TechSpot

Ads by Info Infection

By fan1bsb97
Feb 1, 2015
  1. Ads by Info has infected Firefox. I tried all the things sites I found told me to do, such as try to uninstall a program or extension but nothing is there. Scans aren't picking it up.

    Windows 8, 64-bit

    Please and thank you in advance.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You've been to this forum before so you should know the drill....

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    Here's the MWB scan. It don't let me run the DDs one saying it can't run in compatibility mode.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/1/2015
    Scan Time: 11:55:19 PM
    Logfile: mwb.txt
    Administrator: No

    Version: 2.00.4.1028
    Malware Database: v2015.02.01.07
    Rootkit Database: v2015.01.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Joanna

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 359846
    Time Elapsed: 9 hr, 21 min, 57 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 1
    PUP.Optional.Spigot.A, HKU\S-1-5-21-2802446628-2056013772-2352947291-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=667671&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo.com/?type=667671&fr=spigot-yhp-ie),Replaced,[99b2f6237c0e69cd56bd23816a9b6b95]

    Folders: 1
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],

    Files: 13
    PUP.Optional.CrossRider.A, C:\Users\Joanna\AppData\Local\Temp\setup.exe, Quarantined, [c88328f1266479bd8aa5b82e827fd42c],
    PUP.Optional.Somoto, C:\Users\Joanna\AppData\Local\Temp\nsgB318.tmp, Quarantined, [9faced2c54363cfa412f3fd8cc395ba5],
    PUP.Optional.OpenCandy, C:\Users\Joanna\AppData\Local\Temp\is-41FQF.tmp\OCSetupHlp.dll, Quarantined, [3d0e8c8dddad9d99e744ddf82ed7c838],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleCrashHandler.exe, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleUpdate.exe, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleUpdateBroker.exe, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleUpdateHelper.msi, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\GoogleUpdateOnDemand.exe, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\goopdate.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\goopdateres_en.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\npGoogleUpdate4.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\psmachine.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],
    PUP.Optional.GlobalUpdate.A, C:\Users\Joanna\AppData\Local\Temp\comh.459730\psuser.dll, Quarantined, [80cb11086e1ccc6ab244abb62ed5a35d],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
    Last edited by a moderator: Feb 2, 2015
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please do NOT use "quotes" for posting logs.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  5. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Joanna [Administrator]
    Mode : Delete -- Date : 02/02/2015 19:40:24

    ¤¤¤ Processes : 3 ¤¤¤
    [Suspicious.Path] ViStart.exe(3632) -- C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe[-] -> Killed [TermProc]
    [Suspicious.Path] MetroProvider.exe(4388) -- C:\Users\Joanna\AppData\Roaming\ViStart\Plugins\MetroProvider.exe[-] -> Killed [TermProc]
    [Suspicious.Path] SearchProvider.exe(4412) -- C:\Users\Joanna\AppData\Roaming\ViStart\Plugins\SearchProvider.exe[-] -> Killed [TermThr]

    ¤¤¤ Registry : 12 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Run | ViStart : C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe [-] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Run | ViStart : C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 9 ¤¤¤
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 support.apowersoft.com
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.apowersoft.com
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 apowersoft.com

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
    --- User ---
    [MBR] 38e053e0e938a7a4f10c85ee2a1e65ee
    [BSP] c3b7010cce6223532639cd351aa46584 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 122104 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_02022015_193919.log
     
  6. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    Malwarebytes Anti-Rootkit BETA 1.08.3.1004
    www.malwarebytes.org

    Database version:
    main: v2015.02.02.05
    rootkit: v2015.01.14.01

    Windows 8.1 x64 NTFS
    Internet Explorer 11.0.9600.17498
    Joanna :: NEWBIE [administrator]

    2/2/2015 7:48:18 PM
    mbar-log-2015-02-02 (19-48-18).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 363633
    Time elapsed: 54 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Joanna\AppData\Roaming\ViStart\KillMe.exe (Adware.Bundler) -> Delete on reboot. [3e6fb2673357c86ec3d4af94da2be917]
    C:\Users\Joanna\Downloads\Unconfirmed 289318.crdownload (Adware.Bundler) -> Delete on reboot. [c0ed57c247430630e0b7bb88778e8f71]
    C:\Users\Joanna\Downloads\Unconfirmed 470392.crdownload (Adware.Bundler) -> Delete on reboot. [555879a0c3c754e2b0e70f3475903fc1]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)



    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.3.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17498

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.594000 GHz
    Memory total: 17071108096, free: 12541448192

    Downloaded database version: v2015.02.02.05
    Downloaded database version: v2015.01.14.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================
    Initializing...
    ------------ Kernel report ------------
    02/02/2015 19:48:08
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\werkernel.sys
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\fvec.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\System32\drivers\EhStorClass.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Wof.sys
    \SystemRoot\system32\drivers\WdFilter.sys
    \SystemRoot\System32\Drivers\DLACDBHE.SYS
    \SystemRoot\System32\Drivers\DRVECDB.SYS
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\hpdskflt.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\intelpep.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\Drivers\DLARTL_E.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ahcache.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\System32\drivers\HECIx64.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\RtsBaStor.sys
    \SystemRoot\system32\DRIVERS\Rt630x64.sys
    \SystemRoot\system32\DRIVERS\netr28x.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\System32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\drivers\CmBatt.sys
    \SystemRoot\System32\drivers\BATTC.SYS
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
    \SystemRoot\system32\DRIVERS\Accelerometer.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\System32\drivers\WirelessButtonDriver64.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\System32\drivers\NdisVirtualBus.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\iwdbus.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\system32\drivers\povrtdev.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\Apowersoft_AudioDevice.sys
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\mouhid.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\drivers\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\System32\Drivers\DRVEDDM.SYS
    \SystemRoot\System32\Drivers\DLADResE.SYS
    \SystemRoot\System32\Drivers\DLAIFS_E.SYS
    \SystemRoot\System32\Drivers\DLAOPIOE.SYS
    \SystemRoot\System32\Drivers\DLAPoolE.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\System32\Drivers\DLABMFSE.SYS
    \SystemRoot\System32\Drivers\DLABOIOE.SYS
    \SystemRoot\System32\Drivers\DLAUDFAE.SYS
    \SystemRoot\System32\Drivers\DLAUDF_E.SYS
    \SystemRoot\System32\drivers\WinUSB.sys
    \SystemRoot\System32\drivers\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\Drivers\WdNisDrv.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.02.02.05
    rootkit: v2015.01.14.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffe001c6973060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe001c6973a40, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe001c6973060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe001c69747d0, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
    DevicePointer: 0xffffe001c4a98720, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 40BEBE1B

