Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help with ctb-locker [Closed]


  • This topic is locked This topic is locked

#1
mobrida99

mobrida99

    New Member

  • Member
  • Pip
  • 1 posts

one of my female friends called me with a problem about her laptop,so i get it and as soon i get to the desktop, the tb locker virus crap pops up, she worried because she have all of her 2 year son great moments in pics and she cant get to them. i never ran into this and did some research, i seen a couple of post on here, i tried to run the SystemLook.exe and it says "script required!, so i ran the hijack this to get a system log and this is what i got.. i tried running  IDTool  and when i press to scan nothing comes up

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-10-2015
Ran by Choyce (administrator) on CHOYCE-PC (10-10-2015 17:12:52)
Running from E:\all folder\programs\virus
Loaded Profiles: Choyce (Available Profiles: Choyce)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dleacoms.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SpeedBit Ltd.) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\DataSafe.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [770728 2010-01-18] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [dellsupportcenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296056 2012-05-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\...\Run: [kbetwe] => "C:\Windows\System32\rundll32.exe" "C:\Users\Choyce\AppData\Roaming\kbetwe.dll",IncUseCount <===== ATTENTION
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-07-06] (Glarysoft Ltd)
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\...\MountPoints2: {663bc8ab-321b-11df-a941-806e6f6e6963} - D:\SteupWizard.exe
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\...\MountPoints2: {ef2ecc30-5d7f-11e2-a0cd-f6cd74a030cf} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe -update activex
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2015-10-10] (Microsoft Corporation)
HKU\S-1-5-18\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-18\$887202d43af8888f30e5b3fb3c2a1f41\n.ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-04-24]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-07-19]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk *  
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{AF3D269F-803A-4C56-BEB3-9217001B1225}: [DhcpNameServer] 75.114.81.1 75.114.81.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://dell.msn.com/
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/
hxxps://www.google.com/
URLSearchHook: HKU\S-1-5-21-3932760742-3187374168-549460042-1000 - (No Name) - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM -> {FC97DCA5-60DC-4F14-B150-2AD5C0550C44} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {5A94212B-AFB5-4E34-B675-175D95B67E2C} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {CF4B8278-551B-4619-B841-F76E3F0A2353} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3932760742-3187374168-549460042-1000 -> {CF4B8278-551B-4619-B841-F76E3F0A2353} URL = 
SearchScopes: HKU\S-1-5-21-3932760742-3187374168-549460042-1000 -> {E9BE365F-3B50-4BC5-9298-2A0E6376539F} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130520,0,0,18,7635
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-09] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-17] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-28] (RealPlayer)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-09] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-3932760742-3187374168-549460042-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-3932760742-3187374168-549460042-1000 -> No Name - {D4330680-C0AE-4226-8A21-0AFE2FD1AC24} -  No File
Toolbar: HKU\S-1-5-21-3932760742-3187374168-549460042-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2010-11-12] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-05-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-05-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-05-28] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-28]
FF HKU\S-1-5-21-3932760742-3187374168-549460042-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_14&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAtAtC0B0B0FtD0F0CtDtN0D0Tzu0StCtCzzzztN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCtCtBtB0EyEtB0EtG0Dzyzy0CtGtB0DtA0DtGzzyDzztAtGyB0B0BtByBtAtD0C0D0CyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0B0Bzz0ByC0A0AtGyDyEzzyBtGyEyD0DzztGzyyE0DyEtGyD0A0B0AtAyBzy0EtDzzyByE2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCyDtA%26cr%3D1698762184%26a%3Dwny_dnldstr_15_14%26os%3DWindows 7 Home Premium
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_14&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAtAtC0B0B0FtD0F0CtDtN0D0Tzu0StCtCzzzztN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCtCtBtB0EyEtB0EtG0Dzyzy0CtGtB0DtA0DtGzzyDzztAtGyB0B0BtByBtAtD0C0D0CyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0B0Bzz0ByC0A0AtGyDyEzzyBtGyEyD0DzztGzyyE0DyEtGyD0A0B0AtAyBzy0EtDzzyByE2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCyDtA%26cr%3D1698762184%26a%3Dwny_dnldstr_15_14%26os%3DWindows 7 Home Premium" 
CHR DefaultSearchURL: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_14&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAtAtC0B0B0FtD0F0CtDtN0D0Tzu0StCtCzzzztN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCtCtBtB0EyEtB0EtG0Dzyzy0CtGtB0DtA0DtGzzyDzztAtGyB0B0BtByBtAtD0C0D0CyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0B0Bzz0ByC0A0AtGyDyEzzyBtGyEyD0DzztGzyyE0DyEtGyD0A0B0AtAyBzy0EtDzzyByE2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCyDtA%26cr%3D1698762184%26a%3Dwny_dnldstr_15_14%26os%3DWindows 7 Home Premium&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\gcswf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\Choyce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Choyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-04-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\Choyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Choyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR HKU\S-1-5-21-3932760742-3187374168-549460042-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Choyce\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-20]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [33448 2010-01-07] ()
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-01-07] ( )
R2 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [598696 2010-01-07] ( )
