I have not forgot about you, be with you soon.
Joe
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
It's ok. I've been busy and now I'm not feeling so good. So we might have to get back on it in a day or 2. I'll post when I'm feeling better. Thanks for checking in. TTYL, Tara.
Edited by RiffRaffCat75, 02 January 2015 - 06:50 PM.
I just wanted to let you know that I haven't forgot about this thread. I've just had a family member die last week and it took up most all my time last week. So I maybe able to get back on this tonight or tomorrow night.
Okay thanks
Question; if I do a backup of just my files like music, pictures, etc, will I still end up with the infection in those backed up files? I'd say so, but then again this virus is really only affecting the browsers.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Tara (administrator) on TARA-PC on 20-01-2015 23:20:52
Running from C:\Users\Tara\Desktop
Loaded Profiles: Tara (Available profiles: Tara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-09] (COMODO)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2774160 2012-08-09] (CANON INC.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {1788e690-2e4e-11e1-9c98-002622f6b188} - E:\iStudio.exe
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {3c56e40e-1de1-11e1-8b5b-002622f6b188} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {4ea64971-cded-11e2-97f8-002622f6b188} - F:\LaunchU3.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
SearchScopes: HKLM -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {04DA5C94-177F-4D4D-83E1-6CD897866D6E} URL = http://www.google.co...&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {823AF490-3221-41B8-B2C5-E41DF9A0AC7F} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL =
SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bukg6d0w.default-1391961009061
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1859080137-3721507021-1121226713-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Tara\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-1859080137-3721507021-1121226713-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Tara\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bukg6d0w.default-1391961009061\Extensions\[email protected] [2014-11-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-01-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-01-19]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Web) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2014-12-16]
CHR Extension: (bokeha2) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgelifppepplifgopjhicenilabkedg [2014-06-22]
CHR Extension: (No Name) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-17]
CHR Extension: (eBay) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-06-13]
CHR Extension: (Google Cast) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-02-09]
CHR Extension: (Facebook) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-06-13]
CHR Extension: (Books of the Day) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdmgncnkffeankemamkodegfhijldpn [2014-06-17]
CHR Extension: (Google Search) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-17]
CHR Extension: (Netflix) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-06-17]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-09-24]
CHR Extension: (Pandora) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-06-13]
CHR Extension: (No Name) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2015-01-20]
CHR Extension: (Free Nook Books) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcfladddnnnjkjdfbfjcpgljdclaibfc [2014-06-17]
CHR Extension: (My Browser Page) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2014-06-13]
CHR Extension: (Pinterest ™ ) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldekkfiehnegbjkcmalkfcgfecambndd [2014-06-17]
CHR Extension: (Browse Save Win) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-12-26]
CHR Extension: (Google Maps) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-17]
CHR Extension: (Google Mail Checker) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-07-07]
CHR Extension: (WeatherBug) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-17]
CHR Extension: (Show Apps in new tab) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip [2014-06-17]
CHR Extension: (Adblock Pro) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-11-11]
CHR Extension: (My Chrome Theme) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-06-13]
CHR Extension: (Picasa) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-06-13]
