Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Chrome.exe*32 issues [Solved]

Started by jmwnerw2 , Jun 09 2015 07:50 PM

This topic is locked

#1
jmwnerw2

Posted 09 June 2015 - 07:50 PM

Member

Member
12 posts

Hi,

I am a complete computer novice, but in trying to find out why my computer was running so slowly I discovered the chrome.exe*32 malware/virus is indeed running and making everything else lag. I have read through several of the solutions posted, but noted that each one is tailored to that specific computer. I'd love help in getting rid of this pesky thing. It has made the computer close to unusable. I thought I was going to have to do a complete system wipe, so have gotten it down to bare bones, but it is still being affected.

Thanks!

#2
Satchfan

Posted 10 June 2015 - 05:21 AM

Trusted Helper

Malware Removal
624 posts

Hello jmwnerw2 and welcome to GeeksToGo.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
press Scan button
it will produce a log called Frst.txt in the same directory the tool is run from
please copy and paste log back here.
the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

Frst.txt
Addition.txt

Thanks

Satchfan

#3
jmwnerw2

Posted 10 June 2015 - 06:48 AM

Member

Topic Starter
Member
12 posts

Satchfan,

You have my undying gratitude for taking the time to help me with this. I had no problem following your instructions, which means they were super clear. I am posting the results below.

Thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015

Ran by Beth (administrator) on BETH-LAPTOP on 10-06-2015 08:36:59

Running from C:\Users\Beth\Desktop

Loaded Profiles: Beth (Available Profiles: Beth)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe

() C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe

(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe

(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

(Synaptics Incorporated) C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11831400 2011-04-21] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)

HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-02-06] (Lenovo)

HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-02-06] (Lenovo)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-06] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-06] (Lenovo(beijing) Limited)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-15] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)

HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-06] (Lenovo)

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKLM-x32\...\Run: [Easy Dock] => [X]

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\...\Run: [Easy Dock] => [X]

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\...\MountPoints2: {308f75a9-f148-11e1-acd0-f0def1c749ec} - E:\VZW_Software_upgrade_assistant.exe

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\...\MountPoints2: {ee1ea08e-7785-11e2-82a2-00027239c062} - F:\VerizonSWUpgradeAssistantLauncher.exe

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-13]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk [2012-06-15]

ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-02-06] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope value is missing

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)

BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Beth\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)

Toolbar: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 172.16.42.1

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\npMotive.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-06-09]

FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox

Chrome:

=======

CHR Profile: C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Angry Birds) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-04-01]

CHR Extension: (Google Calendar) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-04-01]

CHR Extension: (Bookmark Manager) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-08]

CHR Extension: (Norton Identity Safe) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-15]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]

CHR Extension: (Norton Security Toolbar) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-03-28]

CHR Extension: (Google Wallet) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Profile: C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]

CHR Extension: (Google Docs) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]

CHR Extension: (Google Drive) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-08]

CHR Extension: (YouTube) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-08]

CHR Extension: (Google Search) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-08]

CHR Extension: (Google Sheets) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]

CHR Extension: (Bookmark Manager) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-08]

CHR Extension: (Norton Identity Safe) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-08]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]

CHR Extension: (Norton Security Toolbar) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-08]

CHR Extension: (Google Wallet) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-08]

CHR Extension: (Gmail) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-22]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-12-15] (Advanced Micro Devices, Inc.) [File not signed]

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 RaMediaServer; C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe [454656 2010-05-19] () [File not signed]

R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)

R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-06-08] (RaMMicHaeL)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-06-01] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-06-08] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-06-08] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150609.002\IDSvia64.sys [684248 2015-06-05] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.001\ENG64.SYS [129752 2015-04-29] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.001\EX64.SYS [2137304 2015-04-29] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-19] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]

U3 BcmSqlStartupSvc; No ImagePath

U2 CLKMSVC10_3A60B698; No ImagePath

U2 CLKMSVC10_C3B3B687; No ImagePath

U2 DriverService; No ImagePath

U2 IAStorDataMgrSvc; No ImagePath

U2 iATAgentService; No ImagePath

U2 idealife Update Service; No ImagePath

U3 IGRS; No ImagePath

U2 IviRegMgr; No ImagePath

S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

U2 nvUpdatusService; No ImagePath

U2 Oasis2Service; No ImagePath

U2 PCCarerService; No ImagePath

U2 ReadyComm.DirectRouter; No ImagePath

U2 RichVideo; No ImagePath

U2 RtLedService; No ImagePath

U2 SeaPort; No ImagePath

U2 SoftwareService; No ImagePath

U3 SQLWriter; No ImagePath

S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]

S3 vzandnetdiag2; system32\DRIVERS\lgvzandnetdiag264.sys [X]

S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]

S3 vzandnetndis; system32\DRIVERS\lgvzandnetndis64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 08:36 - 2015-06-10 08:37 - 00024405 _____ C:\Users\Beth\Desktop\FRST.txt

2015-06-10 08:36 - 2015-06-10 08:37 - 00000000 ____D C:\FRST

2015-06-10 08:35 - 2015-06-10 08:35 - 02108928 _____ (Farbar) C:\Users\Beth\Desktop\frst64.exe

2015-06-09 18:09 - 2015-06-09 18:09 - 00000000 ____D C:\Users\Beth\AppData\Roaming\java

2015-06-09 18:09 - 2015-06-09 18:09 - 00000000 ____D C:\Users\Beth\AppData\Roaming\.minecraft

2015-06-09 18:01 - 2015-06-09 18:08 - 00000000 ____D C:\Program Files (x86)\Minecraft

2015-06-09 18:01 - 2015-06-09 18:01 - 00000961 _____ C:\Users\Public\Desktop\Minecraft.lnk

2015-06-09 18:01 - 2015-06-09 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft

2015-06-09 17:52 - 2015-06-09 17:52 - 00000184 _____ C:\Users\Beth\Downloads\eula.txt