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-10-10] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [265928 2012-04-20] (SpeedBit Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 991699EB; C:\Windows\System32\drivers\991699EB.sys [457824 2015-10-08] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 efavdrv; C:\windows\SysWOW64\drivers\efavdrv.sys [115008 2015-10-08] (ESET)
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-09-30] (Glarysoft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [446976 2009-11-18] (NETGEAR Inc.                           ) [File not signed]
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated)
S3 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 17:12 - 2015-10-10 17:13 - 00000000 ____D C:\FRST
2015-10-10 16:09 - 2015-10-10 16:09 - 00005264 _____ C:\windows\system32\.crusader
2015-10-10 15:38 - 2015-10-10 15:38 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-10-10 15:38 - 2015-10-10 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-10-10 15:38 - 2015-10-10 15:38 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-10 15:19 - 2015-10-10 16:09 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-10 15:13 - 2015-10-10 15:13 - 00000000 ____D C:\Users\Choyce\AppData\Local\LockerUnlocker
2015-10-10 14:49 - 2015-10-10 14:49 - 00000000 _____ C:\Users\Choyce\Desktop\Continue HijackThis Installation.lnk
2015-10-10 14:46 - 2015-10-10 14:46 - 01402880 _____ C:\Users\Choyce\Downloads\HijackThisSetup [1].exe
2015-10-10 14:33 - 2015-10-10 14:33 - 00000000 ____D C:\dfa0dd79eeee28c2109e7f0fee765e36
2015-10-10 03:02 - 2015-10-10 03:02 - 00000000 ____D C:\windows\system32\SPReview
2015-10-10 03:01 - 2015-10-10 03:01 - 00000000 ____D C:\windows\system32\EventProviders
2015-10-09 21:52 - 2015-07-29 16:19 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-09 21:52 - 2015-07-29 16:16 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-09 21:52 - 2015-07-29 16:16 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-09 21:52 - 2015-07-29 16:16 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-09 21:52 - 2015-07-29 16:16 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-09 21:52 - 2015-07-29 16:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-10-09 21:52 - 2015-07-29 16:16 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-09 21:52 - 2015-07-29 16:11 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-09 21:52 - 2015-05-21 09:12 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-10-09 21:51 - 2015-10-09 21:51 - 00000000 ____D C:\windows\pss
2015-10-09 21:38 - 2015-10-09 21:38 - 00000000 ____D C:\Users\Choyce\AppData\Roaming\ACD Systems
2015-10-09 21:38 - 2015-10-09 21:38 - 00000000 ____D C:\Users\Choyce\AppData\Local\ACD Systems
2015-10-09 21:36 - 2015-10-09 21:39 - 00000000 ____D C:\StudioLine3 Data
2015-10-09 21:34 - 2015-10-09 21:34 - 00001197 _____ C:\Users\Public\Desktop\ACDSee Free.lnk
2015-10-09 21:34 - 2015-10-09 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDSee Free
2015-10-09 21:34 - 2015-10-09 21:34 - 00000000 ____D C:\Program Files (x86)\ACD Systems
2015-10-09 21:33 - 2015-10-09 21:33 - 00001972 _____ C:\Users\Public\Desktop\StudioLine Photo Basic.lnk
2015-10-09 21:33 - 2015-10-09 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioLine Photo Basic
2015-10-09 21:33 - 2015-10-09 21:33 - 00000000 ____D C:\ProgramData\H&M System Software
2015-10-09 21:33 - 2015-10-09 21:33 - 00000000 ____D C:\Program Files (x86)\StudioLine Photo Basic
2015-10-09 21:32 - 2015-10-09 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\New Dreams Software
2015-10-09 21:32 - 2015-10-09 21:32 - 00000000 ____D C:\Program Files (x86)\New Dreams Software
2015-10-09 21:28 - 2015-10-10 17:09 - 00026042 _____ C:\windows\RPSETUP.EXE.LOG
2015-10-09 18:14 - 2015-10-09 18:14 - 00000000 _____ C:\autoexec.bat
2015-10-09 18:13 - 2015-10-09 18:13 - 00003344 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2015-10-09 18:13 - 2015-10-09 18:13 - 00002288 _____ C:\Users\Choyce\Desktop\SpyHunter.lnk
2015-10-09 18:13 - 2015-10-09 18:13 - 00000000 ____D C:\Users\Choyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-10-09 18:13 - 2015-10-09 18:13 - 00000000 ____D C:\sh4ldr
2015-10-09 18:13 - 2015-10-09 18:13 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2015-10-09 18:12 - 2015-10-09 18:13 - 00000000 ____D C:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2015-10-09 17:22 - 2015-10-09 17:22 - 00052320 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\83906894.sys
2015-10-09 00:31 - 2015-10-10 16:47 - 00666876 _____ C:\windows\PFRO.log
2015-10-09 00:27 - 2015-10-09 00:27 - 00001052 _____ C:\Users\Choyce\Desktop\virus list.txt
2015-10-08 23:24 - 2015-10-08 23:24 - 00457824 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\991699EB.sys
2015-10-08 22:58 - 2015-10-10 15:09 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-08 22:57 - 2015-10-09 00:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-08 22:57 - 2015-10-08 22:57 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-08 22:57 - 2015-10-08 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-08 22:57 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-08 22:57 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-08 22:54 - 2015-10-08 22:54 - 00115008 _____ (ESET) C:\windows\SysWOW64\Drivers\efavdrv.sys
2015-10-08 18:32 - 2015-10-08 18:32 - 00034144 __RSH C:\$UGM
2015-10-08 18:32 - 2015-10-08 18:32 - 00000073 _____ C:\windows\{9f84270d-275b-478f-9247-c76d4c56de27}
2015-10-05 22:43 - 2015-10-05 22:54 - 00000000 ____D C:\KVRT_Data
2015-10-05 22:37 - 2015-10-05 22:37 - 00000000 ____D C:\ProgramData\ESET
2015-10-03 12:32 - 2015-10-03 12:32 - 00001266 _____ C:\Users\Choyce\Documents\!Decrypt-All-Files-erfjkth.txt
2015-10-03 09:55 - 2015-10-03 09:56 - 00000000 ____D C:\Users\Choyce\AppData\Local\{865D6836-2F0B-46D9-B65E-ECEC42C4DA99}
2015-10-03 09:37 - 2015-10-10 16:48 - 00001120 _____ C:\windows\setupact.log
2015-10-03 09:37 - 2015-10-03 09:37 - 00000000 _____ C:\windows\setuperr.log
2015-10-01 00:31 - 2015-10-01 00:31 - 00000000 __SHD C:\found.000
2015-10-01 00:05 - 2015-10-01 00:05 - 00000000 ____D C:\ProgramData\GlarySoft
2015-09-30 23:53 - 2015-09-30 23:53 - 00020160 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\GUBootStartup.sys
2015-09-30 23:53 - 2015-09-30 23:53 - 00003316 _____ C:\windows\System32\Tasks\GlaryInitialize 5
2015-09-30 23:53 - 2015-09-30 23:53 - 00002976 _____ C:\windows\System32\Tasks\GU5SkipUAC
