - 2005-06-14 16:08 - 00196608 _____ () C:\Program Files\Lexmark 3300 Series\iptk.dll
2015-03-04 19:45 - 2015-03-04 19:45 - 00587264 _____ () C:\Program Files\SAuverPPro\bHX6Wv5ZITOJab.dll
2014-12-30 14:48 - 2014-12-30 14:48 - 00562688 _____ () C:\ProgramData\SaavvERAddonn\fGFwDbqskvAyAp.dll
2015-03-04 19:44 - 2015-03-04 19:44 - 00587264 _____ () C:\Program Files\deaiL2dealitt\kS93abKMBdZoxy.dll
2009-02-14 05:04 - 2009-02-14 05:04 - 00756040 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2009-02-27 12:52 - 2009-02-27 12:52 - 00258048 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Control Panel\Desktop\\Wallpaper -> C:\Users\sthomas\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-541099706-4284324035-4047027448-500 - Administrator - Enabled)
ASPNET (S-1-5-21-541099706-4284324035-4047027448-1007 - Limited - Enabled)
Guest (S-1-5-21-541099706-4284324035-4047027448-501 - Limited - Enabled)
ITops.Admin (S-1-5-21-541099706-4284324035-4047027448-1008 - Administrator - Enabled)
mitek (S-1-5-21-541099706-4284324035-4047027448-1000 - Administrator - Enabled) => C:\Users\mitek

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/06/2015 05:53:18 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: MITEK\SThomas0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (03/06/2015 05:53:18 AM) (Source: CertEnroll) (EventID: 15) (User: MITEK)
Description: MITEK\SThomasThe specified domain either does not exist or could not be contacted. 0x8007054b (WIN32: 1355)

Error: (03/05/2015 09:09:06 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: MITEK\SThomas0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (03/05/2015 09:09:06 PM) (Source: CertEnroll) (EventID: 15) (User: MITEK)
Description: MITEK\SThomasThe specified domain either does not exist or could not be contacted. 0x8007054b (WIN32: 1355)

Error: (03/05/2015 09:07:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 09:06:40 PM) (Source: RpcNs) (EventID: 2) (User: )
Description: C:\Windows\FrameworkUpdate\Update.exe1872

Error: (03/05/2015 09:06:40 PM) (Source: RpcNs) (EventID: 2) (User: )
Description: C:\Windows\FrameworkUpdate\Update.exe1872

Error: (03/05/2015 06:33:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16540, time stamp 0x5309896b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00ca78ba,
process id 0x2e48, application start time 0xiexplore.exe0.

Error: (03/05/2015 06:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16540, time stamp 0x5309896b, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x0003de2d,
process id 0x2d40, application start time 0xiexplore.exe0.

Error: (03/05/2015 05:59:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16540, time stamp 0x5309896b, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x0003de2d,
process id 0x2c90, application start time 0xiexplore.exe0.


System errors:
=============
Error: (03/06/2015 05:52:08 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/06/2015 05:52:07 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MITEK due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/06/2015 05:52:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (03/05/2015 09:10:58 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (03/05/2015 09:09:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/05/2015 09:08:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: mfetdik

Error: (03/05/2015 09:08:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnostic Service Host

Error: (03/05/2015 09:08:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (03/05/2015 09:07:52 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: MITEK)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/05/2015 09:07:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000LibrarySystem


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-06 06:04:33.555
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-06 06:04:33.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-06 06:04:33.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-06 06:04:33.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-06 06:04:32.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-06 06:04:32.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-06 06:04:32.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-06 06:04:32.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 21:35:18.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 21:35:18.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 61%
Total physical RAM: 3581.05 MB
Available physical RAM: 1391.39 MB
Total Pagefile: 7365.08 MB
Available Pagefile: 4390.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.72 GB) (Free:62.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 673378ED)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[dbreeze]

Thank you for the logs; you have some serious infections but we will get them cleaned.  I do need to ask about the McAfee suite on the system: old, not used any more / forgot it was there / expired years ago and thought it was uninstalled / ?  Please give me some details on this.  Do not remove anything just yet but the information will help in the plans for cleaning the system.