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 250069679

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 934449322
    GPT Header CurrentLba = 1 BackupLba 1465149167
    GPT Header FirstUsableLba 34 LastUsableLba 1465149134
    GPT Header Guid f6691af3-10b2-4394-b3e3-60bcaaaf54a8
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 934449322
    Backup GPT header CurrentLba = 1465149167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
    Backup GPT header Guid f6691af3-10b2-4394-b3e3-60bcaaaf54a8
    Backup GPT header Contains 128 partition entries starting at LBA 1465149135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 77f4eeb6-9cf2-401f-acc8-ae9737b9ecaa
    FirstLBA 2048 Last LBA 821247
    Attributes 1
    Partition Name Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 23b5932-2cfd-41b0-98b1-f87dfcea2c
    FirstLBA 821248 Last LBA 1353727
    Attributes 0
    Partition Name EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 282b5b95-eb58-4e02-a016-a72423d51a98
    FirstLBA 1353728 Last LBA 1615871
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 6652b544-17bb-436b-80a0-d7c269a7681b
    FirstLBA 1615872 Last LBA 1405407231
    Attributes 0
    Partition Name Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID d98158bb-4641-483c-8523-a4c8266de836
    FirstLBA 1405407232 Last LBA 1406124031
    Attributes 1
    Partition Name

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 6a7f9908-2f39-4ed4-b24-5328d3193c1c
    FirstLBA 1406124032 Last LBA 1465137151
    Attributes 1
    Partition Name Basic data partition

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Done!
    Infected: C:\Users\Joanna\AppData\Roaming\ViStart\KillMe.exe --> [Adware.Bundler]
    Infected: C:\Users\Joanna\Downloads\Unconfirmed 289318.crdownload --> [Adware.Bundler]
    Infected: C:\Users\Joanna\Downloads\Unconfirmed 470392.crdownload --> [Adware.Bundler]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  8. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    # AdwCleaner v4.109 - Report created 01/02/2015 at 23:23:05
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-26.1 [Live]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Joanna - NEWBIE
    # Running from : C:\Users\Joanna\Downloads\adwcleaner_4.109.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
    File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
    File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
    File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal
    File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
    File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Found : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Found : C:\WINDOWS\System32\drivers\hssdrv6.sys
    Folder Found : C:\Program Files (x86)\globalUpdate
    Folder Found : C:\Users\Joanna\AppData\Local\CrashRpt
    Folder Found : C:\Users\Joanna\AppData\Local\globalUpdate
    Folder Found : C:\Users\Joanna\AppData\Roaming\Opera Software\Opera Stable\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;*.local
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\GlobalUpdate
    Key Found : [x64] HKCU\Software\GlobalUpdate
    Key Found : HKLM\SOFTWARE\GlobalUpdate
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://search.yahoo.com/?type=667671&fr=spigot-yhp-ie

    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    -\\ Google Chrome v


    -\\ Opera v27.0.1689.54


    *************************

    AdwCleaner[R0].txt - [2819 octets] - [01/02/2015 23:01:00]
    AdwCleaner[R1].txt - [2814 octets] - [01/02/2015 23:23:05]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2874 octets] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 8.1 x64
    Ran by Joanna on Tue 02/03/2015 at 17:29:01.47
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Joanna\AppData\Roaming\mozilla\firefox\profiles\x4ce2o8w.default\minidumps [5 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 02/03/2015 at 17:30:56.59
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
    Ran by Joanna (administrator) on NEWBIE on 03-02-2015 17:38:45
    Running from C:\Users\Joanna\Desktop
    Loaded Profiles: Joanna (Available profiles: Joanna)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    () C:\Windows\System32\valWBFPolicyService.exe
    (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Lee-Soft.com) C:\Users\Joanna\AppData\Roaming\ViStart\Plugins\MetroProvider.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Lee-Soft.com) C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe
    (Lee Chantrey) C:\Users\Joanna\AppData\Roaming\ViStart\Plugins\SearchProvider.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-22] (Intel Corporation)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-04-26] (IDT, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [Google Update] => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-28] (Google Inc.)
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [GoogleChromeAutoLaunch_B50826638171B982A76266700AE576E6] => C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Run: [ViStart] => C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe [1306624 2013-04-17] (Lee-Soft.com)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001 -> {C5546EA0-70B0-4F91-8C65-A61C602DEF1C} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=667671&p={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default
    FF SelectedSearchEngine: Yahoo!
    FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=667671&p=
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2802446628-2056013772-2352947291-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2802446628-2056013772-2352947291-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
    FF Extension: ActiveGS - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\activegs@freetoolsassociation.com [2013-06-18]
    FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\artur.dubovoy@gmail.com [2015-01-11]
    FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\LogMeInClient@logmein.com [2014-11-04]
    FF Extension: privateTabinfocatcher - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\privateTab@infocatcher [2015-01-28]
    FF Extension: Classic Theme Restorer - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-11]
    FF Extension: Gmail Notifier (restartless) - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2014-02-09]
    FF Extension: Tumblr Savior - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2014-01-22]
    FF Extension: Pin It Button - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-11-08]
    FF Extension: XKit - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\xkit@studioxenix.com.xpi [2014-12-27]
    FF Extension: Stylish - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-11-12]
    FF Extension: Greasemonkey - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\x4ce2o8w.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-02-23]
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-02-02]