2015-09-30 23:53 - 2015-09-30 23:53 - 00001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-09-30 23:53 - 2015-09-30 23:53 - 00001082 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-09-30 23:53 - 2015-09-30 23:53 - 00000000 ____D C:\Users\Choyce\AppData\Roaming\DiskDefrag
2015-09-30 23:53 - 2015-09-30 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-09-30 23:49 - 2015-10-08 22:50 - 00000000 ____D C:\Users\Choyce\AppData\Roaming\GlarySoft
2015-09-30 23:49 - 2015-10-08 22:50 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2015-09-30 23:28 - 2015-10-10 16:56 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-09-30 23:17 - 2015-10-06 19:08 - 00000000 ____D C:\Users\Choyce\AppData\Roaming\CleanMyPC Software
2015-09-30 23:16 - 2015-10-08 22:50 - 00000000 ____D C:\ProgramData\TEMP
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 17:16 - 2009-07-13 23:20 - 00000000 ____D C:\windows\tracing
2015-10-10 17:15 - 2010-03-17 17:35 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-10-10 17:05 - 2011-08-25 11:05 - 01582341 _____ C:\windows\WindowsUpdate.log
2015-10-10 17:02 - 2009-07-14 00:45 - 00014240 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-10 17:02 - 2009-07-14 00:45 - 00014240 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-10 16:52 - 2010-06-11 12:42 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-10-10 16:52 - 2010-06-11 12:42 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-10-10 16:50 - 2010-09-12 14:43 - 00247489 _____ C:\ProgramData\dleascan.log
2015-10-10 16:50 - 2010-07-10 01:18 - 00065536 _____ C:\windows\system32\Ikeext.etl
2015-10-10 16:49 - 2010-06-13 18:23 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-10 16:48 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-10 16:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\IME
2015-10-10 16:35 - 2010-06-13 18:23 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 16:09 - 2015-01-09 19:58 - 00000000 ____D C:\ProgramData\dtdata
2015-10-10 15:48 - 2013-02-18 13:03 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-10 14:47 - 2011-03-25 16:38 - 00778500 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-10-10 14:46 - 2009-07-14 01:13 - 00778500 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-10 08:30 - 2015-01-20 19:03 - 00000000 ____D C:\windows\system32\appraiser
2015-10-10 08:30 - 2014-08-07 09:20 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-10 08:27 - 2009-07-14 00:45 - 00419040 _____ C:\windows\system32\FNTCACHE.DAT
2015-10-10 05:58 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-10 05:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-10-10 05:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-10 05:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-10 05:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-10 05:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-10-10 05:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-10-10 05:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-10 05:58 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\sppui
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Setup
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\oobe
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\migwiz
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\manifeststore
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\AdvancedInstallers
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\sppui
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Setup
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\oobe
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\manifeststore
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\servicing
2015-10-10 05:58 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-10 05:57 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\migwiz
2015-10-10 05:57 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Dism
2015-10-10 05:52 - 2009-07-13 22:36 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\msclmd.dll
2015-10-10 05:52 - 2009-07-13 22:36 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msclmd.dll
2015-10-10 03:49 - 2011-01-15 13:15 - 00003515 _____ C:\ProgramData\dlea.log
2015-10-10 01:00 - 2010-07-26 15:29 - 00000000 ____D C:\Users\Choyce\AppData\Local\CrashDumps
2015-10-09 17:33 - 2012-10-21 09:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-09 17:33 - 2012-10-21 09:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-09 17:31 - 2012-12-05 10:02 - 00006273 _____ C:\Users\Choyce\AppData\Local\99b0f273-a28d-4dc0-b0eb-75d2571609de.crx
2015-10-09 15:10 - 2012-10-21 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-09 15:06 - 2009-07-13 22:34 - 00000513 _____ C:\windows\win.ini
2015-10-09 00:30 - 2010-10-21 16:40 - 00000000 ____D C:\windows\Sun
2015-10-09 00:27 - 2015-04-04 21:18 - 00000000 ____D C:\ProgramData\a557476f00006e0e
2015-10-08 22:57 - 2012-03-12 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-08 22:44 - 2010-06-11 12:39 - 00000000 ____D C:\Users\Choyce
2015-10-06 19:07 - 2010-06-13 17:21 - 00000000 ____D C:\ProgramData\Real
2015-10-06 19:07 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2015-10-06 03:41 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-03 12:32 - 2015-06-21 21:32 - 00647980 _____ C:\ProgramData\pvgqmjg.html
2015-10-03 11:48 - 2010-07-10 00:10 - 00000000 ____D C:\Netgear
2015-10-03 10:11 - 2013-02-18 13:03 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-03 10:10 - 2012-08-24 15:25 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-03 10:10 - 2011-08-17 20:28 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-03 10:04 - 2013-05-13 07:46 - 00000000 ____D C:\Users\Choyce\Documents\PSY3204
2015-10-03 10:04 - 2013-05-06 14:30 - 00000000 ____D C:\Users\Choyce\Documents\Unemployment
2015-10-03 10:04 - 2012-09-09 11:08 - 00000000 ____D C:\Users\Choyce\Documents\Usf-Vet
2015-10-03 10:04 - 2011-05-23 20:33 - 00000000 ____D C:\Users\Choyce\Documents\Choyce
2015-10-03 10:04 - 2010-10-12 19:04 - 00000000 ____D C:\Users\Choyce\Documents\Outlook Files
2015-10-01 00:20 - 2013-05-13 07:47 - 00000000 ____D C:\Users\Choyce\Documents\EVR4027
2015-10-01 00:20 - 2012-09-09 11:08 - 00000000 ____D C:\Users\Choyce\Documents\Joyce Resume
2015-10-01 00:14 - 2010-08-30 14:54 - 00000000 ____D C:\windows\Minidump
2015-10-01 00:13 - 2011-11-19 19:46 - 00000000 ____D C:\Users\Choyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
2015-09-30 23:59 - 2010-06-20 21:06 - 00000000 ____D C:\Users\Choyce\Documents\Symantec
 