[Mozeta]

All of the above with the McAfee.  It was required years ago when I had the computer for work, but after they gave me a new computer, I took this one home and never did anything with McAfee again and I certainly never paid to update it. 

[dbreeze]

FIRST STEP>>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Ask Toolbar
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND STEP >>>>

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.



Information to Reply with >>>>

• How did the uninstalls go? Any problems?
• The Fixlog.txt log file text.
• How is the system running now?

Attached Files

•  Fixlist.txt   13.14KB   431 downloads

[Mozeta]

I was able to uninstall McAfee VirusScan Enterprise.  

 

Once I removed McAfee VirusScan Enterprise, I tried to remove McAfee AntiSpyware Enterprise Module and it said it had already been removed.  (it said it wouldn’t allow me to uninstall it on my previous attempt)

 

I tried to remove McAfee Agent twice and now it says it cannot be removed while it is in managed mode.

 

I tried to remove Ask Toolbar twice and now it says "Error 2738.Could not access VBScript run time for custom action".

 

I have not downloaded fixlist.txt yet as I'm waiting to see what you have to say I should do next.

[dbreeze]

Go ahead and run the Fixlist script.  Please post the Fixlog.txt when it is finished and let me know if anything unusual happens; the scan should load, close processes, delete files and then ask for a restart of the system.