    Chrome:
    =======
    CHR Profile: C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-28]
    CHR Extension: (Google Drive) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-28]
    CHR Extension: (Google Search) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-28]
    CHR Extension: (Gmail™ Notifier) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2014-12-04]
    CHR Extension: (Tampermonkey) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-06]
    CHR Extension: (Stylish) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-11-07]
    CHR Extension: (XKit) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-12-24]
    CHR Extension: (Pin It Button) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-01-19]
    CHR Extension: (Emoji Input) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2014-12-16]
    CHR Extension: (Website Logon) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-05-16]
    CHR Extension: (FVD Downloader) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-01-16]
    CHR Extension: (Google Wallet) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
    CHR Extension: (Gmail) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-28]
    CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
    CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
    CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    S4 RemoteRegistry; C:\Windows\SysWOW64\regsvc.dll [1556480 2013-08-23] () [File not signed]
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-04-26] (IDT, Inc.) [File not signed]
    S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
    R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-20] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
    R2 DLABMFSE; C:\Windows\System32\Drivers\DLABMFSE.SYS [46448 2007-07-23] (Roxio)
    R2 DLABOIOE; C:\Windows\System32\Drivers\DLABOIOE.SYS [42352 2007-07-23] (Roxio)
    R0 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [17776 2007-07-23] (Roxio)
    R2 DLADResE; C:\Windows\System32\Drivers\DLADResE.SYS [9968 2007-07-23] (Roxio)
    R2 DLAIFS_E; C:\Windows\System32\Drivers\DLAIFS_E.SYS [146672 2007-07-23] (Roxio)
    R2 DLAOPIOE; C:\Windows\System32\Drivers\DLAOPIOE.SYS [35056 2007-07-23] (Roxio)
    R2 DLAPoolE; C:\Windows\System32\Drivers\DLAPoolE.SYS [19824 2007-07-23] (Roxio)
    R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [41072 2007-07-23] (Roxio)
    R2 DLAUDFAE; C:\Windows\System32\Drivers\DLAUDFAE.SYS [135152 2007-07-23] (Roxio)
    R2 DLAUDF_E; C:\Windows\System32\Drivers\DLAUDF_E.SYS [144112 2007-07-23] (Roxio)
    R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [124112 2007-07-23] (Sonic Solutions)
    R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63984 2007-07-23] (Roxio)
    R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-03-07] (Synaptics Incorporated)
    S3 SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [34504 2013-12-16] (Windows (R) Win 7 DDK provider)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-02] ()
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-03 17:38 - 2015-02-03 17:39 - 00027326 _____ () C:\Users\Joanna\Desktop\FRST.txt
    2015-02-03 17:38 - 2015-02-03 17:38 - 00000000 ____D () C:\FRST
    2015-02-03 17:37 - 2015-02-03 17:37 - 02131456 _____ (Farbar) C:\Users\Joanna\Desktop\FRST64.exe
    2015-02-03 17:30 - 2015-02-03 17:30 - 00000755 _____ () C:\Users\Joanna\Desktop\JRT.txt
    2015-02-03 17:29 - 2015-02-03 17:29 - 00000000 ____D () C:\Users\Joanna\AppData\Local\CrashDumps
    2015-02-03 17:28 - 2015-02-03 17:28 - 01388274 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
    2015-02-03 17:27 - 2015-02-03 17:27 - 01388274 _____ (Thisisu) C:\Users\Joanna\Downloads\132C.tmp
    2015-02-03 17:17 - 2015-02-03 17:17 - 00002571 _____ () C:\Users\Joanna\Desktop\AdwCleaner[S0].txt
    2015-02-02 22:40 - 2015-02-02 22:43 - 275100512 ____R () C:\Users\Joanna\Desktop\castle.713.hdtv.real-lol.mp4
    2015-02-02 22:39 - 2015-02-02 22:39 - 00002870 _____ () C:\Users\Joanna\Desktop\Castle.2009.S07E13.HDTV.x264.REAL-LOL.torrent
    2015-02-02 20:57 - 2015-02-02 20:57 - 00000995 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
    2015-02-02 20:57 - 2015-02-02 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
    2015-02-02 20:56 - 2015-02-02 20:56 - 02707360 _____ () C:\Users\Joanna\Downloads\mp3tagv266setup.exe
    2015-02-02 20:25 - 2015-02-02 20:25 - 02004309 _____ () C:\Users\Joanna\Desktop\demoThemeBundleforUpperElementaryrdththgrades.zip
    2015-02-02 19:48 - 2015-02-03 08:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-02 19:47 - 2015-02-02 20:45 - 00000000 ____D () C:\Users\Joanna\Desktop\mbar
    2015-02-02 19:47 - 2015-02-02 19:47 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Joanna\Desktop\mbar-1.08.3.1004.exe
    2015-02-02 19:30 - 2015-02-02 19:30 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-02-02 19:30 - 2015-02-02 19:30 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-02 19:10 - 2015-02-02 19:10 - 15431256 _____ () C:\Users\Joanna\Desktop\RogueKiller.exe
    2015-02-02 00:21 - 2015-02-02 00:21 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-02 00:21 - 2015-02-02 00:21 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-02 00:21 - 2015-02-02 00:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-02 00:18 - 2015-02-02 00:18 - 00243440 _____ () C:\Users\Joanna\Downloads\Firefox Setup Stub 35.0.1.exe
    2015-02-01 23:55 - 2015-02-01 23:55 - 00688992 _____ (Swearware) C:\Users\Joanna\Downloads\dds.com
    2015-02-01 23:06 - 2015-02-01 23:06 - 00000000 _____ () C:\autoexec.bat
    2015-02-01 23:01 - 2015-02-01 23:01 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2015-02-01 23:00 - 2015-02-03 17:15 - 00000000 ____D () C:\AdwCleaner
    2015-02-01 23:00 - 2015-02-01 23:00 - 02194432 _____ () C:\Users\Joanna\Downloads\adwcleaner_4.109.exe
    2015-02-01 15:45 - 2015-02-01 16:52 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
    2015-02-01 15:41 - 2015-02-01 15:41 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Joanna\Downloads\FreeStudio (2).exe
    2015-02-01 15:37 - 2015-02-01 15:37 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Joanna\Downloads\FreeStudio (1).exe
    2015-02-01 15:36 - 2015-02-01 16:52 - 00001261 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
    2015-02-01 15:34 - 2015-02-01 15:34 - 03529744 _____ (DVDVideoSoft Ltd. ) C:\Users\Joanna\Downloads\FreeAVIVideoConverter.exe
    2015-02-01 08:58 - 2015-02-01 08:58 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-02-01 08:58 - 2015-02-01 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-02-01 08:57 - 2015-02-01 08:58 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-02-01 08:57 - 2015-02-01 08:58 - 00000000 ____D () C:\Program Files\iTunes
    2015-02-01 08:57 - 2015-02-01 08:57 - 00000000 ____D () C:\Program Files\iPod
    2015-02-01 08:57 - 2015-02-01 08:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-01-26 16:06 - 2015-02-02 09:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-24 08:39 - 2015-01-24 08:39 - 00247610 _____ () C:\Users\Joanna\Documents\cc_20150124_083915.reg
    2015-01-24 00:07 - 2015-01-24 00:07 - 00430973 _____ () C:\Users\Joanna\Downloads\us.zip
    2015-01-24 00:06 - 2015-01-24 00:08 - 60498886 _____ () C:\Users\Joanna\Downloads\rockyou.txt.bz2
    2015-01-23 23:58 - 2015-02-01 22:54 - 00000000 ____D () C:\Program Files (x86)\RAR Password Unlocker
    2015-01-23 23:58 - 2015-01-23 23:58 - 01937696 _____ () C:\Users\Joanna\Downloads\winrar-x64-521b1.exe
    2015-01-23 23:58 - 2015-01-23 23:58 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2015-01-23 23:58 - 2015-01-23 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2015-01-23 23:56 - 2015-01-23 23:56 - 03221420 _____ () C:\Users\Joanna\Downloads\RAR Password Unlocker by AwesomeTutorials.rar
    2015-01-23 23:46 - 2015-01-23 23:46 - 00389754 _____ (dnSoft Research Group) C:\Users\Joanna\Downloads\rpc420_setup.exe
    2015-01-23 18:37 - 2015-01-23 19:19 - 2332997625 _____ () C:\Users\Joanna\Desktop\Castle.S07E12.Private.Eye.Caramba.1080p.WEB-DL.DD5.1.H.264-ECI.mp4
    2015-01-23 18:18 - 2015-01-23 18:35 - 1804931134 ____R () C:\Users\Joanna\Desktop\Castle.S07E12.Private.Eye.Caramba.1080p.WEB-DL.DD5.1.H.264-ECI.mkv
    2015-01-23 17:45 - 2015-01-23 17:45 - 13338017 _____ (RAR Password Unlocker, Inc. ) C:\Users\Joanna\Downloads\rar_password_unlocker_trial.exe
    2015-01-22 21:08 - 2015-01-22 21:08 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-22 21:07 - 2015-01-22 21:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Joanna\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-19 21:03 - 2015-01-19 21:07 - 295079237 _____ () C:\Users\Joanna\Desktop\castle.2009.712.hdtv-lol.mp4
    2015-01-18 23:14 - 2015-01-18 23:16 - 00000000 ____D () C:\Users\Joanna\Desktop\Boy Meets World Season 1 - 7 DVDRip
    2015-01-18 21:24 - 2015-02-02 19:30 - 00000000 ____D () C:\Users\Joanna\Desktop\Boy Meets World
    2015-01-17 13:44 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
    2015-01-17 13:44 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
    2015-01-16 07:26 - 2015-01-16 07:26 - 00000860 _____ () C:\Users\Joanna\Desktop\µTorrent.lnk
    2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
    2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
    2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
    2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
    2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
    2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
    2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
    2015-01-10 00:17 - 2015-01-10 00:17 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\LJ-Sec
    2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LJ-Sec
    2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Program Files (x86)\LJ-SecInstall
    2015-01-05 19:52 - 2015-01-07 19:37 - 00000000 ____D () C:\Users\Joanna\Desktop\Friends.S09.Season.9.720p.BluRay.x264-PublicHD