CHR Extension: (Instagram for Chrome) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-22]
CHR Extension: (Gmail) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR Extension: (Send Link by Email or Gmail) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcgkgghkdfgfhiidfjkhmainebgmklf [2014-07-19]
CHR Extension: (App Launcher Customizer for Google™) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm [2014-06-13]
CHR Extension: (UnisaleS) - C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf\ [2014-06-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-28] (SUPERAntiSpyware.com)
S4 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-08-13] (Macrovision Europe Ltd.) [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-29] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
S2 MCSTRM; No ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2010-09-28] (Apple, Inc.) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 23:20 - 2015-01-20 23:21 - 00020998 _____ () C:\Users\Tara\Desktop\FRST.txt
2015-01-20 23:20 - 2015-01-20 23:20 - 00000000 ____D () C:\Users\Tara\Desktop\FRST-OlderVersion
2015-01-20 00:20 - 2015-01-20 00:20 - 00000000 ____D () C:\MAGICDVDCOPY_TEMP
2015-01-12 17:36 - 2015-01-12 17:37 - 00000000 ____D () C:\EEK
2015-01-12 17:25 - 2015-01-12 17:25 - 18467928 _____ () C:\Users\Tara\Downloads\RogueKillerX64.exe
2015-01-12 17:18 - 2015-01-12 17:25 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-01-12 17:18 - 2015-01-12 17:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-01 15:18 - 2015-01-03 19:43 - 00001776 _____ () C:\windows\system32\Drivers\fvstore.dat
2015-01-01 00:27 - 2015-01-01 00:26 - 01337256 _____ () C:\Users\Tara\Desktop\Tweaking.com-SetWindowsServicesToDefaultStartup.exe
2014-12-31 23:21 - 2015-01-20 23:20 - 02126848 _____ (Farbar) C:\Users\Tara\Desktop\FRST64.exe
2014-12-31 22:40 - 2014-12-28 20:31 - 01707939 _____ (Thisisu) C:\Users\Tara\Desktop\JRT.exe
2014-12-31 22:08 - 2014-12-31 22:05 - 01316632 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tara\Desktop\avgremoverx64.exe
2014-12-31 21:01 - 2014-12-31 21:01 - 00000000 ____D () C:\Users\Tara\Desktop\backups
2014-12-31 20:16 - 2014-12-31 20:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tara\Desktop\HijackThis.exe
2014-12-31 19:34 - 2014-12-31 19:34 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-31 19:29 - 2015-01-03 19:44 - 00000224 _____ () C:\windows\setupact.log
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 _____ () C:\windows\setuperr.log
2014-12-31 19:28 - 2014-12-31 22:36 - 00002424 _____ () C:\windows\PFRO.log
2014-12-29 23:32 - 2014-12-31 23:19 - 00000000 ____D () C:\Users\Tara\Desktop\Dump when done
2014-12-29 22:53 - 2015-01-20 23:21 - 00000000 ____D () C:\FRST
2014-12-29 22:41 - 2014-12-29 22:41 - 02173952 _____ () C:\Users\Tara\Desktop\AdwCleaner.exe
2014-12-29 00:41 - 2014-12-29 00:41 - 00000000 ____D () C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0
2014-12-29 00:38 - 2014-12-29 00:38 - 04909382 _____ () C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip
2014-12-28 23:24 - 2014-12-28 23:50 - 00000000 ____D () C:\Users\Tara\Doctor Web
2014-12-28 22:28 - 2014-12-28 22:28 - 00000000 ____D () C:\windows\ERUNT
2014-12-28 22:04 - 2014-12-31 22:36 - 00000000 ____D () C:\AdwCleaner
2014-12-28 21:48 - 2014-12-28 23:13 - 00009890 _____ () C:\windows\system32\.crusader
2014-12-28 21:30 - 2014-12-28 21:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-28 21:22 - 2014-12-28 21:22 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-28 21:21 - 2014-12-28 21:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-28 21:20 - 2014-12-28 21:20 - 00638888 _____ (Oracle Corporation) C:\Users\Tara\Downloads\chromeinstall-8u25.exe
2014-12-28 20:12 - 2014-12-28 20:12 - 00000000 __SHD () C:\Users\Tara\AppData\Local\EmieBrowserModeList
2014-12-28 18:35 - 2014-12-28 18:35 - 00000000 ____D () C:\Users\Tara\Downloads\new_patient_forms
2014-12-27 23:49 - 2014-12-28 20:21 - 00000000 ____D () C:\NPE
2014-12-27 23:00 - 2014-12-28 21:22 - 00000000 ____D () C:\Users\Tara\AppData\Local\NPE
2014-12-27 22:59 - 2014-12-27 23:00 - 03060320 ____N (Symantec Corporation) C:\Users\Tara\Downloads\NPE.exe
2014-12-27 21:08 - 2014-12-27 21:08 - 00017153 _____ () C:\Users\Tara\Documents\CisReport_x64_v8.0.0.4344_20141227-210803.zip
2014-12-27 20:57 - 2014-12-27 20:57 - 00016802 _____ () C:\Users\Tara\Documents\CisReport_x64_v8.0.0.4344_20141227-205705.zip
2014-12-27 19:37 - 2014-12-27 19:37 - 00000276 _____ () C:\windows\Tasks\Uninstaller_SkipUac_Tara.job