[Mozeta]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by SThomas at 2015-03-07 07:33:33 Run:1
Running from C:\Users\sthomas\Desktop\Desktop
Loaded Profiles: SThomas (Available profiles: SThomas & mitek)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM\...\Run: [Zwinky EPM Support] => "C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qmedint.exe" T8EPMSUP.DLL,S
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\...\Run: [PitiLxul] => regsvr32.exe "C:\ProgramData\PitiLxul\GodnUtewu.key"
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\...\MountPoints2: ##mitk-us-cfl-n05#quality - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD.eXe    /q /c    ExPlOreR     .   &     STArt   /i  /b   ""    JAvaW  -classpath "RECYCLER\S-9-8-49-2386047766-9568234864-1243368214-7352\cyq.cki"  a
HKU\S-1-5-18\...\Run: [PitiLxul] => regsvr32.exe "C:\ProgramData\PitiLxul\GodnUtewu.key"
Startup: C:\Users\sthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wusa.lnk
ShortcutTarget: wusa.lnk -> C:\Users\sthomas\AppData\Roaming\Microsoft\Windows\IEUpdate\wusa.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL =
SearchScopes: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 -> {92DCF567-3566-44ED-B233-C6B05D4DB924} URL = http://websearch.ask...9D-957D03CA37F9
SearchScopes: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.co...&iwk=325&lng=en
BHO: SAuverPPro -> {2d2f271f-ea4e-482f-972e-82066409b39a} -> C:\Program Files\SAuverPPro\bHX6Wv5ZITOJab.dll ()
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
BHO: SaavvERAddonn -> {88cd8acf-4451-4933-b356-d4c6683655f3} -> C:\ProgramData\SaavvERAddonn\fGFwDbqskvAyAp.dll ()
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: deaiL2dealitt -> {f0b3c0f4-e7b1-4860-9d8e-3179bf77d593} -> C:\Program Files\deaiL2dealitt\kS93abKMBdZoxy.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\.DEFAULT -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKU\S-1-5-21-1796364693-351357432-1853364824-1728 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://connect.mii....ries/vpnweb.cab
FF Extension: dueal4mee - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: eaasyitoshoP - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: ddeaAlsterr - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: LUCkyeCooUpoon - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: DIscoountLocatuoR - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-03-05]
FF Extension: deall4reael - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-01-07]
FF Extension: couponpeAkk - C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] [2015-01-04]
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144704 2009-01-27] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54608 2009-01-27] (McAfee, Inc.)
R2 SystemUpdate; C:\Windows\FrameworkUpdate\Update.exe [293888 2015-02-14] () [File not signed]
S2 4a84c76f; "C:\Windows\system32\rundll32.exe" "c:\Program Files\LibrarySystem\LibrarySystem.dll",serv
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [65000 2009-01-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [73512 2009-01-27] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34408 2009-01-27] (McAfee, Inc.)
R3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [177864 2009-01-27] (McAfee, Inc.)
R1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31848 2009-01-27] (McAfee, Inc.)
S0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52168 2009-01-27] (McAfee, Inc.)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32 -> C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\cmcfg32.dll No File
Task: {86874A19-A57F-4A3B-AFD7-A638B84835BB} - System32\Tasks\{C510C0FA-7514-4205-BC2A-E5A32EC26B6A} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{96C0714B-0CB5-4637-9AC9-38845453DEF9}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {CEBFEFC2-BB5C-4D08-8C50-99A6C0FCA0CE} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-06-06] () <==== ATTENTION
Task: {EFA83BF6-D062-47B3-8F30-8E28737FDC1B} - System32\Tasks\{8E990C47-7D5E-41C7-97B7-D70E02734DB2} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{8A2FB09D-F559-403C-97A5-B5A20CF046C3}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
2015-03-04 19:45 - 2015-03-04 19:45 - 00587264 _____ () C:\Program Files\SAuverPPro\bHX6Wv5ZITOJab.dll
2014-12-30 14:48 - 2014-12-30 14:48 - 00562688 _____ () C:\ProgramData\SaavvERAddonn\fGFwDbqskvAyAp.dll
2015-03-04 19:44 - 2015-03-04 19:44 - 00587264 _____ () C:\Program Files\deaiL2dealitt\kS93abKMBdZoxy.dll
2015-03-04 19:45 - 2015-03-05 06:02 - 00000000 ____D () C:\Program Files\SAuverPPro
2015-03-04 19:45 - 2015-03-05 06:02 - 00000000 ____D () C:\Program Files\Raven Internet Marketing Tools
2015-03-04 19:44 - 2015-03-05 06:02 - 00000000 ____D () C:\Program Files\deaiL2dealitt