2015-06-09 17:52 - 2015-06-09 17:52 - 00000061 _____ C:\Users\Beth\Downloads\server.properties

2015-06-09 17:50 - 2015-06-09 17:50 - 02314240 _____ C:\Users\Beth\Downloads\MinecraftInstaller.msi

2015-06-09 17:47 - 2015-06-09 17:47 - 10174886 _____ C:\Users\Beth\Downloads\minecraft_server.1.8.7.exe

2015-06-09 17:39 - 2015-06-09 17:39 - 00000000 ____D C:\Users\Beth\AppData\Local\GWX

2015-06-09 17:37 - 2015-06-09 17:37 - 00000056 _____ C:\windows\setupact.log

2015-06-09 17:37 - 2015-06-09 17:37 - 00000000 _____ C:\windows\setuperr.log

2015-06-08 23:53 - 2015-06-08 23:53 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC

2015-06-08 23:53 - 2015-06-08 23:53 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

2015-06-08 23:53 - 2015-06-08 23:53 - 00000000 ____D C:\Program Files\CCleaner

2015-06-08 23:52 - 2015-06-08 23:52 - 06549184 _____ (Piriform Ltd) C:\Users\Beth\Downloads\ccsetup506.exe

2015-06-08 23:51 - 2015-06-08 23:51 - 00001023 _____ C:\Users\Public\Desktop\Unchecky.lnk

2015-06-08 23:51 - 2015-06-08 23:51 - 00000000 ____D C:\ProgramData\Unchecky

2015-06-08 23:51 - 2015-06-08 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky

2015-06-08 23:51 - 2015-06-08 23:51 - 00000000 ____D C:\Program Files (x86)\Unchecky

2015-06-08 23:49 - 2015-06-08 23:49 - 01142616 _____ (RaMMicHaeL) C:\Users\Beth\Downloads\unchecky_setup.exe

2015-06-08 23:49 - 2015-06-08 23:49 - 01142616 _____ (RaMMicHaeL) C:\Users\Beth\Downloads\unchecky_setup (1).exe

2015-06-08 22:48 - 2015-06-08 22:48 - 00000000 ____D C:\windows\pss

2015-06-08 21:53 - 2015-06-08 21:53 - 00003192 _____ C:\windows\System32\Tasks\IHUninstallTrackingTASK

2015-06-08 21:52 - 2015-06-08 21:52 - 00003192 _____ C:\windows\System32\Tasks\IHSelfDeleteTASK

2015-06-08 21:52 - 2015-06-08 21:52 - 00000000 ____D C:\ProgramData\Motive

2015-06-08 20:59 - 2015-06-08 20:59 - 00001086 _____ C:\Users\Public\Desktop\KeyFinder.lnk

2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\Users\Beth\AppData\Roaming\OpenCandy

2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\Users\Beth\AppData\Local\IsolatedStorage

2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder

2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean

2015-06-08 20:58 - 2015-06-08 20:58 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Beth\Downloads\KeyFinderInstaller.exe

2015-06-08 20:24 - 2015-06-08 20:24 - 02721168 _____ (Microsoft Corporation) C:\Users\Beth\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe

2015-06-08 18:31 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll

2015-06-08 18:31 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll

2015-06-08 18:31 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2015-06-08 18:31 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll

2015-06-08 18:31 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2015-06-08 18:31 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll

2015-06-08 18:31 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2015-06-08 18:31 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

2015-05-14 07:28 - 2015-05-14 07:28 - 00000000 ____D C:\Users\Beth\Documents\Bluetooth Exchange Folder

2015-05-14 03:05 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-05-14 03:05 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-05-14 00:01 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-05-14 00:01 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2015-05-14 00:01 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll

2015-05-14 00:01 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll

2015-05-14 00:01 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll

2015-05-14 00:01 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll

2015-05-14 00:00 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-05-14 00:00 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-05-14 00:00 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2015-05-14 00:00 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll

2015-05-14 00:00 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll

2015-05-14 00:00 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe

2015-05-14 00:00 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe

2015-05-14 00:00 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe

2015-05-14 00:00 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe

2015-05-14 00:00 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe

2015-05-14 00:00 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe

2015-05-14 00:00 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe

2015-05-14 00:00 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2015-05-14 00:00 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe

2015-05-14 00:00 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe

2015-05-14 00:00 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-05-14 00:00 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2015-05-14 00:00 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2015-05-14 00:00 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2015-05-14 00:00 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll

2015-05-14 00:00 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2015-05-14 00:00 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2015-05-14 00:00 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2015-05-14 00:00 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll

2015-05-14 00:00 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2015-05-14 00:00 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll

2015-05-14 00:00 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2015-05-14 00:00 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2015-05-14 00:00 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll

2015-05-14 00:00 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2015-05-14 00:00 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe

2015-05-14 00:00 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe

2015-05-14 00:00 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe

2015-05-14 00:00 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe

2015-05-14 00:00 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2015-05-14 00:00 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2015-05-14 00:00 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll

2015-05-14 00:00 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2015-05-14 00:00 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2015-05-14 00:00 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe

2015-05-14 00:00 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe

2015-05-14 00:00 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2015-05-14 00:00 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2015-05-14 00:00 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll

2015-05-14 00:00 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2015-05-14 00:00 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2015-05-14 00:00 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-05-14 00:00 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-05-14 00:00 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-05-14 00:00 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2015-05-14 00:00 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-05-14 00:00 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-05-14 00:00 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2015-05-14 00:00 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-05-14 00:00 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-05-14 00:00 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec

2015-05-14 00:00 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2015-05-14 00:00 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-05-14 00:00 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2015-05-14 00:00 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-05-14 00:00 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-05-14 00:00 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-05-14 00:00 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2015-05-14 00:00 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2015-05-14 00:00 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2015-05-14 00:00 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2015-05-14 00:00 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-05-14 00:00 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2015-05-14 00:00 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2015-05-14 00:00 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2015-05-14 00:00 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-05-14 00:00 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2015-05-14 00:00 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2015-05-14 00:00 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2015-05-14 00:00 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2015-05-14 00:00 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec

2015-05-14 00:00 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-05-14 00:00 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-05-14 00:00 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2015-05-14 00:00 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-05-14 00:00 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2015-05-14 00:00 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2015-05-14 00:00 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2015-05-14 00:00 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2015-05-14 00:00 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2015-05-14 00:00 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2015-05-14 00:00 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2015-05-14 00:00 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-05-14 00:00 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-05-14 00:00 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2015-05-14 00:00 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2015-05-14 00:00 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-05-14 00:00 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-05-14 00:00 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-05-14 00:00 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2015-05-14 00:00 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2015-05-14 00:00 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2015-05-14 00:00 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2015-05-14 00:00 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-05-14 00:00 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2015-05-14 00:00 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2015-05-14 00:00 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2015-05-14 00:00 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2015-05-14 00:00 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-05-14 00:00 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2015-05-14 00:00 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2015-05-14 00:00 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2015-05-14 00:00 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2015-05-14 00:00 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe

2015-05-13 23:59 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

2015-05-13 23:59 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll

2015-05-13 23:59 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll

2015-05-13 23:59 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2015-05-13 23:59 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll

2015-05-13 23:59 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll

2015-05-13 23:59 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll

2015-05-13 23:59 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe

2015-05-13 23:59 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe

2015-05-13 23:49 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll

2015-05-13 23:49 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll

2015-05-13 23:49 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe

2015-05-13 23:49 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll

2015-05-13 23:49 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll

2015-05-13 23:49 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll

2015-05-13 23:49 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 08:29 - 2012-12-31 19:28 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2015-06-10 08:29 - 2012-02-06 15:00 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-10 08:29 - 2012-02-06 14:48 - 01201092 _____ C:\FaceProv.log

2015-06-10 08:29 - 2012-02-06 14:22 - 01814821 _____ C:\windows\WindowsUpdate.log

2015-06-09 18:44 - 2009-07-14 00:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-09 18:44 - 2009-07-14 00:45 - 00028928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-09 17:42 - 2009-07-14 01:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI

2015-06-09 17:39 - 2012-02-06 15:00 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-09 17:39 - 2012-02-06 14:50 - 00742542 _____ C:\windows\system32\fastboot.set

2015-06-09 17:38 - 2012-02-06 14:48 - 00000000 ____D C:\ProgramData\VeriFace

2015-06-09 17:37 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2015-06-09 00:03 - 2012-06-08 11:47 - 00000000 ____D C:\Users\Beth\AppData\Local\CrashDumps

2015-06-09 00:03 - 2011-02-22 07:19 - 00000000 ____D C:\windows\Panther

2015-06-08 23:42 - 2012-05-17 19:50 - 00000000 ____D C:\Users\Beth\AppData\Local\Google

2015-06-08 23:02 - 2012-05-17 19:49 - 00112104 _____ C:\Users\Beth\AppData\Local\GDIPFONTCACHEV1.DAT

2015-06-08 22:59 - 2009-07-14 00:45 - 00412424 _____ C:\windows\system32\FNTCACHE.DAT

2015-06-08 22:57 - 2012-08-24 11:07 - 00010582 _____ C:\ProgramData\hpzinstall.log

2015-06-08 22:53 - 2012-08-24 11:06 - 00000000 ____D C:\ProgramData\HP

2015-06-08 22:52 - 2012-08-24 11:09 - 00000000 ____D C:\Program Files (x86)\HP

2015-06-08 22:50 - 2012-08-24 11:15 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2015-06-08 22:44 - 2013-11-04 16:14 - 00000000 ____D C:\Program Files\Paint.NET

2015-06-08 21:52 - 2014-03-20 17:09 - 00000000 ____D C:\Program Files (x86)\ATT

2015-06-08 21:52 - 2013-07-12 17:11 - 00000000 ____D C:\Users\Beth\AppData\Local\Deployment

2015-06-08 21:51 - 2013-07-12 17:13 - 00000000 ____D C:\Users\Beth\AppData\Local\Amazon Cloud Drive

2015-06-08 21:50 - 2014-07-23 23:15 - 00000000 ____D C:\Program Files\Digital Copy

2015-06-08 21:49 - 2012-06-15 21:04 - 00000000 ____D C:\ProgramData\Apple

2015-06-08 21:41 - 2012-06-20 19:18 - 00000000 ____D C:\Users\Beth\AppData\Roaming\Dropbox

2015-06-08 19:00 - 2012-06-20 19:20 - 00000000 ___RD C:\Users\Beth\Dropbox

2015-06-08 18:51 - 2014-12-11 10:12 - 00000000 ____D C:\windows\system32\appraiser

2015-06-08 18:51 - 2014-05-04 12:33 - 00000000 ___SD C:\windows\system32\CompatTel

2015-06-08 18:45 - 2015-04-07 08:15 - 00000000 ___SD C:\windows\SysWOW64\GWX

2015-06-08 18:45 - 2015-04-07 08:15 - 00000000 ___SD C:\windows\system32\GWX

2015-05-16 12:56 - 2012-02-06 15:00 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-05-16 12:56 - 2012-02-06 15:00 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-05-14 04:48 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache

2015-05-14 03:57 - 2013-03-13 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-05-14 03:57 - 2013-03-13 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-05-14 03:54 - 2011-09-28 23:37 - 00000000 ____D C:\Program Files\Windows Journal

2015-05-14 03:54 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers

2015-05-14 03:34 - 2012-05-30 17:16 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-05-14 03:29 - 2014-06-04 18:15 - 00000000 ____D C:\windows\system32\MRT

2015-05-14 03:12 - 2014-06-04 18:15 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2015-05-14 03:05 - 2013-03-13 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-05-13 23:09 - 2014-09-09 22:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