2014-12-27 19:16 - 2015-01-20 23:15 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-12-27 19:16 - 2014-12-27 19:16 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-12-27 19:16 - 2014-12-27 19:16 - 00000000 ____D () C:\windows\System32\Tasks\COMODO
2014-12-27 19:16 - 2014-12-27 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-12-27 19:15 - 2014-12-27 19:15 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-27 19:15 - 2014-12-27 19:15 - 00000000 ____D () C:\Program Files\COMODO
2014-12-27 19:13 - 2014-12-27 19:16 - 00000000 ____D () C:\ProgramData\Comodo
2014-12-27 19:13 - 2014-12-27 19:13 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-12-27 19:12 - 2014-12-27 19:12 - 00000000 ____D () C:\windows\pss
2014-12-27 01:02 - 2014-12-27 01:04 - 17011275 _____ () C:\Users\Tara\Downloads\Attachments_20141227.zip
2014-12-26 02:21 - 2014-12-26 02:21 - 00000000 ____D () C:\windows\SysWOW64\X86
2014-12-26 02:21 - 2014-12-26 02:21 - 00000000 ____D () C:\windows\SysWOW64\AMD64
2014-12-26 02:20 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\Browse Save Win
2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\YoUtubeeAAdBBloccke
2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\unIsuales
2014-12-26 02:18 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\UnisaleS
2014-12-26 02:18 - 2014-12-26 02:18 - 00000000 ____D () C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf
2014-12-24 23:51 - 2014-12-24 23:51 - 04277052 _____ () C:\Users\Tara\Downloads\new_patient_forms.zip
2014-12-24 18:33 - 2014-12-24 18:33 - 00000498 _____ () C:\Users\Tara\Desktop\sdfbsfb.txt
2014-12-24 18:33 - 2014-12-24 18:33 - 00000233 _____ () C:\Users\Tara\Desktop\mvlskfn.txt
2014-12-23 19:55 - 2014-12-23 19:55 - 00000000 ____D () C:\Users\Tara\Downloads\collagesetcatherinealise20x24
2014-12-23 19:41 - 2014-12-23 19:55 - 195454418 _____ () C:\Users\Tara\Downloads\collagesetcatherinealise20x24.zip
2014-12-22 15:38 - 2014-12-22 15:38 - 00000000 ____D () C:\Users\Tara\Downloads\ChristmasSeries
2014-12-22 15:35 - 2014-12-22 15:37 - 92095222 _____ () C:\Users\Tara\Downloads\ChristmasSeries.zip
2014-12-22 00:03 - 2014-12-22 00:05 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-12-22 00:02 - 2014-12-22 00:02 - 00002048 _____ () C:\Users\Public\Desktop\Canon My Image Garden.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 23:18 - 2014-07-28 16:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-20 23:18 - 2009-07-14 00:13 - 00920378 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-20 23:16 - 2014-06-19 12:21 - 01535957 _____ () C:\windows\WindowsUpdate.log
2015-01-20 23:15 - 2013-06-30 20:46 - 00000202 _____ () C:\windows\Tasks\AutoKMSDaily.job
2015-01-20 23:15 - 2012-03-31 21:23 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 23:15 - 2010-01-27 22:37 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 23:15 - 2010-01-27 22:37 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 14:56 - 2014-08-26 19:12 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 09:09 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 09:09 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 19:44 - 2013-06-30 20:46 - 00000198 _____ () C:\windows\Tasks\AutoKMS.job
2015-01-03 19:44 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-01 18:04 - 2010-03-06 15:58 - 00000000 ____D () C:\Users\Tara\Documents\My Docs
2015-01-01 15:13 - 2010-09-25 19:10 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-31 21:01 - 2011-01-19 19:38 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\uTorrent
2014-12-31 20:53 - 2012-03-31 21:23 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-31 20:53 - 2012-03-31 21:23 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-31 20:53 - 2011-05-23 12:54 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 19:32 - 2010-12-21 13:44 - 00000000 ____D () C:\Users\Tara\Tracing
2014-12-31 19:31 - 2011-12-24 01:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-30 00:08 - 2014-11-18 18:13 - 00002156 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2014-12-30 00:08 - 2010-12-30 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-12-30 00:08 - 2010-01-27 20:44 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-29 23:23 - 2011-08-13 22:37 - 00001945 _____ () C:\windows\epplauncher.mif
2014-12-29 21:27 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-29 21:23 - 2010-01-27 20:35 - 00000000 ____D () C:\Users\Tara