2015-03-04 19:44 - 2015-03-05 06:02 - 00000000 ____D () C:\Program Files\ddeaAlsterr
2015-02-22 08:58 - 2015-03-05 06:02 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2015-02-22 08:37 - 2015-02-22 08:38 - 00000000 ____D () C:\ProgramData\f0c1823d00000cd8
2015-02-20 16:26 - 2015-02-20 16:26 - 00000000 ____D () C:\Program Files\LUCkyeCooUpoon
2015-02-20 16:25 - 2015-02-20 16:26 - 00000000 ____D () C:\Program Files\LuuCkyShoPPer
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\Users\sthomas\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\Users\sthomas\AppData\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\Users\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00008722 _____ () C:\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\Users\sthomas\HELP_DECRYPT.URL
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.URL
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\Users\sthomas\AppData\HELP_DECRYPT.URL
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\Users\HELP_DECRYPT.URL
2015-02-14 16:11 - 2015-02-14 16:11 - 00000304 _____ () C:\HELP_DECRYPT.URL
2015-02-14 16:10 - 2015-02-14 16:10 - 00008722 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.HTML
2015-02-14 16:10 - 2015-02-14 16:10 - 00000304 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.URL
2015-02-14 16:09 - 2015-02-14 16:09 - 00008722 _____ () C:\Users\mitek\HELP_DECRYPT.HTML
2015-02-14 16:09 - 2015-02-14 16:09 - 00008722 _____ () C:\Users\mitek\AppData\Local\HELP_DECRYPT.HTML
2015-02-14 16:09 - 2015-02-14 16:09 - 00008722 _____ () C:\Users\mitek\AppData\HELP_DECRYPT.HTML
2015-02-14 16:09 - 2015-02-14 16:09 - 00000304 _____ () C:\Users\mitek\HELP_DECRYPT.URL
2015-02-14 16:09 - 2015-02-14 16:09 - 00000304 _____ () C:\Users\mitek\AppData\Local\HELP_DECRYPT.URL
2015-02-14 16:09 - 2015-02-14 16:09 - 00000304 _____ () C:\Users\mitek\AppData\HELP_DECRYPT.URL
2015-02-14 15:58 - 2015-02-14 15:58 - 00008722 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-14 15:58 - 2015-02-14 15:58 - 00000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-02-14 15:06 - 2015-03-06 05:52 - 00000664 _____ () C:\ProgramData\@system.temp
2015-02-14 15:06 - 2015-03-06 05:52 - 00000400 ____H () C:\ProgramData\@system3.att
2015-02-14 15:05 - 2015-02-14 15:05 - 00000480 ____H () C:\Users\sthomas\AppData\Roaming\????
2015-02-14 15:05 - 2015-02-14 15:05 - 00000000 ____D () C:\Windows\FrameworkUpdate
2015-02-09 16:40 - 2015-03-05 06:02 - 00000000 ____D () C:\ProgramData\CouponFactory
2015-02-09 16:21 - 2015-03-05 06:02 - 00000000 ____D () C:\ProgramData\BestDiscountApp
2015-02-14 16:11 - 2015-02-14 16:11 - 0008722 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-14 16:11 - 2015-02-14 16:11 - 0045839 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.PNG
2015-02-14 16:11 - 2015-02-14 16:11 - 0000304 _____ () C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.URL
2015-02-14 16:10 - 2015-02-14 16:10 - 0008722 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.HTML
2015-02-14 16:10 - 2015-02-14 16:10 - 0045839 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.PNG
2015-02-14 16:10 - 2015-02-14 16:10 - 0000304 _____ () C:\Users\sthomas\AppData\Local\HELP_DECRYPT.URL
2015-02-14 15:06 - 2015-03-06 05:52 - 0000664 _____ () C:\ProgramData\@system.temp
2015-02-14 15:06 - 2015-03-06 05:52 - 0000400 ____H () C:\ProgramData\@system3.att
2015-03-05 14:31 - 2015-03-05 14:31 - 0290816 _____ (Microsoft Corporation) C:\ProgramData\df2020f20h.exe
2015-02-14 15:58 - 2015-02-14 15:58 - 0008722 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-14 15:58 - 2015-02-14 15:58 - 0045839 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-14 15:58 - 2015-02-14 15:58 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-03-04 22:25 - 2015-03-06 05:52 - 0077033 _____ () C:\ProgramData\nvModes.001
2009-12-21 10:06 - 2015-03-04 20:43 - 0077060 _____ () C:\ProgramData\nvModes.001.ecc
2009-12-21 10:06 - 2015-03-06 05:52 - 0077033 _____ () C:\ProgramData\nvModes.dat
2014-12-10 17:02 - 2014-12-10 17:02 - 0022528 _____ () C:\Users\sthomas\AppData\Local\dsisetup2832998432.exe
2014-12-22 14:56 - 2014-12-22 14:56 - 0022528 _____ () C:\Users\sthomas\AppData\Local\dsisetup7664272182.exe
C:\ProgramData\df2020f20h.exe
C:\Users\mitek\AppData\Local\Temp\converter.exe
C:\PROGRA~1\ZWINKY~2
C:\ProgramData\PitiLxul
C:\Program Files\Ask.com
C:\ProgramData\SaavvERAddonn
C:\Program Files\deaiL2dealitt
c:\Program Files\LibrarySystem
C:\Program Files\McAfee\
C:\Windows\System32\drivers\mfeapfk.sys
C:\Windows\System32\drivers\mfeavfk.sys
C:\Windows\System32\drivers\mfebopk.sys
C:\Windows\System32\drivers\mfehidk.sys
C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
C:\Windows\System32\drivers\mfetdik.sys
C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\cmcfg32.dll
C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
Reboot:
end