==================== Files in the root of some directories =======
 
2010-06-12 12:31 - 2010-12-08 07:16 - 0011808 _____ () C:\Users\Choyce\AppData\Roaming\wklnhst.dat
2012-12-05 10:02 - 2015-10-09 17:31 - 0006273 _____ () C:\Users\Choyce\AppData\Local\99b0f273-a28d-4dc0-b0eb-75d2571609de.crx
2010-11-23 10:52 - 2011-01-02 15:25 - 0004608 _____ () C:\Users\Choyce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-19 19:46 - 2011-11-19 19:46 - 0000000 _____ () C:\Users\Choyce\AppData\Local\{012488AF-12F2-42DB-ACEC-6F7775AE01E5}
2011-01-04 19:09 - 2011-01-09 13:00 - 0001940 _____ () C:\Users\Choyce\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2011-08-13 09:57 - 2011-08-13 09:57 - 0000000 _____ () C:\Users\Choyce\AppData\Local\{D3D34FB6-2EDE-46E1-972F-8ED7684AD8DC}
2011-06-25 10:59 - 2011-06-25 11:01 - 0000000 _____ () C:\Users\Choyce\AppData\Local\{DE6BE3F1-307D-44CE-A961-9601A5F4865E}
2010-10-08 16:23 - 2010-10-08 16:23 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-01-15 13:15 - 2015-10-10 03:49 - 0003515 _____ () C:\ProgramData\dlea.log
2010-09-12 15:38 - 2011-12-05 17:48 - 0251670 _____ () C:\ProgramData\dleaJSW.log
2010-09-12 14:43 - 2015-10-10 16:50 - 0247489 _____ () C:\ProgramData\dleascan.log
2010-06-25 00:08 - 2010-06-25 00:08 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2010-09-12 15:28 - 2010-09-12 15:29 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-11-19 19:54 - 2011-11-19 20:01 - 0000456 _____ () C:\ProgramData\fmYK7ZLutaT3hg
2012-04-24 19:44 - 2012-11-25 17:26 - 0002285 _____ () C:\ProgramData\hpzinstall.log
2011-11-19 19:44 - 2011-11-19 19:44 - 0000344 _____ () C:\ProgramData\iS6GAdG5yolN7v
2010-10-08 16:23 - 2010-10-08 16:23 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2015-06-21 21:32 - 2015-10-03 12:32 - 0647980 _____ () C:\ProgramData\pvgqmjg.html
2010-11-19 14:38 - 2010-11-19 14:38 - 1021752 _____ () C:\ProgramData\SPL1E88.tmp
2010-10-30 13:34 - 2010-10-30 13:34 - 0989643 _____ () C:\ProgramData\SPL22CC.tmp
2011-04-07 21:04 - 2011-04-07 21:04 - 0722222 _____ () C:\ProgramData\SPL557F.tmp
2011-06-02 06:56 - 2011-06-02 06:56 - 1621442 _____ () C:\ProgramData\SPLB490.tmp
2010-12-09 12:32 - 2010-12-09 12:32 - 1684655 _____ () C:\ProgramData\SPLCA7F.tmp
2011-05-04 00:38 - 2011-05-04 00:38 - 0680214 _____ () C:\ProgramData\SPLE89A.tmp
2012-09-23 00:25 - 2012-09-23 00:28 - 0097641 _____ () C:\ProgramData\ucphdipoutzgwim
2010-09-12 14:39 - 2010-09-12 14:39 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2011-11-19 19:56 - 2011-11-19 19:56 - 0000288 _____ () C:\ProgramData\~fmYK7ZLutaT3hg
2011-11-19 19:56 - 2011-11-19 19:56 - 0000216 _____ () C:\ProgramData\~fmYK7ZLutaT3hgr
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-02-17 14:51
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by Choyce (2015-10-10 17:21:14)
Running from E:\all folder\programs\virus
Windows 7 Home Premium (X64) (2010-06-11 16:39:38)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3932760742-3187374168-549460042-500 - Administrator - Disabled)
Choyce (S-1-5-21-3932760742-3187374168-549460042-1000 - Administrator - Enabled) => C:\Users\Choyce
Guest (S-1-5-21-3932760742-3187374168-549460042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3932760742-3187374168-549460042-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ACDSee Free (HKLM-x32\...\ACDSee Free) (Version: 1.0.18 - ACD Systems International Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Free Studio version 5.7.6.1015 (HKLM-x32\...\Free Studio_is1) (Version: 5.7.6.1015 - DVDVideoSoft Ltd.)
Glary Utilities PRO 5.29 (HKLM-x32\...\Glary Utilities 5) (Version: 5.29.0.49 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.250 - SurfRight B.V.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Imagine Picture Viewer (HKLM-x32\...\{E51243A3-FEFE-4AE8-A3CE-A0874F8EE3F0}) (Version: 2.2.4 - New Dreams Software)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java™ 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java™ 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.230 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SpyHunter (HKLM-x32\...\{AF549236-6258-4AC6-A043-5B5B89C6EB61}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