2014-12-29 19:46 - 2010-01-28 18:42 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-29 00:42 - 2014-08-03 10:44 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-28 23:50 - 2013-03-24 17:41 - 00000000 ____D () C:\Users\Tara\Documents\Tools
2014-12-28 22:21 - 2014-06-19 12:08 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\ProductData
2014-12-28 22:21 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-28 22:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-12-28 21:21 - 2013-10-21 20:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-28 19:29 - 2014-12-20 23:06 - 00000000 ____D () C:\Users\Tara\Desktop\slide show folder
2014-12-28 00:09 - 2014-06-19 12:07 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-27 23:00 - 2009-12-08 07:09 - 00000000 ____D () C:\ProgramData\Norton
2014-12-26 01:26 - 2013-08-30 21:15 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\vlc
2014-12-22 00:03 - 2013-07-16 12:21 - 00000000 ____D () C:\Users\Tara\AppData\Roaming\Canon
2014-12-21 23:58 - 2014-07-29 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-12-21 23:57 - 2011-04-16 15:35 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-12-21 01:45 - 2013-05-14 21:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2012-05-29 18:18 - 2012-11-04 10:23 - 0000004 _____ () C:\Users\Tara\AppData\Roaming\097EFC
2010-12-02 16:14 - 2010-12-02 16:14 - 0099384 _____ () C:\Users\Tara\AppData\Roaming\inst.exe
2012-05-29 18:18 - 2012-11-04 10:23 - 0870128 _____ () C:\Users\Tara\AppData\Roaming\mcs.rma
2010-12-02 16:14 - 2010-12-02 16:14 - 0007859 _____ () C:\Users\Tara\AppData\Roaming\pcouffin.cat
2010-12-02 16:14 - 2010-12-02 16:14 - 0001167 _____ () C:\Users\Tara\AppData\Roaming\pcouffin.inf
2010-12-02 16:15 - 2010-12-02 16:15 - 0000034 _____ () C:\Users\Tara\AppData\Roaming\pcouffin.log
2010-12-02 16:14 - 2010-12-02 16:14 - 0082816 _____ (VSO Software) C:\Users\Tara\AppData\Roaming\pcouffin.sys
2014-06-19 12:08 - 2014-06-19 12:08 - 0000024 _____ () C:\Users\Tara\AppData\Roaming\temp.ini
2013-11-05 22:23 - 2013-11-05 22:23 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Tara\AppData\Local\BcsKtYcHW.dll
2011-11-23 12:56 - 2012-07-14 19:11 - 0007609 _____ () C:\Users\Tara\AppData\Local\resmon.resmoncfg
2012-07-27 20:48 - 2012-07-27 20:48 - 0000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some content of TEMP:
====================
C:\Users\Tara\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Tara\AppData\Local\Temp\Quarantine.exe
C:\Users\Tara\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-11 08:54
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Tara at 2015-01-20 23:22:47
Running from C:\Users\Tara\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.31 - Piriform)
COMODO Internet Security Premium (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
G-Force (HKLM-x32\...\G-Force) (Version: 3.9.1 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Helium Music Manager 8.6.3 (HKLM-x32\...\{BA722179-62EA-4090-923D-D324CE1A691D}}_is1) (Version: 8.6.3.10770 - Intermedia Software)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 5.5.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 5.5.0 - )
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)
Magic DVD Copier V6.0.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
OverDrive Media Console (HKLM-x32\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Sansa Updater (HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
SUPERAntiSpyware Free Edition (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.34.0.1000 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.9.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.2 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Utility Common Driver (x32 Version: 1.0.50.26C - TOSHIBA) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
==================== Restore Points =========================
29-12-2014 23:16:35 IObit Uninstaller restore point
03-01-2015 19:38:52 Windows Update
11-01-2015 08:54:32 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03F9070A-5A20-40E3-B751-5C21C3891F48} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: {1C5D2BC5-FE07-4F93-9EBD-E6EE923FD22F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {1EC71138-9E7D-4616-BCB0-F698035F9EF3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {47D15932-46E7-4773-B0A2-0DCB921B3662} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49577359-A6B6-49AB-91A2-21684EB026BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {578F1192-1993-4CFB-BE8D-0313179F3C0A} - System32\Tasks\ASC8_SkipUac_Tara => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {58153365-5162-40A0-9C21-8C1177CAB3B1} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {64F13734-F1FB-4772-886A-BAD5126771FE} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {728DFC5B-7877-4328-B355-A02437F8307C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {8E9A080E-70F4-4915-8820-0F219DD6DFA3} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit)