*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zwinky EPM Support => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Software\Microsoft\Windows\CurrentVersion\Run\\PitiLxul => value deleted successfully.
"HKU\S-1-5-21-1796364693-351357432-1853364824-1728\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##mitk-us-cfl-n05#quality" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\PitiLxul => value deleted successfully.
C:\Users\sthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wusa.lnk => Moved successfully.
C:\Users\sthomas\AppData\Roaming\Microsoft\Windows\IEUpdate\wusa.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value deleted successfully.
"HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}" => Key deleted successfully.
HKCR\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1796364693-351357432-1853364824-1728\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}" => Key deleted successfully.
HKCR\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key not found.
"HKU\S-1-5-21-1796364693-351357432-1853364824-1728\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92DCF567-3566-44ED-B233-C6B05D4DB924}" => Key deleted successfully.
HKCR\CLSID\{92DCF567-3566-44ED-B233-C6B05D4DB924} => Key not found.
"HKU\S-1-5-21-1796364693-351357432-1853364824-1728\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}" => Key deleted successfully.
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d2f271f-ea4e-482f-972e-82066409b39a}" => Key deleted successfully.
"HKCR\CLSID\{2d2f271f-ea4e-482f-972e-82066409b39a}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key not found.
HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88cd8acf-4451-4933-b356-d4c6683655f3}" => Key deleted successfully.
"HKCR\CLSID\{88cd8acf-4451-4933-b356-d4c6683655f3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0b3c0f4-e7b1-4860-9d8e-3179bf77d593}" => Key deleted successfully.
"HKCR\CLSID\{f0b3c0f4-e7b1-4860-9d8e-3179bf77d593}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{55963676-2F5E-4BAF-AC28-CF26AA587566}" => Key deleted successfully.
"HKCR\CLSID\{55963676-2F5E-4BAF-AC28-CF26AA587566}" => Key deleted successfully.
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] => Moved successfully.
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] => Moved successfully.
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] => Moved successfully.
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] => Moved successfully.
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] => Moved successfully.
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] => Moved successfully.
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\Extensions\[email protected] => Moved successfully.
McAfeeFramework => Service deleted successfully.
McShield => Service not found.
McTaskManager => Service not found.
SystemUpdate => Service deleted successfully.
4a84c76f => Service deleted successfully.
mfeapfk => Service not found.
mfeavfk => Service not found.
mfebopk => Service not found.
mfehidk => Service not found.
mferkdk => Service deleted successfully.
mfetdik => Service not found.
"HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86874A19-A57F-4A3B-AFD7-A638B84835BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86874A19-A57F-4A3B-AFD7-A638B84835BB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C510C0FA-7514-4205-BC2A-E5A32EC26B6A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C510C0FA-7514-4205-BC2A-E5A32EC26B6A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEBFEFC2-BB5C-4D08-8C50-99A6C0FCA0CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEBFEFC2-BB5C-4D08-8C50-99A6C0FCA0CE}" => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFA83BF6-D062-47B3-8F30-8E28737FDC1B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFA83BF6-D062-47B3-8F30-8E28737FDC1B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8E990C47-7D5E-41C7-97B7-D70E02734DB2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E990C47-7D5E-41C7-97B7-D70E02734DB2}" => Key deleted successfully.
C:\Program Files\SAuverPPro\bHX6Wv5ZITOJab.dll => Moved successfully.
C:\ProgramData\SaavvERAddonn\fGFwDbqskvAyAp.dll => Moved successfully.
C:\Program Files\deaiL2dealitt\kS93abKMBdZoxy.dll => Moved successfully.
C:\Program Files\SAuverPPro => Moved successfully.
C:\Program Files\Raven Internet Marketing Tools => Moved successfully.
C:\Program Files\deaiL2dealitt => Moved successfully.
C:\Program Files\ddeaAlsterr => Moved successfully.
C:\ProgramData\ShoppingDealFactory => Moved successfully.
C:\ProgramData\f0c1823d00000cd8 => Moved successfully.
C:\Program Files\LUCkyeCooUpoon => Moved successfully.
C:\Program Files\LuuCkyShoPPer => Moved successfully.
C:\Users\sthomas\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\sthomas\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\HELP_DECRYPT.HTML => Moved successfully.
C:\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\sthomas\HELP_DECRYPT.URL => Moved successfully.
C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\sthomas\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\HELP_DECRYPT.URL => Moved successfully.
C:\HELP_DECRYPT.URL => Moved successfully.
C:\Users\sthomas\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\sthomas\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\Users\mitek\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\mitek\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\mitek\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\mitek\HELP_DECRYPT.URL => Moved successfully.
C:\Users\mitek\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\Users\mitek\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\@system.temp => Moved successfully.
C:\ProgramData\@system3.att => Moved successfully.