==================== Files in the root of some directories =======

2012-06-28 10:19 - 2012-06-28 16:35 - 0006144 _____ () C:\Users\Beth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-08-24 11:07 - 2015-06-08 22:57 - 0010582 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:

====================

C:\Users\Beth\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx__4cw.dll

C:\Users\Beth\AppData\Local\Temp\IHU323A.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-14 00:59

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015

Ran by Beth at 2015-06-10 08:38:04

Running from C:\Users\Beth\Desktop

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4225998983-3709521534-2982131043-500 - Administrator - Disabled)

Beth (S-1-5-21-4225998983-3709521534-2982131043-1002 - Administrator - Enabled) => C:\Users\Beth

Guest (S-1-5-21-4225998983-3709521534-2982131043-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-4225998983-3709521534-2982131043-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)

AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)

AMD Catalyst Install Manager (HKLM\...\{2EA6DD00-92B2-DC34-9447-EFCDBE46236B}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)

Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)

Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.2525 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden

Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)

Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden

Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)

Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo)

Onekey Theater (x32 Version: 2.0.2.8 - Lenovo) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)

PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.36 - Ralink)

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6358 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

SRS Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0900 - SRS Labs, Inc.)

Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)

Unchecky v0.3.7.5 (HKLM-x32\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)

UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)

UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden

VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0126 - Lenovo)

WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)

Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinFF 1.4.2 (HKLM-x32\...\WinFF_is1) (Version: - WinFF.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Beth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

08-06-2015 18:44:09 Windows Update

08-06-2015 21:42:29 Removed Google Talk Plugin

08-06-2015 21:44:15 Removed HP Update.

08-06-2015 21:46:50 Removed Apple Mobile Device Support

08-06-2015 21:48:34 Removed Apple Application Support

08-06-2015 21:50:14 Removed Amazon Music Importer

08-06-2015 22:43:23 Removed Paint.NET v3.5.11

08-06-2015 23:04:17 Removed LG Verizon United Drivers.

08-06-2015 23:19:01 Removed Apple Software Update

08-06-2015 23:28:24 Removed Apple Software Update

09-06-2015 17:57:04 Installed Minecraft

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-06-09 17:37 - 00001993 ____A C:\windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

0.0.0.0 media.opencandy.com

0.0.0.0 cdn.opencandy.com

0.0.0.0 tracking.opencandy.com

0.0.0.0 api.opencandy.com

0.0.0.0 installer.betterinstaller.com

0.0.0.0 installer.filebulldog.com

0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

0.0.0.0 inno.bisrv.com

0.0.0.0 nsis.bisrv.com

0.0.0.0 cdn.file2desktop.com

0.0.0.0 cdn.goateastcach.us

0.0.0.0 cdn.guttastatdk.us

0.0.0.0 cdn.inskinmedia.com

0.0.0.0 cdn.insta.oibundles2.com

0.0.0.0 cdn.insta.playbryte.com

0.0.0.0 cdn.llogetfastcach.us

0.0.0.0 cdn.montiera.com

0.0.0.0 cdn.msdwnld.com

0.0.0.0 cdn.mypcbackup.com

0.0.0.0 cdn.ppdownload.com

0.0.0.0 cdn.riceateastcach.us

0.0.0.0 cdn.shyapotato.us

0.0.0.0 cdn.solimba.com

0.0.0.0 cdn.tuto4pc.com

0.0.0.0 cdn.appround.biz

0.0.0.0 cdn.bigspeedpro.com

0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09FCE31B-B7A7-4E02-9299-20871A51FB67} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {12E8BD40-23E7-4E1A-9393-00F51908FD7F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)

Task: {200AE3C0-F28F-4A22-88A3-787894415B4D} - System32\Tasks\IHUninstallTrackingTASK => CMD

Task: {3A56107B-26E5-4653-989A-50FC35505411} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {4629B2A9-3528-42D0-8F85-839DD6238490} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)

Task: {5DC388E0-5ABB-46CC-99B4-E3DFE84F8ECD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)

Task: {623834D9-5A27-40BA-9709-F5E46FC6DDAB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {75C8FD91-F67F-40B6-B73B-010ADCD397F2} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)

Task: {7FCA1010-422C-4A55-B112-275E5CF8B7CE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {932C62E4-48FC-4473-B876-2180777D3C16} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)

Task: {9562456F-AA20-49E8-A9E1-E74120C79CE0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: {B0276214-5E8B-42DC-8AA9-0A1E128DBB19} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)

Task: {CD2245D6-7422-4822-ACD5-7A8E780772A7} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

Task: {D760E403-075E-4D23-BE7B-953BDE2D20D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)

Task: {E36164C1-A48D-4A49-8A4E-A50295EC449F} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-23] (Microsoft Corporation)

Task: {EC0B37DF-AF40-4882-A9A9-FA4BC0302DFA} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {F177D72C-9D96-4985-B5D7-3BD73C5829BB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

Task: {F9F3DDFF-08EF-4388-845B-47A7B7F15F85} - System32\Tasks\IHSelfDeleteTASK => CMD

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-12-15 05:05 - 2011-12-15 05:05 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2012-02-06 14:32 - 2010-05-19 06:43 - 00454656 _____ () C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe

2011-02-16 13:56 - 2011-02-16 13:56 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll

2011-02-16 14:01 - 2011-02-16 14:01 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll

2012-02-06 14:48 - 2012-02-06 14:48 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll

2012-02-06 14:48 - 2012-02-06 14:48 - 00628064 _____ () C:\windows\system32\SimpleExt.dll

2011-07-04 01:58 - 2011-03-31 19:29 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll

2008-12-19 23:20 - 2012-02-06 15:06 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll

2008-12-19 23:20 - 2012-02-06 15:06 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll

2012-02-06 14:51 - 2012-02-06 14:51 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

2011-12-15 05:04 - 2011-12-15 05:04 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2011-11-09 05:55 - 2011-11-09 05:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2011-12-15 05:11 - 2011-12-15 05:11 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-02-16 13:51 - 2011-02-16 13:51 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll

2011-02-16 13:53 - 2011-02-16 13:53 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll

2012-06-15 13:06 - 2011-03-31 19:29 - 00066856 _____ () C:\windows\SysWOW64\SynTPEnhPS.dll

2012-02-06 14:48 - 2012-02-06 14:48 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll

2015-06-08 18:32 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll

2015-06-08 18:32 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 172.16.42.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

MSCONFIG\startupreg: BYRUA_AGENT => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

MSCONFIG\startupreg: SmileboxTray => "C:\Users\Beth\AppData\Roaming\Smilebox\SmileboxTray.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4049F04D-C0F6-46E5-B0D5-A663D0995A3A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{552FD3DF-1D93-46E9-93F9-E5E7608C7AEB}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{64045B83-A53F-46CD-989D-176D0CC48944}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{F99C2E4B-2A71-457E-BA07-E9E46A58E4DF}] => (Allow) LPort=2869

FirewallRules: [{4B4DB879-208D-4314-A242-DE52D38F51C4}] => (Allow) LPort=1900

FirewallRules: [{CC5B8D3B-AC27-4D34-B375-E9037A536B00}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{A4BE72AF-E433-41DB-8BAE-78CCCC9BBD5C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{A484F45A-D471-4870-B148-9CB10B6B27E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{EAB37D0A-1683-4A4B-AD7A-4833B0BAB04B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{837FD3B5-E19E-442B-AD0C-BA4A4558106F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe

FirewallRules: [{12B512FA-5D20-4058-910D-2F4D097D236D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe

FirewallRules: [{CC2D7107-988E-4923-9E17-3E68BAD6E37A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{CCC0C064-9428-404A-865D-107A219FE1DC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{C32356FD-8A79-4CF9-9902-9D36E5CA884D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe

FirewallRules: [{4A72C653-2512-4BF2-A40A-E345D46F65AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{E9450FBB-6AFE-41E7-8BF7-0C449FB785BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe

FirewallRules: [{B3B9B754-B355-495F-A21A-3635F3E47984}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe

FirewallRules: [{EE4C8A97-F2DF-4DDA-8A3F-4BC17E682E78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe

FirewallRules: [{F7D2B3E8-7E26-4612-B02B-76AA958F5149}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{901FBBE7-00E6-4801-AE16-5C0E04A7DEC8}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe

FirewallRules: [{ED33270B-F08D-4382-A994-85EA8A25E5AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe

FirewallRules: [{505AFC09-9A7E-4F8C-82B3-9642E8154D90}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe

FirewallRules: [{2D861EDF-0DB0-4D76-BABE-A17A70D84F7E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe

FirewallRules: [{83F60E58-BC3D-4DFB-BDBD-6FF1CFB30BBD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe

FirewallRules: [{08C0FA45-B5B6-4D90-94C0-9AEB60A45AFA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe

FirewallRules: [{8C598D32-3BA1-4DD3-841E-20AE5DB8ED42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe

FirewallRules: [{29EE2281-8F3D-4538-97D8-3F3DAF86E889}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

FirewallRules: [{E3796465-F746-4B8F-AB6F-1F77A7B8C85B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe

FirewallRules: [{2A9EC455-6A29-42DE-A957-9D4FA8E8C835}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe

FirewallRules: [{955F0332-AABA-43D8-9684-65BD1431BBE6}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe

FirewallRules: [{1193E114-8A53-4456-98EE-19F29B60DC89}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe

FirewallRules: [{51216167-F5FB-4449-B71D-5DC2B4C3065F}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe

FirewallRules: [TCP Query User{DA7AB81C-AB61-4DF1-BCB9-EB6027B3C777}C:\users\beth\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\beth\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [UDP Query User{96255355-908A-4010-9918-92F8359E99A8}C:\users\beth\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\beth\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{F57C1EA1-C396-4597-8CB4-884DB12E5327}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/09/2015 05:57:09 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak). hr = 0x80070539, The security ID structure is invalid.

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {1a044959-ff81-41ba-87c2-cbeb44319078}

Error: (06/09/2015 05:38:54 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 11:40:46 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 11:28:24 PM) (Source: VSS) (EventID: 8193) (User: )

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {d7f26658-84d3-48e3-8ceb-c3e4552b2116}

Error: (06/08/2015 11:19:01 PM) (Source: VSS) (EventID: 8193) (User: )

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {50d86aa9-fede-42b2-be15-4a73c3956e93}

Error: (06/08/2015 11:04:19 PM) (Source: VSS) (EventID: 8193) (User: )

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {4c0c42cc-58fd-41b9-95eb-5de9ddef86ec}

Error: (06/08/2015 11:00:59 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 10:43:23 PM) (Source: VSS) (EventID: 8193) (User: )

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {9e005eb4-f8e8-48f9-8cbe-c138bbf6091d}

Error: (06/08/2015 10:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 09:50:14 PM) (Source: VSS) (EventID: 8193) (User: )

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {912410bf-b184-4d21-8a77-4af9be2848db}

System errors:

=============

Error: (06/10/2015 05:01:21 AM) (Source: cdrom) (EventID: 15) (User: )

Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (06/10/2015 05:01:21 AM) (Source: cdrom) (EventID: 15) (User: )

Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (06/09/2015 09:12:47 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer BETHLAPTOP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ECD416B-FB63-45FB-8BF1-DFCDF0871B78}.

The master browser is stopping or an election is being forced.

Error: (06/09/2015 07:41:17 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The Ralink UPnP Media Server service has reported an invalid current state 0.

Error: (06/09/2015 07:41:15 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The Ralink UPnP Media Server service has reported an invalid current state 0.

Error: (06/09/2015 05:37:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee SiteAdvisor Service service failed to start due to the following error:

%%2

Error: (06/09/2015 00:10:04 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The Ralink UPnP Media Server service has reported an invalid current state 0.