Task: {9A410B12-0A63-4721-9B24-28099D99C093} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {C846FC04-7914-474A-90B6-D53F3F11A11A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-31] (Adobe Systems Incorporated)
Task: {CE05969B-0FC9-45B3-BBBF-01DF0F43A336} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {DD6900B1-4F3D-46F5-BED2-E8B920BFA00B} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {DF4E01B6-A7C1-4A3C-8129-6F6025675124} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E005A836-F296-442D-B094-F37CE6C45A38} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EC91DDAC-E007-4907-A47C-40E02A461AE8} - System32\Tasks\Uninstaller_SkipUac_Tara => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {F7368C04-0816-44B5-A260-8740FCBE8EF3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Uninstaller_SkipUac_Tara.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) =============
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Desktop\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdZnID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AVG Security Toolbar Service => 3
MSCONFIG\Services: avg9emc => 2
MSCONFIG\Services: avg9wd => 2
MSCONFIG\Services: avgfws9 => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Gadget Service => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: RoxLiveShare10 => 2
MSCONFIG\Services: RSELSVC => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WiseBootAssistant => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: YahooAUService => 2
========================= Accounts: ==========================
Administrator (S-1-5-21-1859080137-3721507021-1121226713-500 - Administrator - Disabled)
Guest (S-1-5-21-1859080137-3721507021-1121226713-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1859080137-3721507021-1121226713-1002 - Limited - Enabled)
Tara (S-1-5-21-1859080137-3721507021-1121226713-1001 - Administrator - Enabled) => C:\Users\Tara
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Tara-PC.local already in use; will try Tara-PC-2.local instead
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Tara-PC.local. Addr 192.168.1.14
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.13:5353 4 Tara-PC.local. Addr 192.168.1.13
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5803
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5803
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1841
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1841
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 00:11:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Tara-PC.local already in use; will try Tara-PC-2.local instead
System errors:
=============
Error: (01/20/2015 11:16:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :0" could not be registered on the interface with IP address 192.168.1.14.
The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 11:16:16 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :20" could not be registered on the interface with IP address 192.168.1.14.
The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 11:16:16 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{ABBD19A7-87D5-4393-8868-5DFD67803C94} because another computer on the network has the same name. The server could not start.
Error: (01/20/2015 11:16:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :0" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 11:16:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :20" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.13 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 11:16:15 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{ABBD19A7-87D5-4393-8868-5DFD67803C94} because another computer on the network has the same name. The server could not start.
Error: (01/20/2015 11:15:13 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/20/2015 00:20:13 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :0" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.18 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 00:11:18 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :20" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.18 did not allow the name to be claimed by
this computer.