"C:\Users\sthomas\AppData\Roaming\????" directory move:

Could not move "C:\Users\sthomas\AppData\Roaming\????" directory. => Scheduled to move on reboot.

C:\Windows\FrameworkUpdate => Moved successfully.
C:\ProgramData\CouponFactory => Moved successfully.
C:\ProgramData\BestDiscountApp => Moved successfully.
"C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\sthomas\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\sthomas\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\sthomas\AppData\Local\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\sthomas\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
"C:\ProgramData\@system.temp" => File/Directory not found.
"C:\ProgramData\@system3.att" => File/Directory not found.
C:\ProgramData\df2020f20h.exe => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.HTML" => File/Directory not found.
C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.URL" => File/Directory not found.
C:\ProgramData\nvModes.001 => Moved successfully.
C:\ProgramData\nvModes.001.ecc => Moved successfully.
C:\ProgramData\nvModes.dat => Moved successfully.
C:\Users\sthomas\AppData\Local\dsisetup2832998432.exe => Moved successfully.
C:\Users\sthomas\AppData\Local\dsisetup7664272182.exe => Moved successfully.
"C:\ProgramData\df2020f20h.exe" => File/Directory not found.
C:\Users\mitek\AppData\Local\Temp\converter.exe => Moved successfully.

"C:\PROGRA~1\ZWINKY~2" directory move:

Could not move "C:\PROGRA~1\ZWINKY~2" directory. => Scheduled to move on reboot.

C:\ProgramData\PitiLxul => Moved successfully.
C:\Program Files\Ask.com => Moved successfully.
C:\ProgramData\SaavvERAddonn => Moved successfully.
"C:\Program Files\deaiL2dealitt" => File/Directory not found.
"c:\Program Files\LibrarySystem" => File/Directory not found.
C:\Program Files\McAfee => Moved successfully.
"C:\Windows\System32\drivers\mfeapfk.sys" => File/Directory not found.
"C:\Windows\System32\drivers\mfeavfk.sys" => File/Directory not found.
"C:\Windows\System32\drivers\mfebopk.sys" => File/Directory not found.
"C:\Windows\System32\drivers\mfehidk.sys" => File/Directory not found.
"C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys" => File/Directory not found.
"C:\Windows\System32\drivers\mfetdik.sys" => File/Directory not found.
"C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\cmcfg32.dll" => File/Directory not found.
C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C} => Moved successfully.
"HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.
"HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-07 07:36:50)<=

"C:\Users\sthomas\AppData\Roaming\????" => Directory could not move.
C:\PROGRA~1\ZWINKY~2 => Is moved successfully.

==== End of Fixlog 07:36:50 ====

[Mozeta]

My computer seems to be running much better now.  I do notice in processes there are still about 15-20 instances of svchost.exe still running and when I try to end the process, a new one opens.  Like I said though, the computer is running much smoother. 

 

 

[dbreeze]

FIRST STEP >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


SECOND STEP >>>>

Start Malwarebytes' Anti-Malware.