StudioLine Photo Basic 3 (HKLM-x32\...\{3AAAFE25-DC6C-4298-B20D-DE163F880610}) (Version: 3.70.35.6 - H&M System Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
08-10-2015 22:54:12 Windows Backup
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-10-09 17:33 - 00000147 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0896EF00-FE04-4277-A1BB-4A30693E7B65} - \107818240 -> No File <==== ATTENTION
Task: {0A652714-CE43-49CA-A015-FB3731C1B5DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0B9D1DBA-932F-4640-A314-5B16A7A20563} - \685320592 -> No File <==== ATTENTION
Task: {0D2C983E-5B72-4937-9DB7-3D2E89E185A4} - \2198592544 -> No File <==== ATTENTION
Task: {0FAB9AE9-A10B-4363-A877-DE784DF8B760} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2015-01-09] () <==== ATTENTION
Task: {14B89F67-F59C-496B-B1D3-D1C192CBFE86} - System32\Tasks\{ED561FEA-9A40-46D3-BF07-23F193E72A66} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {1B47F8ED-3F57-4E1E-A287-899E8A4C088F} - \632053888 -> No File <==== ATTENTION
Task: {1C7BEE86-7833-4E12-AB63-C2DDFAAFFC34} - \38699808 -> No File <==== ATTENTION
Task: {25E8E32A-82DA-4C3F-9B8C-D9418B573C22} - \DefaultCheck -> No File <==== ATTENTION
Task: {28C9771E-2E93-4C83-B481-704362C62877} - \4000330008 -> No File <==== ATTENTION
Task: {29ECE4E5-1699-4581-86DC-87162C37988F} - \Default2Check -> No File <==== ATTENTION
Task: {2ADE5FF9-E785-4291-884E-7E002F179A9B} - System32\Tasks\{8C8D1774-D603-4E26-BA17-094B1D2C7692} => pcalua.exe -a "C:\Users\Choyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNVA9XIK\AmazonUnboxVideo[1].exe" -d C:\Users\Choyce\Desktop
Task: {2B4E5EA8-0758-49AD-BA53-BACED77D6534} - \wrdsxcj -> No File <==== ATTENTION
Task: {2CCA53A9-05BC-485D-ADC3-7030CBC8FE21} - System32\Tasks\{F15D6E6C-560F-4071-B159-A5ACEDD19B75} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {35638FF4-8E23-479A-AC54-C6888E554D78} - \3165937720 -> No File <==== ATTENTION
Task: {390915AB-C65E-4DF4-91EF-87D865C6555C} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {3A476682-70B0-4386-9EF3-FC52AAE1F36C} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-10-09] (Enigma Software Group USA, LLC.)
Task: {40ABF473-F8DE-4780-8DB1-9B3DCD70E5A0} - \2454554268 -> No File <==== ATTENTION
Task: {428171BE-2444-4252-BB0B-B5796587DE28} - \3544101184 -> No File <==== ATTENTION
Task: {44B7EC94-4AF5-4084-A7BB-B175883DFBCD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {50B8FEC4-D99C-4DCA-A606-4F1D69980297} - \1793537132 -> No File <==== ATTENTION
Task: {5279691B-654D-4C52-BC3B-AEBFF5ED6BB5} - \3136443904 -> No File <==== ATTENTION
Task: {57312B5F-FA33-474D-B1CB-39EC0F343091} - \295483860 -> No File <==== ATTENTION
Task: {5BC16DDB-1EBA-41CA-9130-CC9B5BCB790F} - \1974786912 -> No File <==== ATTENTION
Task: {616FC67F-C957-4EB6-BE04-BC3F3F7BD726} - \3629053124 -> No File <==== ATTENTION
Task: {64CB4CCA-642E-475C-87B7-54BA7E0B62F1} - \1475925152 -> No File <==== ATTENTION
Task: {6BE27BF7-CD7C-4259-9D63-61E1FCF8B45E} - System32\Tasks\{DB36F176-8110-4A92-9EA7-DEB0C7A11DE9} => C:\Users\Choyce\Downloads\itunes_setup.exe [2015-04-03] (Apple Inc.)
Task: {6E216886-4E0C-410B-939C-75F13AB70326} - \2613167008 -> No File <==== ATTENTION
Task: {7023B87F-2D28-4E70-9A53-C197266DDC73} - System32\Tasks\{16DE153D-2953-4C23-9379-19B0E7D71856} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {70BD9C24-5E63-4147-A634-ED6AB91922E7} - \464865152 -> No File <==== ATTENTION
Task: {75B20619-F751-43E6-BBD3-C09CE385B72F} - System32\Tasks\{E1299D5C-99B3-4F02-9292-74859C7E9565} => C:\Users\Choyce\Downloads\itunes_setup.exe [2015-04-03] (Apple Inc.)