Error: (06/08/2015 11:42:33 PM) (Source: cdrom) (EventID: 15) (User: )

Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (06/08/2015 11:39:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee SiteAdvisor Service service failed to start due to the following error:

%%2

Error: (06/08/2015 11:38:02 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The Ralink UPnP Media Server service has reported an invalid current state 0.

Microsoft Office:

=========================

Error: (06/09/2015 05:57:09 PM) (Source: VSS) (EventID: 8193) (User: )

Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {1a044959-ff81-41ba-87c2-cbeb44319078}

Error: (06/09/2015 05:38:54 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 11:40:46 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 11:28:24 PM) (Source: VSS) (EventID: 8193) (User: )

Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {d7f26658-84d3-48e3-8ceb-c3e4552b2116}

Error: (06/08/2015 11:19:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {50d86aa9-fede-42b2-be15-4a73c3956e93}

Error: (06/08/2015 11:04:19 PM) (Source: VSS) (EventID: 8193) (User: )

Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {4c0c42cc-58fd-41b9-95eb-5de9ddef86ec}

Error: (06/08/2015 11:00:59 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 10:43:23 PM) (Source: VSS) (EventID: 8193) (User: )

Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {9e005eb4-f8e8-48f9-8cbe-c138bbf6091d}

Error: (06/08/2015 10:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 09:50:14 PM) (Source: VSS) (EventID: 8193) (User: )

Description: ConvertStringSidToSid(S-1-5-21-4225998983-3709521534-2982131043-1002.bak)0x80070539, The security ID structure is invalid.

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {912410bf-b184-4d21-8a77-4af9be2848db}

CodeIntegrity Errors:

===================================

Date: 2013-03-04 20:06:01.030

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-04 20:06:00.950

Date: 2013-03-04 20:05:56.943

Date: 2013-03-04 20:05:56.862

==================== Memory info ===========================

Processor: AMD A6-3420M APU with Radeon™ HD Graphics

Percentage of memory in use: 58%

Total physical RAM: 3558.11 MB

Available physical RAM: 1489.08 MB

Total Pagefile: 7114.43 MB

Available Pagefile: 4591.68 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:366.15 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 866EDC07)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of log ============================

#4
Satchfan

Posted 10 June 2015 - 08:44 AM

Trusted Helper

Malware Removal
624 posts

There’s nothing too sinister there but we’ll get rid of what FRST found and do some more checks..

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below.


HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Beth\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
Toolbar: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]
S3 vzandnetdiag2; system32\DRIVERS\lgvzandnetdiag264.sys [X]
S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]
S3 vzandnetndis; system32\DRIVERS\lgvzandnetndis64.sys [X]
2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\Users\Beth\AppData\Roaming\OpenCandy
Task: {F9F3DDFF-08EF-4388-845B-47A7B7F15F85} - System32\Tasks\IHSelfDeleteTASK => CMD
C:\Users\Beth\AppData\Roaming\OpenCandy
C:\Program Files\Updater By SweetPacks

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
run FRST64 then click Fix just once and wait
it will create a log (Fixlog.txt); please post it to your reply.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

run AdwCleaner
when it has finished, select Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

Logs to include with next post:

Fixlog.txt
AdwCleaner log
JRT.txt

Thanks

Satchfan

#5
jmwnerw2

Posted 10 June 2015 - 12:34 PM

Member

Topic Starter
Member
12 posts

Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015

Ran by Beth at 2015-06-10 14:12:18 Run:1

Running from C:\Users\Beth\Desktop\frst

Loaded Profiles: Beth (Available Profiles: Beth)

Boot Mode: Normal

==============================================

fixlist content:

*****************

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKLM-x32 -> DefaultScope value is missing

BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Beth\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File

BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

Toolbar: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-4225998983-3709521534-2982131043-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File

FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox

FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

U3 BcmSqlStartupSvc; No ImagePath

U2 CLKMSVC10_3A60B698; No ImagePath

U2 CLKMSVC10_C3B3B687; No ImagePath

U2 DriverService; No ImagePath

U2 IAStorDataMgrSvc; No ImagePath

U2 iATAgentService; No ImagePath

U2 idealife Update Service; No ImagePath

U3 IGRS; No ImagePath

U2 IviRegMgr; No ImagePath

S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

U2 nvUpdatusService; No ImagePath

U2 Oasis2Service; No ImagePath

U2 PCCarerService; No ImagePath

U2 ReadyComm.DirectRouter; No ImagePath

U2 RichVideo; No ImagePath

U2 RtLedService; No ImagePath

U2 SeaPort; No ImagePath

U2 SoftwareService; No ImagePath

U3 SQLWriter; No ImagePath

S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]

S3 vzandnetdiag2; system32\DRIVERS\lgvzandnetdiag264.sys [X]

S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]

S3 vzandnetndis; system32\DRIVERS\lgvzandnetndis64.sys [X]

2015-06-08 20:59 - 2015-06-08 20:59 - 00000000 ____D C:\Users\Beth\AppData\Roaming\OpenCandy

Task: {F9F3DDFF-08EF-4388-845B-47A7B7F15F85} - System32\Tasks\IHSelfDeleteTASK => CMD

C:\Users\Beth\AppData\Roaming\OpenCandy

C:\Program Files\Updater By SweetPacks

*****************

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully

HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.

HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully

HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.