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-03 17:35 - 2013-04-28 16:03 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\ViStart
    2015-02-03 17:16 - 2014-10-27 18:24 - 00000350 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJoanna.job
    2015-02-03 17:16 - 2014-10-02 17:15 - 00034072 _____ () C:\WINDOWS\PFRO.log
    2015-02-03 17:16 - 2014-09-27 10:20 - 00005936 _____ () C:\WINDOWS\setupact.log
    2015-02-03 17:16 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-02-03 17:14 - 2013-04-26 00:20 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AC16CF4C-C03E-4E41-9FE2-F9829B69173E}
    2015-02-03 17:02 - 2013-04-26 00:26 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2802446628-2056013772-2352947291-1001
    2015-02-03 16:55 - 2013-04-26 21:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-02-03 16:45 - 2013-04-28 21:31 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001UA.job
    2015-02-03 16:38 - 2014-09-24 17:21 - 01093065 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-02-03 16:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-02-03 08:50 - 2014-10-27 18:24 - 00003166 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoanna
    2015-02-03 08:50 - 2014-06-03 19:26 - 00003826 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1397778706
    2015-02-03 08:50 - 2014-04-17 18:51 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    2015-02-03 08:50 - 2014-04-17 18:51 - 00000000 ____D () C:\Program Files (x86)\Opera
    2015-02-03 08:43 - 2014-03-07 18:42 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\uTorrent
    2015-02-03 07:19 - 2014-08-19 21:19 - 00000000 ____D () C:\Users\Joanna\AppData\Local\Adobe
    2015-02-03 00:27 - 2013-11-25 16:10 - 00001704 _____ () C:\Users\Joanna\AppData\Local\Adobe Save for Web 13.0 Prefs
    2015-02-02 22:45 - 2014-11-24 17:39 - 00000000 ____D () C:\Users\Joanna\Desktop\Castle Gifs
    2015-02-02 22:40 - 2013-04-28 11:09 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\mIRC
    2015-02-02 22:35 - 2013-07-16 15:27 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\vlc
    2015-02-02 22:07 - 2013-06-25 20:50 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Mp3tag
    2015-02-02 20:57 - 2013-04-27 15:29 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
    2015-02-02 20:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2015-02-02 20:02 - 2013-09-29 23:04 - 00962424 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-02-02 19:48 - 2014-07-11 15:42 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-02-02 19:47 - 2014-07-11 15:42 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-02-02 09:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Branding
    2015-02-01 16:52 - 2014-06-10 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
    2015-02-01 16:49 - 2014-10-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
    2015-02-01 16:49 - 2013-06-19 19:31 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\DVDVideoSoft
    2015-02-01 16:01 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2015-02-01 12:52 - 2014-06-30 07:47 - 00000000 ____D () C:\Users\Joanna\Desktop\Friends
    2015-02-01 12:51 - 2014-11-26 19:34 - 00000000 ____D () C:\Users\Joanna\Desktop\Friends Gifs
    2015-02-01 08:57 - 2013-04-27 18:40 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-30 07:27 - 2013-04-26 20:01 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
    2015-01-30 07:27 - 2013-04-26 20:01 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-28 06:47 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-01-27 22:42 - 2014-07-16 20:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2015-01-26 16:50 - 2013-04-27 06:01 - 00000000 ____D () C:\Users\Joanna\Desktop\Movies
    2015-01-24 15:20 - 2014-12-13 20:05 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-01-24 15:20 - 2014-12-13 20:05 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-24 15:11 - 2013-05-01 19:06 - 00000000 ____D () C:\Program Files\WinRAR
    2015-01-24 14:55 - 2013-04-26 21:15 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-01-24 08:31 - 2014-02-28 17:25 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
    2015-01-23 16:50 - 2013-05-01 20:12 - 00000000 ____D () C:\Program Files\Adobe
    2015-01-23 16:49 - 2013-05-01 20:07 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-01-23 16:37 - 2014-12-14 21:27 - 00000000 ___RD () C:\Users\Joanna\iCloudDrive
    2015-01-22 21:08 - 2014-07-11 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-22 21:08 - 2014-07-11 15:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-21 06:22 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-01-19 11:26 - 2013-08-02 08:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-01-19 11:12 - 2013-04-27 08:10 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-01-16 07:26 - 2014-04-28 20:04 - 00000840 _____ () C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2015-01-11 00:36 - 2013-04-26 21:26 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
    2015-01-05 20:20 - 2013-04-27 18:42 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Apple Computer
    2015-01-05 18:55 - 2014-05-18 17:04 - 00000000 ____D () C:\Users\Joanna\Desktop\Gilmore.Girls.COMPLETE.DVDRip.XviD
    2015-01-05 18:32 - 2014-12-21 20:52 - 01054912 _____ (Adobe) C:\Users\Joanna\Downloads\install_flashplayer16x32au_mssd_aaa_aih.exe
    2015-01-05 18:27 - 2013-11-19 21:41 - 00000000 ____D () C:\Users\Joanna
    2015-01-04 18:18 - 2014-12-26 16:00 - 00000000 ____D () C:\Users\Joanna\Desktop\Pics

    ==================== Files in the root of some directories =======

    2013-05-20 20:51 - 2014-02-12 17:26 - 0000132 _____ () C:\Users\Joanna\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2013-11-25 15:41 - 2014-03-04 10:07 - 0000132 _____ () C:\Users\Joanna\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2014-10-14 19:02 - 2014-10-14 19:02 - 0000132 _____ () C:\Users\Joanna\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
    2013-10-15 20:05 - 2014-09-26 09:48 - 0000132 _____ () C:\Users\Joanna\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2014-01-31 16:05 - 2014-01-31 16:05 - 0000046 _____ () C:\Users\Joanna\AppData\Roaming\Camdata.ini
    2014-01-31 16:05 - 2014-01-31 16:05 - 0000408 _____ () C:\Users\Joanna\AppData\Roaming\CamLayout.ini
    2014-01-31 16:05 - 2014-01-31 16:05 - 0000408 _____ () C:\Users\Joanna\AppData\Roaming\CamShapes.ini
    2014-01-31 16:05 - 2014-01-31 16:05 - 0004535 _____ () C:\Users\Joanna\AppData\Roaming\CamStudio.cfg
    2014-04-22 05:43 - 2014-04-28 17:05 - 0099384 _____ () C:\Users\Joanna\AppData\Roaming\inst.exe
    2014-04-22 05:43 - 2014-04-28 17:05 - 0007859 _____ () C:\Users\Joanna\AppData\Roaming\pcouffin.cat
    2014-04-22 05:43 - 2014-04-28 17:05 - 0001167 _____ () C:\Users\Joanna\AppData\Roaming\pcouffin.inf
    2014-04-22 05:43 - 2014-04-28 17:05 - 0000055 _____ () C:\Users\Joanna\AppData\Roaming\pcouffin.log
    2014-04-22 05:43 - 2014-04-28 17:05 - 0082816 _____ (VSO Software) C:\Users\Joanna\AppData\Roaming\pcouffin.sys
    2014-06-09 15:51 - 2014-06-09 15:51 - 0000097 _____ () C:\Users\Joanna\AppData\Roaming\settings.xml
    2014-01-31 15:57 - 2014-01-31 15:57 - 0000096 _____ () C:\Users\Joanna\AppData\Roaming\version2.xml
    2013-11-25 16:10 - 2015-02-03 00:27 - 0001704 _____ () C:\Users\Joanna\AppData\Local\Adobe Save for Web 13.0 Prefs
    2013-04-28 21:13 - 2014-05-31 21:54 - 0042496 _____ () C:\Users\Joanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-03-02 09:04 - 2014-03-02 09:04 - 0000218 _____ () C:\Users\Joanna\AppData\Local\recently-used.xbel
    2013-04-26 00:20 - 2013-04-26 00:20 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    Some content of TEMP:
    ====================
    C:\Users\Joanna\AppData\Local\Temp\bitool.dll
    C:\Users\Joanna\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Joanna\AppData\Local\Temp\EsgInstallerx64Stub.exe
    C:\Users\Joanna\AppData\Local\Temp\Extract.exe
    C:\Users\Joanna\AppData\Local\Temp\FreeAVIVideoConverter.exe
    C:\Users\Joanna\AppData\Local\Temp\FreeMP4VideoConverter.exe
    C:\Users\Joanna\AppData\Local\Temp\FreeStudio.exe
    C:\Users\Joanna\AppData\Local\Temp\mirc738.exe
    C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe
    C:\Users\Joanna\AppData\Local\Temp\RSPUpgradeInstaller.exe
    C:\Users\Joanna\AppData\Local\Temp\SearchProtectionSetup.exe
    C:\Users\Joanna\AppData\Local\Temp\SP63259.exe
    C:\Users\Joanna\AppData\Local\Temp\sqlite3.dll
    C:\Users\Joanna\AppData\Local\Temp\tmd_34012003.exe
    C:\Users\Joanna\AppData\Local\Temp\tmd_34014077.exe
    C:\Users\Joanna\AppData\Local\Temp\tmd_34016468.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-03 17:02

    ==================== End Of Log ============================
     
  10. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
    Ran by Joanna at 2015-02-03 17:39:41
    Running from C:\Users\Joanna\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AppTrans 1.5.3 (HKLM-x32\...\{F0B50B3A-0C1F-43D8-BE9A-70ADFB473114}}_is1) (Version: 1.5.3 - iMobie Inc.)
    AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
    Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    Free Studio version 6.4.3.128 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
    Free YouTube to MP3 Converter version 3.12.38.530 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
    Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    GetFLV 9.6.7.8 (HKLM-x32\...\GetFLV_is1) (Version: - GetFLV, Inc.)
    Google Chrome (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
    HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
    HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{92E8BC5B-6023-4846-8151-415351A4FAFF}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
    iExplorer 3.2.4.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
    iWisoft Flash SWF to Video Converter 3.5 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.5.0 - www.flash-swf-converter.com)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
    Kid Pix 3D (HKLM-x32\...\InstallShield_{24C95DA6-8179-40D2-BAFB-5DC5D90B4FCB}) (Version: 2.21.289 - Software MacKiev)
    Kid Pix 3D (x32 Version: 2.21.289 - Software MacKiev) Hidden
    KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.128 - PandoraTV)
    LEGO Education WeDo Software v1.2 (HKLM-x32\...\{0CBEA767-D647-4F22-89F6-273D70EB0CE5}) (Version: 1.2.0 - LEGO Company)
    LJ-SecInstall (HKLM-x32\...\{6669F1CB-09D2-4850-B72D-D540B1069A41}) (Version: 1.0.2 - Jabil Circuit, Inc)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
    Opera Stable 27.0.1689.66 (HKLM-x32\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
    Roxio Activation Module (HKLM-x32\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
    Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
    Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
    Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
    Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
    Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
    Roxio Drag-to-Disc (HKLM\...\{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}) (Version: 9.1 - Roxio)
    Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Silhouette Studio (HKLM-x32\...\{36FB379E-8578-4987-B72E-68FBBCDD1CD2}) (Version: 3.1.417 - Silhouette America)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
    Streaming Video Recorder V4.3.8 (HKLM\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.3.8 - Apowersoft)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
    Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Video Download Capture version 4.9.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.0 - APOWERSOFT LIMITED)
    ViStart (HKLM-x32\...\ViStart) (Version: 8.1.0.5132 - Lee-Soft.com)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VSO Downloader 3.2.0.6 (HKLM-x32\...\{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1) (Version: 3.2.0.6 - VSO Software)
    VSO EVE Network Driver version 1.0.0.26 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.26 - VSO Software)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Migration Assistant (HKLM-x32\...\{8D38F2F7-5217-4773-95F8-19FECDC6B0C3}) (Version: 1.0.5.7 - Apple Inc.)
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
    Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.1.0.20120222 - Xilisoft)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    18-01-2015 09:33:04 Windows Update
    22-01-2015 19:39:01 Windows Update
    28-01-2015 06:45:28 Windows Update
    02-02-2015 19:46:12 FF
    02-02-2015 20:44:32 Malwarebytes Anti-Rootkit Restore Point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 00:26 - 2014-03-02 21:18 - 00001973 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
    127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
    127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
    127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
    127.0.0.1 support.apowersoft.com
    127.0.0.1 www.apowersoft.com
    127.0.0.1 apowersoft.com


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {255DDA7E-F9AF-44C1-A3D4-A14C830BBF75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
    Task: {29304349-FA5C-40A6-BC3E-6067713BBB5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {38097089-EC9F-4A4F-ACC3-6A7BC1FC5392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {421A4AF3-9A1F-4C59-A6BD-02FC5422E889} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {516B1A0C-776A-40E5-A713-3B3E33EEE3DF} - System32\Tasks\Opera scheduled Autoupdate 1397778706 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-02] (Opera Software)
    Task: {6556A45F-AB2E-4139-B190-117C966E3779} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
    Task: {668B1650-6014-4ABA-9951-0BF3C5B95FD9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-07] (Synaptics Incorporated)
    Task: {6A78F76B-C856-465D-9256-0F656E284283} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
    Task: {7001A78D-D2A3-4BD8-9E8F-B666EF09DD57} - System32\Tasks\HPCeeScheduleForJoanna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {722B700C-33CD-48B2-B50E-BF342B03F82F} - System32\Tasks\{3B18762D-FD62-4CF8-AE5F-63B15A812A67} => pcalua.exe -a C:\Users\Joanna\Downloads\RemoteAccessHostXP.exe -d C:\Users\Joanna\Downloads
    Task: {72EC89B9-A3C3-4D47-8573-B9822F5D67CB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
    Task: {73D3DF68-16FB-4023-95D1-AF23C4D5F8E7} - System32\Tasks\{689FE945-6AA1-4506-BBAC-406CF3A5188D} => pcalua.exe -a "C:\Program Files\Apowersoft\Streaming Video Recorder\unins000.exe"
    Task: {7B427909-5913-4304-9AF2-E12FB9258792} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {7BDE6D77-2EB6-444F-9BE6-827561910C07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {8776D4C8-514D-408B-B98C-4EBDF0FB3179} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    Task: {8EA586B2-2716-454D-8B74-099565B481BB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001Core => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
    Task: {A6C46F3C-2D50-4790-880D-72B933241D8B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
    Task: {B8EF3738-4D29-41A6-9D16-4681A548E61D} - System32\Tasks\AdobeAAMUpdater-1.0-Newbie-Joanna => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
    Task: {C256E924-0A9F-49DD-A350-86E4AADCAA4A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001UA => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
    Task: {CE4B7AB5-0796-48C7-B7B1-310525B92613} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {D326E5ED-7315-421B-A417-376A7231710E} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
    Task: {DC9F0839-19A3-4017-99A7-236E9B2086EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
    Task: {FA32AF69-C19E-40C2-A472-9368EDCEE24C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001Core.job => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2802446628-2056013772-2352947291-1001UA.job => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForJoanna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-09-06 03:47 - 2012-09-06 03:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
    2013-06-07 04:16 - 2013-06-07 04:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
    2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
    2012-10-12 20:22 - 2012-10-12 20:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
    2013-11-19 22:10 - 2013-11-19 22:10 - 00120224 _____ () C:\Users\Joanna\AppData\Local\assembly\dl3\O7PQMR1O.G08\MV1X3Q90.3B5\8fd65b8c\00f33f28_e1a8cd01\HPItunesModule.DLL
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-03-29 01:54 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-02-01 22:47 - 2015-01-26 22:44 - 01117512 _____ () C:\Users\Joanna\AppData\Local\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
    2015-02-01 22:47 - 2015-01-26 22:44 - 00211272 _____ () C:\Users\Joanna\AppData\Local\Google\Chrome\Application\40.0.2214.94\libegl.dll
    2015-02-01 22:47 - 2015-01-26 22:44 - 09171272 _____ () C:\Users\Joanna\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll
    2015-02-01 22:47 - 2015-01-26 22:44 - 14913864 _____ () C:\Users\Joanna\AppData\Local\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "BCSSync"
    HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
    HKLM\...\StartupApproved\Run32: => "DivXUpdate"
    HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
    HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "GmailNotifierPro"
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B50826638171B982A76266700AE576E6"
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "iCloudDrive"
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\...\StartupApproved\Run: => "ApplePhotoStreams"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2802446628-2056013772-2352947291-500 - Administrator - Disabled)
    Guest (S-1-5-21-2802446628-2056013772-2352947291-501 - Limited - Disabled)
    Joanna (S-1-5-21-2802446628-2056013772-2352947291-1001 - Administrator - Enabled) => C:\Users\Joanna

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/03/2015 05:35:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program ViStart.exe version 8.1.0.5132 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: db0

    Start Time: 01d04000e53dea5c

    Termination Time: 4294967295

    Application Path: C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exe

    Report Id: e6d74e69-abf4-11e4-befd-bce90cc8b351

    Faulting package full name:

    Faulting package-relative application ID:


    System errors:
    =============
    Error: (02/03/2015 05:39:13 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/03/2015 05:38:43 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/03/2015 05:38:13 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/03/2015 05:37:43 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/03/2015 05:37:13 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/03/2015 05:36:43 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/03/2015 05:36:13 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/03/2015 05:35:42 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/03/2015 05:35:12 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/03/2015 05:34:42 PM) (Source: DCOM) (EventID: 10010) (User: Newbie)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Microsoft Office Sessions:
    =========================
    Error: (02/03/2015 05:35:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: ViStart.exe8.1.0.5132db001d04000e53dea5c4294967295C:\Users\Joanna\AppData\Roaming\ViStart\ViStart.exee6d74e69-abf4-11e4-befd-bce90cc8b351


    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-03 17:03:48.877
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-03 08:04:45.969
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-03 07:36:30.010
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-03 07:36:29.881
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-03 07:36:29.745
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-03 07:36:29.551
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-03 07:36:29.429
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-03 07:36:29.305
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-03 07:36:28.389
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-02-03 07:36:28.199
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
    Percentage of memory in use: 17%
    Total physical RAM: 16280.28 MB
    Available physical RAM: 13403.04 MB
    Total Pagefile: 18712.28 MB
    Available Pagefile: 15252.68 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:669.38 GB) (Free:255.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:28.14 GB) (Free:3.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 40BEBE1B)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
    Ran by Joanna at 2015-02-03 20:40:39 Run:1
    Running from C:\Users\Joanna\Desktop
    Loaded Profiles: Joanna (Available profiles: Joanna)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-2802446628-2056013772-2352947291-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    C:\Users\Joanna\AppData\Local\Temp\bitool.dll
    C:\Users\Joanna\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Joanna\AppData\Local\Temp\EsgInstallerx64Stub.exe
    C:\Users\Joanna\AppData\Local\Temp\Extract.exe
    C:\Users\Joanna\AppData\Local\Temp\FreeAVIVideoConverter.exe
    C:\Users\Joanna\AppData\Local\Temp\FreeMP4VideoConverter.exe
    C:\Users\Joanna\AppData\Local\Temp\FreeStudio.exe
    C:\Users\Joanna\AppData\Local\Temp\mirc738.exe
    C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe
    C:\Users\Joanna\AppData\Local\Temp\RSPUpgradeInstaller.exe
    C:\Users\Joanna\AppData\Local\Temp\SearchProtectionSetup.exe
    C:\Users\Joanna\AppData\Local\Temp\SP63259.exe
    C:\Users\Joanna\AppData\Local\Temp\sqlite3.dll
    C:\Users\Joanna\AppData\Local\Temp\tmd_34012003.exe
    C:\Users\Joanna\AppData\Local\Temp\tmd_34014077.exe
    C:\Users\Joanna\AppData\Local\Temp\tmd_34016468.exe

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
    C:\Users\Joanna\AppData\Local\Temp\bitool.dll => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\EsgInstallerx64Stub.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\Extract.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\FreeAVIVideoConverter.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\FreeMP4VideoConverter.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\FreeStudio.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\mirc738.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\RSPUpgradeInstaller.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\SP63259.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\tmd_34012003.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\tmd_34014077.exe => Moved successfully.
    C:\Users\Joanna\AppData\Local\Temp\tmd_34016468.exe => Moved successfully.

    ==== End of Fixlog 20:40:42 ====
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  14. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    Results of screen317's Security Check version 0.99.96
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 25
    Java version 32-bit out of Date!
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Adobe Reader XI
    Mozilla Firefox (35.0.1)
    Google Chrome (40.0.2214.93)
    Google Chrome (40.0.2214.94)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  15. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    Farbar Service Scanner Version: 17-01-2015
    Ran by Joanna (administrator) on 04-02-2015 at 21:16:24
    Running from "C:\Users\Joanna\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Sophos?
     
  17. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    It was going no where fast and I had to go to bed, so I will start it again now.
     
  18. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    2015-02-05 02:45:54.393 Sophos Virus Removal Tool version 2.5.4
    2015-02-05 02:45:54.393 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-02-05 02:45:54.393 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-02-05 02:45:54.393 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
    2015-02-05 02:45:54.393 Checking for updates...
    2015-02-05 02:45:54.409 Update progress: proxy server not available
    2015-02-05 02:46:01.555 Option all = no
    2015-02-05 02:46:01.555 Option recurse = yes
    2015-02-05 02:46:01.555 Option archive = no
    2015-02-05 02:46:01.555 Option service = yes
    2015-02-05 02:46:01.555 Option confirm = yes
    2015-02-05 02:46:01.555 Option sxl = yes
    2015-02-05 02:46:01.555 Option max-data-age = 35
    2015-02-05 02:46:01.555 Option EnableSafeClean = yes
    2015-02-05 02:46:02.771 Downloading updates...
    2015-02-05 02:46:02.771 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-02-05 02:46:02.771 Update progress: [I49502] Found supplement IDE514 LATEST
    2015-02-05 02:46:02.771 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-02-05 02:46:02.771 Update progress: [I19463] Syncing product SAVIW32 49
    2015-02-05 02:46:08.612 Update progress: [I19463] Syncing product IDE511 170
    2015-02-05 02:46:11.394 Installing updates...
    2015-02-05 02:46:13.880 Option vdl-logging = yes
    2015-02-05 02:46:14.482 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-05 02:46:14.482 Machine ID: 165a31a524264af5996f79521d7bb7dc
    2015-02-05 02:46:14.482 Component SVRTcli.exe version 2.5.4
    2015-02-05 02:46:14.482 Component control.dll version 2.5.4
    2015-02-05 02:46:14.482 Component SVRTservice.exe version 2.5.4
    2015-02-05 02:46:14.482 Component engine\osdp.dll version 1.44.1.2183
    2015-02-05 02:46:14.482 Component engine\veex.dll version 3.58.3.2183
    2015-02-05 02:46:14.482 Component engine\savi.dll version 8.1.5.2183
    2015-02-05 02:46:14.482 Component rkdisk.dll version 1.5.30.0
    2015-02-05 02:46:14.482 Version info: Product version 2.5.4
    2015-02-05 02:46:14.483 Version info: Detection engine 3.58.3
    2015-02-05 02:46:14.483 Version info: Detection data 5.10
    2015-02-05 02:46:14.483 Version info: Build date 1/6/2015
    2015-02-05 02:46:14.483 Version info: Data files added 342
    2015-02-05 02:46:14.483 Version info: Last successful update (not yet updated)
    2015-02-05 02:46:14.483 Error level 1
    2015-02-05 02:46:14.495 Update progress: [I19463] Syncing product IDE512 166
    2015-02-05 02:46:14.495 Update progress: [I19463] Syncing product IDE513 11
    2015-02-05 02:46:14.495 Update progress: [I19463] Syncing product IDE514 1
    2015-02-05 02:46:57.279 Update successful
    2015-02-05 02:47:12.827 Option all = no
    2015-02-05 02:47:12.827 Option recurse = yes
    2015-02-05 02:47:12.827 Option archive = no
    2015-02-05 02:47:12.827 Option service = yes
    2015-02-05 02:47:12.827 Option confirm = yes
    2015-02-05 02:47:12.827 Option sxl = yes
    2015-02-05 02:47:12.828 Option max-data-age = 35
    2015-02-05 02:47:12.828 Option EnableSafeClean = yes
    2015-02-05 02:47:13.124 Option vdl-logging = yes
    2015-02-05 02:47:13.190 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-05 02:47:13.190 Machine ID: 165a31a524264af5996f79521d7bb7dc
    2015-02-05 02:47:13.191 Component SVRTcli.exe version 2.5.4
    2015-02-05 02:47:13.191 Component control.dll version 2.5.4
    2015-02-05 02:47:13.191 Component SVRTservice.exe version 2.5.4
    2015-02-05 02:47:13.191 Component engine\osdp.dll version 1.44.1.2183
    2015-02-05 02:47:13.191 Component engine\veex.dll version 3.58.3.2183
    2015-02-05 02:47:13.191 Component engine\savi.dll version 8.1.5.2183
    2015-02-05 02:47:13.192 Component rkdisk.dll version 1.5.30.0
    2015-02-05 02:47:13.192 Version info: Product version 2.5.4
    2015-02-05 02:47:13.192 Version info: Detection engine 3.58.3
    2015-02-05 02:47:13.192 Version info: Detection data 5.10G
    2015-02-05 02:47:13.192 Version info: Build date 1/6/2015
    2015-02-05 02:47:13.192 Version info: Data files added 342
    2015-02-05 02:47:13.192 Version info: Last successful update 2/4/2015 9:46:57 PM

    2015-02-05 03:29:15.756 SafeClean bin directory is empty.
    2015-02-05 03:29:15.757 Error level 0

    2015-02-05 03:29:15.916 Scan cancelled by user.
    2015-02-05 03:29:15.916

    ------------------------------------------------------------

    2015-02-05 21:50:33.566 Sophos Virus Removal Tool version 2.5.4
    2015-02-05 21:50:33.566 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-02-05 21:50:33.566 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-02-05 21:50:33.566 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
    2015-02-05 21:50:33.567 Checking for updates...
    2015-02-05 21:50:33.576 Update progress: proxy server not available
    2015-02-05 21:50:44.524 Option all = no
    2015-02-05 21:50:44.524 Option recurse = yes
    2015-02-05 21:50:44.524 Option archive = no
    2015-02-05 21:50:44.524 Option service = yes
    2015-02-05 21:50:44.524 Option confirm = yes
    2015-02-05 21:50:44.524 Option sxl = yes
    2015-02-05 21:50:44.526 Option max-data-age = 35
    2015-02-05 21:50:44.526 Option EnableSafeClean = yes
    2015-02-05 21:50:45.126 Option vdl-logging = yes
    2015-02-05 21:50:45.132 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-05 21:50:45.132 Machine ID: 165a31a524264af5996f79521d7bb7dc
    2015-02-05 21:50:45.240 Component SVRTcli.exe version 2.5.4
    2015-02-05 21:50:45.240 Component control.dll version 2.5.4
    2015-02-05 21:50:45.240 Component SVRTservice.exe version 2.5.4
    2015-02-05 21:50:45.240 Component engine\osdp.dll version 1.44.1.2183
    2015-02-05 21:50:45.240 Component engine\veex.dll version 3.58.3.2183
    2015-02-05 21:50:45.241 Component engine\savi.dll version 8.1.5.2183
    2015-02-05 21:50:45.312 Component rkdisk.dll version 1.5.30.0
    2015-02-05 21:50:45.312 Version info: Product version 2.5.4
    2015-02-05 21:50:45.313 Version info: Detection engine 3.58.3
    2015-02-05 21:50:45.313 Version info: Detection data 5.10G
    2015-02-05 21:50:45.313 Version info: Build date 1/6/2015
    2015-02-05 21:50:45.313 Version info: Data files added 342
    2015-02-05 21:50:45.313 Version info: Last successful update 2/4/2015 9:46:57 PM
    2015-02-05 21:50:46.530 Downloading updates...
    2015-02-05 21:50:46.531 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-02-05 21:50:46.531 Update progress: [I49502] Found supplement IDE514 LATEST
    2015-02-05 21:50:46.531 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-02-05 21:50:46.531 Update progress: [I19463] Syncing product SAVIW32 49
    2015-02-05 21:50:46.531 Update progress: [I19463] Syncing product IDE511 170
    2015-02-05 21:50:48.474 Update progress: [I19463] Syncing product IDE512 166
    2015-02-05 21:50:48.474 Update progress: [I19463] Syncing product IDE513 16
    2015-02-05 21:50:48.778 Installing updates...
    2015-02-05 21:50:49.382 Error level 1
    2015-02-05 21:50:49.593 Update progress: [I19463] Syncing product IDE514 1
    2015-02-05 21:50:49.680 Update successful
    2015-02-05 21:51:01.033 Option all = no
    2015-02-05 21:51:01.033 Option recurse = yes
    2015-02-05 21:51:01.033 Option archive = no
    2015-02-05 21:51:01.034 Option service = yes
    2015-02-05 21:51:01.034 Option confirm = yes
    2015-02-05 21:51:01.034 Option sxl = yes
    2015-02-05 21:51:01.036 Option max-data-age = 35
    2015-02-05 21:51:01.036 Option EnableSafeClean = yes
    2015-02-05 21:51:01.292 Option vdl-logging = yes
    2015-02-05 21:51:01.299 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-05 21:51:01.299 Machine ID: 165a31a524264af5996f79521d7bb7dc
    2015-02-05 21:51:01.300 Component SVRTcli.exe version 2.5.4
    2015-02-05 21:51:01.300 Component control.dll version 2.5.4
    2015-02-05 21:51:01.300 Component SVRTservice.exe version 2.5.4
    2015-02-05 21:51:01.300 Component engine\osdp.dll version 1.44.1.2183
    2015-02-05 21:51:01.300 Component engine\veex.dll version 3.58.3.2183
    2015-02-05 21:51:01.300 Component engine\savi.dll version 8.1.5.2183
    2015-02-05 21:51:01.301 Component rkdisk.dll version 1.5.30.0
    2015-02-05 21:51:01.301 Version info: Product version 2.5.4
    2015-02-05 21:51:01.301 Version info: Detection engine 3.58.3
    2015-02-05 21:51:01.301 Version info: Detection data 5.10G
    2015-02-05 21:51:01.301 Version info: Build date 1/6/2015
    2015-02-05 21:51:01.301 Version info: Data files added 347
    2015-02-05 21:51:01.301 Version info: Last successful update 2/5/2015 4:50:49 PM

    2015-02-05 23:54:34.723 Could not open C:\hiberfil.sys
    2015-02-05 23:54:41.284 Could not open C:\pagefile.sys
    2015-02-06 00:11:13.526 Could not open C:\swapfile.sys
    2015-02-06 00:13:46.284 Could not open C:\System Volume Information\{0c184c8d-aae9-11e4-befa-6c3be58a64ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-06 00:13:46.285 Could not open C:\System Volume Information\{0c184d37-aae9-11e4-befa-6c3be58a64ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-06 00:13:46.285 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-06 00:13:46.286 Could not open C:\System Volume Information\{af3ae6e4-acdb-11e4-befe-bb8bff3ebf9b}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-06 00:14:28.809 Could not open C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Current Session
    2015-02-06 00:14:28.811 Could not open C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
    2015-02-06 00:14:29.162 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2015-02-06 00:14:29.172 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-02-06 00:14:34.369 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
    2015-02-06 00:14:36.126 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\LOCK (virus scan failed)
    2015-02-06 00:14:36.278 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dhdgffkkebhmkfjojejmpbldmpobfkfo\LOCK (virus scan failed)
    2015-02-06 00:14:36.286 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fpfgeeomkfdefkckijiabdbogjkdaecd\LOCK (virus scan failed)
    2015-02-06 00:14:36.295 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpdjojdkbbmdfjfahjcgigfpmkopogic\LOCK (virus scan failed)
    2015-02-06 00:14:36.307 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-02-06 00:15:02.463 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-02-06 00:15:02.605 Could not check C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\immhpnclomdloikkpcefncmfgjbkojmh\LOCK (virus scan failed)
    2015-02-06 00:37:40.580 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-02-06 00:37:40.582 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-02-06 00:37:45.348 Could not open C:\Windows\System32\config\BBI
    2015-02-06 00:37:45.649 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-02-06 00:37:45.653 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-02-06 00:37:45.654 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-02-06 00:37:45.657 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-02-06 00:37:45.659 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-02-06 00:46:43.191 >>> Virus 'Mal/VMProtBad-A' found in file C:\Windows\SysWOW64\regsvc.dll
    2015-02-06 00:46:43.192 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-02-06 00:46:43.192 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-2802446628-2056013772-2352947291-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-02-06 00:58:05.789 The following items will be cleaned up:
    2015-02-06 00:58:05.789 Mal/VMProtBad-A
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    You need to update only 32-bit version. 64-bit version is up to date.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    =====================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  20. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    I'm still infected :(
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Explain. I'm not there.
     
  22. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    Here's a picture. When I click anywhere 5 ads open up. I circled where it says 'ads by info'

    [​IMG]
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Which browser?
     
  24. fan1bsb97

    fan1bsb97 TS Enthusiast Topic Starter Posts: 150

    Firefox
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...