Task: {76798C56-3BF9-48C5-8FC1-E75F5150284B} - System32\Tasks\{BC773AA9-F163-4896-BF2C-E5184A37C06E} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {77EF3034-FDD6-4B06-A52D-C42057ABF22A} - \4148808192 -> No File <==== ATTENTION
Task: {7F315684-B221-4699-8B30-8C93337E1A21} - System32\Tasks\{6ED03A8A-F784-471C-A303-6CF9E6549836} => pcalua.exe -a "c:\program files (x86)\real\realplayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|15.0
Task: {7F5B1782-FC17-4E98-9134-67B557AA55B2} - \179030240 -> No File <==== ATTENTION
Task: {86013074-88EA-4FED-AEA0-4B66E6DE6315} - \3441442560 -> No File <==== ATTENTION
Task: {8961A8BE-AEB9-45E2-985E-B07AD29F4D87} - \1149970816 -> No File <==== ATTENTION
Task: {933EDB5F-2293-4EFC-9BC8-08F30D93962C} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-07-06] (Glarysoft Ltd)
Task: {93F61095-EE7E-43A4-9F52-EDD1747C10C1} - System32\Tasks\{6CC604B2-0980-43D5-B19E-A09721A3D67B} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {96B61352-9EE7-4EA9-9F4D-E801EF2950D5} - System32\Tasks\{39336042-9F60-4F46-91D6-2EACA85E2B26} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {9B0C171B-0BD5-4F95-836A-73B92D1ACE40} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3932760742-3187374168-549460042-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {9B3AF41C-D219-489A-968D-26E0F080B545} - \1131556712 -> No File <==== ATTENTION
Task: {A5E82832-BDED-4D76-BAA7-CD7FC2C01728} - \2042886632 -> No File <==== ATTENTION
Task: {A6E53D3D-5BB9-4527-AFFC-8DE02B5B352D} - System32\Tasks\{46E34078-C76A-430F-848D-18F2DB3EA34D} => C:\Users\Choyce\Downloads\itunes_setup.exe [2015-04-03] (Apple Inc.)
Task: {ADCC69F8-D4AF-48FB-B8D9-14E7EC562E34} - System32\Tasks\4784 => Wscript.exe C:\Users\Choyce\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {ADD2B253-48DA-4917-A144-23D63B7F82BE} - \869395168 -> No File <==== ATTENTION
Task: {B1A22F27-DDC7-4C13-A7F3-7F6590296B42} - \1408744488 -> No File <==== ATTENTION
Task: {B1CE4ECA-D326-47ED-9547-94BE74D219C7} - \2369139676 -> No File <==== ATTENTION
Task: {B42C0E0F-A2A5-4025-886D-D5224949769D} - \4270668296 -> No File <==== ATTENTION
Task: {BABBF3D7-9910-4710-BF71-B75A22AAEABB} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-07-06] (Glarysoft Ltd)
Task: {BD237E86-EABC-4E39-AAC8-0765DBB5D5FD} - \winupd -> No File <==== ATTENTION
Task: {BE38C70C-DFB6-4AEC-836F-FFB76194D8F5} - System32\Tasks\{7BF7DB29-67BB-47E8-9233-A67466C288F5} => C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientApp.exe
Task: {BFCA6514-C65B-4EC7-9E9C-D90BD332A20F} - System32\Tasks\DCK8W9L1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {C0284E31-F96F-401F-AEB5-5173773F7A61} - System32\Tasks\{D7ABAAF9-402B-4D6E-941D-EB356956DE00} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {C15206E4-24C8-41DB-9E8C-43FFD2D12EF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-03] (Adobe Systems Incorporated)
Task: {C1DC0725-8F23-48B8-A78F-4140F6BAE139} - \992608432 -> No File <==== ATTENTION
Task: {C27E4D46-BE76-4088-BEC1-BF865F94DF2C} - \1720914720 -> No File <==== ATTENTION
Task: {C81D5C41-8295-48AA-8100-15807D13C7CD} - \1311617864 -> No File <==== ATTENTION
Task: {C85AC453-5B26-46D5-A81D-213FFED44997} - System32\Tasks\{6141EF3C-63D6-4D00-9D30-FA08FE3AB62B} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {C8E1B20B-22EC-4E40-91E2-D626AEAACF51} - \2092517360 -> No File <==== ATTENTION
Task: {C9DFE07B-92D4-453B-84FA-807E375567A2} - \2795474336 -> No File <==== ATTENTION
Task: {CB8F37BA-9843-4776-B5D1-46098617FE44} - \3760934560 -> No File <==== ATTENTION
Task: {CBEC3C0E-DC4F-4C96-BAB8-A5178831A75D} - \3531317312 -> No File <==== ATTENTION
Task: {CC5FBAA1-50EF-4093-A412-F89EC38470CA} - System32\Tasks\{2A1827F0-3ACE-4333-A041-8DFBA08161EB} => C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientApp.exe
Task: {CC90E89B-14FD-40B9-9CBA-9CE9D8705226} - \1656007400 -> No File <==== ATTENTION
Task: {CCC6950B-672D-4C5F-897F-373F227CD4B9} - \50397792 -> No File <==== ATTENTION