Error: (01/20/2015 00:11:18 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "TARA-PC :0" could not be registered on the interface with IP address 192.168.1.23.
The computer with the IP address 192.168.1.18 did not allow the name to be claimed by
this computer.
Microsoft Office Sessions:
=========================
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Tara-PC.local already in use; will try Tara-PC-2.local instead
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Tara-PC.local. Addr 192.168.1.14
Error: (01/20/2015 11:16:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.13:5353 4 Tara-PC.local. Addr 192.168.1.13
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5803
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5803
Error: (01/20/2015 00:37:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1841
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1841
Error: (01/20/2015 00:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/20/2015 00:11:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Tara-PC.local already in use; will try Tara-PC-2.local instead
==================== Memory info ===========================
Processor: AMD Turion II Dual-Core Mobile M520
Percentage of memory in use: 34%
Total physical RAM: 3838.36 MB
Available physical RAM: 2515.91 MB
Total Pagefile: 7674.9 MB
Available Pagefile: 5803.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (TI105757W0A) (Fixed) (Total:287.7 GB) (Free:111.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: D06ABEA8)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=17)
==================== End Of Log ============================
You can back up those files if you want.if I do a backup of just my files like music, pictures, etc, will I still end up with the infection in those backed up files?
Hey, just wanted to let you know that I am working on this right now, but once I post the logs I've got to hit the hay. We can get back on it soon.
start CloseProcesses: CreateRestorePoint: HKLM\...\Run: [] => [X] HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {1788e690-2e4e-11e1-9c98-002622f6b188} - E:\iStudio.exe HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {3c56e40e-1de1-11e1-8b5b-002622f6b188} - E:\LaunchU3.exe -a HKU\S-1-5-21-1859080137-3721507021-1121226713-1001\...\MountPoints2: {4ea64971-cded-11e2-97f8-002622f6b188} - F:\LaunchU3.exe -a CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA SearchScopes: HKLM-x32 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = http://www.google.co...ng}&rlz=1I7TSNA SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {04DA5C94-177F-4D4D-83E1-6CD897866D6E} URL = http://www.google.co...&rlz=1I7TSNA_en SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {822D2C43-7515-4E10-92D0-9AB57007834B} URL = http://www.google.co...ng}&rlz=1I7TSNA SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {823AF490-3221-41B8-B2C5-E41DF9A0AC7F} URL = http://search.yahoo....p={searchTerms} SearchScopes: HKU\S-1-5-21-1859080137-3721507021-1121226713-1001 -> {89CAE492-3A46-498F-B884-EEF33CDA12B1} URL = FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) CHR dev: Chrome dev build detected! <======= ATTENTION CHR Extension: (Browse Save Win) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-12-26] CHR Extension: (UnisaleS) - C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf\ [2014-06-13] 2014-12-31 22:08 - 2014-12-31 22:05 - 01316632 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tara\Desktop\avgremoverx64.exe 2014-12-26 02:20 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\Browse Save Win 2014-12-26 02:19 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\unIsuales 2014-12-26 02:18 - 2014-12-27 12:48 - 00000000 ____D () C:\Program Files (x86)\UnisaleS 2014-12-26 02:18 - 2014-12-26 02:18 - 00000000 ____D () C:\ProgramData\ifnpffngaogbampfioeilalnjolcfphf AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\Users\Tara\Desktop\AdwCleaner.exe:$CmdTcID AlternateDataStreams: C:\Users\Tara\Desktop\HijackThis.exe:$CmdTcID AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdTcID AlternateDataStreams: C:\Users\Tara\Downloads\chromeinstall-8u25.exe:$CmdZnID AlternateDataStreams: C:\Users\Tara\Downloads\mbam-chameleon-3.1.7.0.zip:$CmdZnID AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdTcID AlternateDataStreams: C:\Users\Tara\Downloads\RogueKillerX64.exe:$CmdZnID HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service" S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] CMD: ipconfig /flushdns hosts: Emptytemp: endClick Format and ensure Wordwrap is unchecked.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.