"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin" => key removed successfully

HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => value removed successfully

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => value removed successfully

"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully

BcmSqlStartupSvc => Service removed successfully

CLKMSVC10_3A60B698 => Service removed successfully

CLKMSVC10_C3B3B687 => Service removed successfully

DriverService => Service removed successfully

IAStorDataMgrSvc => Service removed successfully

iATAgentService => Service removed successfully

idealife Update Service => Service removed successfully

IGRS => Service removed successfully

IviRegMgr => Service removed successfully

MREMP50 => Service removed successfully

MREMP50a64 => Service removed successfully

MREMPR5 => Service removed successfully

MRENDIS5 => Service removed successfully

MRESP50 => Service removed successfully

MRESP50a64 => Service removed successfully

nvUpdatusService => Service removed successfully

Oasis2Service => Service removed successfully

PCCarerService => Service removed successfully

ReadyComm.DirectRouter => Service removed successfully

RichVideo => Service removed successfully

RtLedService => Service removed successfully

SeaPort => Service removed successfully

SoftwareService => Service removed successfully

SQLWriter => Service removed successfully

vzandnetdiag => Service removed successfully

vzandnetdiag2 => Service removed successfully

vzandnetmodem => Service removed successfully

vzandnetndis => Service removed successfully

C:\Users\Beth\AppData\Roaming\OpenCandy => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9F3DDFF-08EF-4388-845B-47A7B7F15F85}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9F3DDFF-08EF-4388-845B-47A7B7F15F85}" => key removed successfully

C:\Windows\System32\Tasks\IHSelfDeleteTASK => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHSelfDeleteTASK" => key removed successfully

"C:\Users\Beth\AppData\Roaming\OpenCandy" => File/Folder not found.

"C:\Program Files\Updater By SweetPacks" => File/Folder not found.

==== End of Fixlog 14:12:20 ====

AdwCleaner log

# AdwCleaner v4.206 - Logfile created 10/06/2015 at 14:14:38

# Updated 01/06/2015 by Xplode

# Database : 2015-06-09.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Beth - BETH-LAPTOP

# Running from : C:\Users\Beth\Downloads\adwcleaner_4.206.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\HiDefMedia

Folder Found : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Folder Found : C:\Users\Beth\AppData\Local\Supreme Savings

***** [ Scheduled tasks ] *****

Task Found : IHUninstallTrackingTASK

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

Key Found : HKCU\Software\SweetIM

Key Found : HKCU\Software\visualbee

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : [x64] HKCU\Software\SweetIM

Key Found : [x64] HKCU\Software\visualbee

Key Found : [x64] HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}

Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Key Found : HKLM\SOFTWARE\Supreme Savings

Key Found : HKLM\SOFTWARE\SweetIM

Key Found : HKLM\SOFTWARE\Updater By Sweetpacks

Key Found : HKLM\SOFTWARE\VBMZ

Key Found : HKLM\SOFTWARE\visualbee

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Google Chrome v43.0.2357.124

[C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19&gct=sb&qsrc=2869

[C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN10859068601094278&ctid=CT3287804&UM=2

[C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4528 bytes] - [10/06/2015 14:14:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4587 bytes] ##########

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.9.1 (06.08.2015:1)