Task: {CF5EB4A8-6A98-45F8-AA14-4B483FF23CB7} - System32\Tasks\{3749EF06-A6A2-4ABE-9366-A42A438ACB4F} => C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientApp.exe
Task: {D6302F2B-6189-40E5-BC8C-819AD4E11454} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)
Task: {DAAEAA91-249B-4D73-A072-56CF914907BC} - \3101562936 -> No File <==== ATTENTION
Task: {DAB8A855-DAA4-4903-B321-BCEC98B16B38} - System32\Tasks\{B1FA2FF0-1F4F-4870-9413-C31244D96812} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {E67CC673-D39C-4A78-ACC5-E0B4B9DAE616} - \2053196328 -> No File <==== ATTENTION
Task: {E6C6D74E-5A5A-4B71-B7B4-241C7C55E7D0} - \3361850280 -> No File <==== ATTENTION
Task: {E851CF00-42C3-42AB-A964-EE7AECB57EAF} - System32\Tasks\RunAsStdUser Task => C:\Users\Choyce\AppData\Local\teeveewatchSA\bin\1.0.15.0\TeeveeWatchSA.exe
Task: {EAB3DDC8-6E78-4DDF-88D3-CE5C6A667314} - \3254414200 -> No File <==== ATTENTION
Task: {EB9C1CAA-0105-43F1-9582-A79B6E893728} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3932760742-3187374168-549460042-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {EF316561-84B4-459D-9A27-D5EDE639C597} - \1128287824 -> No File <==== ATTENTION
Task: {F0F4BB51-5EA6-4B3D-8F92-A32F83C0AD68} - \666611264 -> No File <==== ATTENTION
Task: {FCC9D555-03A6-4168-8535-DF9F415AE4E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)
Task: {FDF1FC4E-B880-4BA9-8680-3E4489BE03EE} - \2410658960 -> No File <==== ATTENTION
Task: {FF01926C-2A7F-4D56-A359-9CF7F44BB69C} - \594877332 -> No File <==== ATTENTION
Task: {FFEB4AA0-0F5E-4891-9607-EB6925E54011} - \1514167520 -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3932760742-3187374168-549460042-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-03-17 17:28 - 2009-07-16 21:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-03-17 17:28 - 2009-07-16 21:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-09-12 14:44 - 2009-11-04 09:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-12 14:41 - 2010-01-18 13:13 - 00770728 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
2010-03-17 17:35 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-09-12 14:40 - 2009-11-26 04:49 - 00086180 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2010-09-12 14:41 - 2009-12-16 13:04 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2010-09-12 14:40 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2010-09-12 14:41 - 2009-12-16 13:07 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2010-09-12 14:41 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2010-09-12 14:41 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2010-09-12 14:39 - 2009-02-20 04:50 - 00381440 _____ () C:\windows\system32\dleasm.dll
2010-09-12 14:39 - 2009-02-20 04:50 - 00028672 _____ () C:\windows\system32\dleasmr.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-06 02:27 - 2015-07-06 02:27 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97074816.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\991699EB.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97074816.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\991699EB.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3932760742-3187374168-549460042-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Choyce\Documents\!Decrypt-All-Files-erfjkth.bmp
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: "C: => 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
MSCONFIG\startupreg: Launcher => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart 5510 series
Description: Photosmart 5510 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart 5510 series
Description: Photosmart 5510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P3005
Description: HP LaserJet P3005
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/10/2015 05:16:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spyhunter4.exe version 4.17.6.4336 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4e0
 