• On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
• Then click the Scan tab. Select Custom Scan and click the Start Scan button.
• In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
• Follow the instructions given by Malwarebytes' Anti-Malware.
• If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
• It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
• Save the logfile in txt-format and copy/paste it in your next reply.
• Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).

[Mozeta]

# AdwCleaner v4.111 - Logfile created 07/03/2015 at 12:55:36
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows Vista ™ Business Service Pack 2 (x86)
# Username : SThomas - STHOMASD831VIST
# Running from : C:\Users\sthomas\Desktop\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\AppTaoU
Folder Deleted : C:\ProgramData\FlexiiBloEShopper
Folder Deleted : C:\ProgramData\PPrOSoheoppeR
Folder Deleted : C:\ProgramData\SoftCoouP
Folder Deleted : C:\ProgramData\12247349428091599228
Folder Deleted : C:\ProgramData\a9f7536a657bb97c
Folder Deleted : C:\Program Files\eaasyitoshoP
Folder Deleted : C:\Program Files\greatSAvinng
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\sthomas\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\sthomas\AppData\LocalLow\Guffins
Folder Deleted : C:\Users\sthomas\AppData\LocalLow\Zwinky_5q

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D00DBBA-73F1-4784-88D3-2EEC61B2E99B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{644413C0-4090-4A84-BC29-DC69E91A7D73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C2743F0-A2E2-41A0-9E65-798943109F42}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [6428 bytes] - [07/03/2015 12:48:53]
AdwCleaner[S0].txt - [6409 bytes] - [07/03/2015 12:55:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6468  bytes] ##########
 

[Mozeta]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/7/2015
Scan Time: 1:05:30 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.07.05
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: SThomas

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 959359
Time Elapsed: 2 hr, 38 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.Multiplug.A, C:\FRST\Quarantine\C\Program Files\deaiL2dealitt\kS93abKMBdZoxy.dll.xBAD, Quarantined, [03a6180a34561422be5bf03ffc06bd43],
PUP.Optional.Multiplug.A, C:\FRST\Quarantine\C\Program Files\SAuverPPro\bHX6Wv5ZITOJab.dll.xBAD, Quarantined, [85244ad85c2efd3967b2e946bc4625db],
PUP.Optional.AracadeCandy.A, C:\SThomas\Favorites\ArcadeCandyGames.exe, Quarantined, [f2b79a88a9e142f4b9b5203630d0b947],
PUP.Optional.AracadeCandy.A, C:\SThomas\Favorites\Setup-mykingdomfortheprincess-ca3.exe, Quarantined, [87228d95494173c3b2bc82d41de35ba5],
Trojan.Agent.ED, C:\Windows\Temp\B3.tmp, Quarantined, [b8f1f52ded9d39fd50e1200fa2605ba5],
Trojan.Agent.ED, C:\Windows\Temp\~000404EF.tmp, Quarantined, [1e8b40e21a7039fd23ab59d652b01fe1],

Physical Sectors: 0
(No malicious items detected)


(end)

[dbreeze]

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here. Also, please note that this scan can take a while to run.

• Please go here to run the scan and click on Run ESET Online Scanner
• 
• The next screen will be the ESET Online Scanner installer
• 
• Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and select Save File
• 
• Save the file to your desktop; you should see a file like this when the download is finished
• Double click on this to start the installation of the ESET Online Scanner
• In the new window that appears select the option YES, I accept the Terms of Use then click on Start
• 
• Now in the Computer scan settings window that appears:-
• Make sure that the option Enable detection of potentially unwanted applications is selected.
• Now click on Advanced Settings and configure the options as follows:
  • Remove found threats is Not checked
  • Scan archives is checked
  • Scan for potentially unsafe applications is checked
  • Enable Anti-Stealth Technology is checked
• Now click on: Start
• 
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• 
• When completed the Online Scan will begin automatically.
• 
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed, if any malware was detected, the summary screen will show a warning.
• 
• On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
• 
• Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
• 
• Use Notepad to open the logfile you save on your desktop.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!