OS: Windows 7 Home Premium x64

Ran by Beth on Wed 06/10/2015 at 14:25:47.88

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}

~~~ Files

Successfully deleted: [File] C:\windows\s.bat

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Beth\appdata\local\{35ABE68E-80D1-4584-8722-54C592FAF498}

Successfully deleted: [Empty Folder] C:\Users\Beth\appdata\local\{64B0A673-4E25-497F-94F3-F5A5155BA87B}

Successfully deleted: [Empty Folder] C:\Users\Beth\appdata\local\{843C7727-5B7F-4E98-8C40-65F4DA54B16C}

Successfully deleted: [Folder] C:\Users\Beth\appdata\local\cre

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Beth\appdata\local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

[C:\Users\Beth\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Beth\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

mkfokfffehpeedafpekjeddnmnjhmcmk

[C:\Users\Beth\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Beth\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[

bopakagnckmlgajfccecajhnimjiiedh,

mkfokfffehpeedafpekjeddnmnjhmcmk

]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 06/10/2015 at 14:31:23.94

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks!

#6
Satchfan

Posted 10 June 2015 - 03:23 PM

Trusted Helper

Malware Removal
624 posts

That also dealt with a few minor problems.

Download Malwarebytes-Anti-Malware

Click here.

double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
select the “Scan” tab at the top
there are three scan types; choose Threat Scan, then click on Scan
when the scan is complete, if no malicious items are found you can close the program
if malicious items are found be sure that everything is checked and click Quarantine
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Can you tell me if there have been any improvement and if there are any outstanding problems.

Satchfan

#7
jmwnerw2

Posted 10 June 2015 - 03:49 PM

Member

Topic Starter
Member
12 posts

I'm running the program now. It does seem to be running faster. Thanks for all your help. Can you tell me what I should do maintenance wise to keep this from happening again? Should I leave these programs on the computer and run them on a regular basis? Do you recommend these for every computer? I have a newer laptop and would like to prevent problems like this from happening. Apparently, Norton isn't as thorough as I thought.

I'll post the log when the program finishes. Thanks again!

#8
jmwnerw2

Posted 10 June 2015 - 04:16 PM

Member

Topic Starter
Member
12 posts

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 6/10/2015

Scan Time: 5:40:30 PM

Logfile: MBAM.txt

Administrator: Yes

Version: 2.01.6.1022

Malware Database: v2015.06.10.06

Rootkit Database: v2015.06.02.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Beth

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 394094

Time Elapsed: 26 min, 3 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 2

PUP.Optional.DefaultTab.A, HKU\S-1-5-21-4225998983-3709521534-2982131043-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [1af48a2f008a3ff7651fff710df69e62],

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}, Quarantined, [43cb4b6e216988ae000a3550e91c827e],

Registry Values: 1

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}|AppName, Supreme Savings-bg.exe, Quarantined, [43cb4b6e216988ae000a3550e91c827e]

Registry Data: 0

(No malicious items detected)

Folders: 1

PUP.Optional.CrossRider.A, C:\Users\Beth\AppData\Local\Updater19962, Quarantined, [eb230bae1476e650af2604b632d129d7],

Files: 2

PUP.Optional.BundleInstaller.A, C:\Users\Beth\Downloads\Setup (1).exe, Quarantined, [89854079aedc74c277071451bb465ea2],

PUP.Optional.AirInstaller, C:\Users\Beth\Downloads\Setup.exe, Quarantined, [23ebc2f70b7f6fc77dfb43005ea39d63],

Physical Sectors: 0

(No malicious items detected)

(end)

#9
jmwnerw2

Posted 10 June 2015 - 04:26 PM

Member

Topic Starter
Member
12 posts

I just opened the task manager and checked the processes to see if there was a difference. There are still six titled chrome.exe *32 and three taking up the top three memory spots. Is this normal? I do use chrome, but I thought these were the result of a virus and would go away once all these cleaners went to work. (Forgive my ignorance! I hardly know how to ask the question, much less what to expect.)

One other issue that keeps happening, and started after I started uninstalling programs to get it back to basics, is a pop up on start up that says, "Program can't start because dnssd.dll is missing from your computer. Try reinstalling the program to fix this problem." Well, I'd be happy to reinstall if it told me what program this is referring to. Any ideas? I've just been closing the box and everything proceeds like normal. Other than the slowness that's been around for months I've had no issues.

#10
Satchfan

Posted 10 June 2015 - 04:30 PM

Trusted Helper

Malware Removal
624 posts

That's all looking good and I'll give recommendations when we tidy up.

Before that I'd like one more scan to be sure there is nothing left.

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

click the Eset online Scanner button
for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

o click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
o double click on the Eset installer icon on your desktop.
check Yes, I accept the Terms of Use
click the Start button
accept any security warnings from your browser
check Enable detection of potentially unwanted applications
click Advanced settings and select the following:

o   scan archives
o   scan for potentially unsafe applications
o   enable Anti-Stealth technology

Note: Do not check Remove found threats
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
when the scan completes, push List of found threats
push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Note - if ESET doesn't find any threats, no report will be created.
push the back button.
push Finish

When the scan is complete:

If no threats were found:

o   put a checkmark in "Uninstall application on close"
o   close program
o   report to me that nothing was found.

If threats were found:

o   click on "list of threats found"
o   click on "export to text file" and save it as ESET results and save to the desktop
o   Click on back
o   put a checkmark in "Uninstall application on close"
o   click on finish
o   close program
o   copy and paste the report here.

Thanks

Satchfan

#11
Satchfan

Posted 10 June 2015 - 04:46 PM

Trusted Helper

Malware Removal
624 posts

there are still six titled chrome.exe *32 and three taking up the top three memory spots. Is this normal?

Yes, that's quite normal.

Program can't start because dnssd.dll is missing from your computer. Try reinstalling the program to fix this problem." Well, I'd be happy to reinstall if it told me what program this is referring to

It's not crucial and I believe it's probably related to an "Apple" program.

Our paths crossed so please follow the instructions in my previous post.

#12
jmwnerw2

Posted 10 June 2015 - 06:27 PM

Member

Topic Starter
Member
12 posts

C:\FRST\Quarantine\C\Users\Beth\AppData\Roaming\OpenCandy\71833C0A09414951AE3B8E8916778DE2\WeatherBugSetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Beth\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Beth\Downloads\KeyFinderInstaller.exe a variant of Win32/OpenCandy.C potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application

It found 4 threats. See above. I failed to follow directions in clicking the back button, checking Uninstall, and clicking finish. I just X-ed out. Will that be a problem?

#13
Satchfan

Posted 11 June 2015 - 12:36 AM

Trusted Helper

Malware Removal
624 posts

I failed to follow directions in clicking the back button, checking Uninstall, and clicking finish. I just X-ed out. Will that be a problem?

No; Eset can be uninstalled via Control Panel, Programs and Features.

One of those that Eset found was already quarantined and will be dealt with when we tidy up but we’ll get rid of the others.

Please copy all text in the code box below and paste it into Notepad:


@echo off
del /f /s /q "C:\Users\Beth\Downloads\ccsetup506.exe”
del /f /s /q “C:\Users\Beth\Downloads\KeyFinderInstaller.exe”
del /f /s /q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch”
del %0

save the Notepad file to your desktop and name it delfiles.bat
save type as "All Files"
on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

================================================

We can stop some programs from running at startup which should speed things up a bit.

Run HijackThis

Please download and install the latest version of HijackThis v2.0.4:

Click here to download the HijackThis Installer.

save HijackThis to your desktop
double-click on HijackThis.msie to run the program – Noteon Vista or Windows 7, right click on the file and select Run as Administrator
by default it will install to C:\Program Files\Trend Micro\HijackThis. Or C:\Programs files (x86)\... on a 64 bit operating system
accept the license agreement by clicking the "I Accept" button.
click on the Do a system scan and save a log file button: it will scan and then ask you to save the log
click Save log to save the log file and then the log will open in Notepad.
click on Edit -> Select All then click on Edit -> Copy to copy the entire contents of the log
come back here to this thread and paste the log in your next reply
if your system denies write access to Host files, run HijackThis as an Administrator
do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Can you tell me if there are any outstanding problems.

Satchfan

#14
jmwnerw2

Posted 11 June 2015 - 05:53 AM

Member

Topic Starter
Member
12 posts

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 7:51:23 AM, on 6/11/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17801)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Unchecky\bin\Unchecky_bg.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\conathst.exe

C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe

C:\Users\Beth\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll

O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-21-4225998983-3709521534-2982131043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Easy Dock] (User '?')

O4 - HKUS\S-1-5-21-4225998983-3709521534-2982131043-1002.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-21-4225998983-3709521534-2982131043-1002.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Scrybe.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

End of file - 13489 bytes

I am not noticing any problems. It seems to be running much more smoothly. Thank you!

#15
Satchfan

Posted 11 June 2015 - 07:45 AM

Trusted Helper

Malware Removal
624 posts

Good that things are running better.

Too many startup programs are using up valuable resources. Stopping them will not affect the programs and they can be started normally when you need them.

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-4225998983-3709521534-2982131043-1002.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

Close all windows except for HijackThis and click Fix checked.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

save it to your Desktop.
double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Satchfan