Start Time: 01d1039d1da208e0
 
Termination Time: 718
 
Application Path: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
 
Report Id: f73b2247-6f93-11e5-8250-e356718799c7
 
Error: (10/10/2015 04:51:03 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/10/2015 04:09:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = E:\all folder\programs\virus\New folder\HitmanPro.3.7.9.Build.240\hitmanpro_x64.exe folder\programs\virus\New folder\HitmanPro.3.7.9.Build.240\hitmanpro_x64.exe" /updated:"C:\Users\Choyce\AppData\Local\Temp\hitmanpro_x64.exe"; Description = Checkpoint by HitmanPro; Error = 0x80070422).
 
Error: (10/10/2015 04:08:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = E:\all folder\programs\virus\New folder\HitmanPro.3.7.9.Build.240\hitmanpro_x64.exe folder\programs\virus\New folder\HitmanPro.3.7.9.Build.240\hitmanpro_x64.exe" /updated:"C:\Users\Choyce\AppData\Local\Temp\hitmanpro_x64.exe"; Description = Checkpoint by HitmanPro; Error = 0x80070422).
 
Error: (10/10/2015 03:39:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: The operation timed out
 ErrorCode: 14007(0x36b7).
 
Error: (10/10/2015 03:35:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spyhunter4.exe version 4.17.6.4336 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7ec
 
Start Time: 01d1038d7d40dede
 
Termination Time: 468
 
Application Path: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
 
Report Id: ef70a9dd-6f85-11e5-b859-a3becd8f6ac1
 
Error: (10/10/2015 03:08:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ae4
 
Start Time: 01d1038ece0f2841
 
Termination Time: 969
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (10/10/2015 02:58:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/10/2015 02:14:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/10/2015 02:02:07 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (10/10/2015 05:19:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/10/2015 05:19:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/10/2015 05:19:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/10/2015 05:19:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/10/2015 05:19:39 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (10/10/2015 05:19:38 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (10/10/2015 05:19:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/10/2015 05:19:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/10/2015 05:19:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/10/2015 05:19:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
 
CodeIntegrity:
===================================
  Date: 2010-12-23 15:15:30.569
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-12-23 15:15:30.538
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-12-23 15:15:14.680
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-12-23 15:15:14.654
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-12-23 15:15:04.807
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-12-23 15:15:04.776
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-12-23 15:14:40.463
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-12-23 15:14:40.432
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-12-23 15:14:20.819
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-12-23 15:14:20.799
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 59%
Total physical RAM: 3032.36 MB
Available physical RAM: 1242.5 MB
Total Virtual: 6062.87 MB
Available Virtual: 4140.57 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:70.91 GB) NTFS
Drive e: () (Removable) (Total:15.22 GB) (Free:4.75 GB) FAT32
Drive z: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry we missed you .. Do you still require assistance ?

y3MMIrs.pngPrevious Versions
  • Right-click the file/folder and click Properties.
  • Click Previous Versions.
  • This tab will list all copies of the file and the date they were backed up.
  • To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
  • If you wish to restore the selected file and replace the existing one, click Restore
  • If you wish to view the contents of the file before restoring, click Open.
MzmiIl9.gifShadowExplorer
  • Please download ShadowExplorer and save the file to your Desktop
  • Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract
  • Right-Click ShadowExplorer.exe and select AVOiBNU.jpghttp://Runas administrator to run the programme.
  • You will see a drop-down menu with the shadow copies of all partitions and disks present.
  • Click C:\ from the drop-down menu.
  • To the right, pick a date prior to the infection from the drop-down menu.
  • To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.
J8xQM97.png File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP