TechSpot

Keep getting stupid shopping malware installed

By Dale Ferrier
Feb 7, 2015
  1. I have obviously gotten some kind of trojan or something. This all started when I stupidly tried to install a cheat for a game. The installer kept going for a long time and I realized something was up so I killed it and then after a few days all these shopping popups started appearing in firefox.

    They had been installed as both running software which I removed from programs and features and also as plugins in firefox which I also removed.

    I have used two different malware removers which take all installed software off but then after a day or so they begin appearing again.

    Here are the logs from the malware removal instructions:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/7/2015
    Scan Time: 1:55:27 PM
    Logfile: my_scan_150207.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.07.08
    Rootkit Database: v2015.02.03.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: dferrier

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 404089
    Time Elapsed: 20 min, 25 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.MiniAdblocker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [515358c3eb9fba7cf590e294df245ca4],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.MiniAdblocker.A, C:\ProgramData\Mini - Adblocker, Quarantined, [515358c3eb9fba7cf590e294df245ca4],

    Files: 1
    PUP.Optional.MiniAdblocker.A, C:\ProgramData\Mini - Adblocker\Mini - Adblocker.exe, Quarantined, [515358c3eb9fba7cf590e294df245ca4],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    AccelerometerP11
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe CS6 Design and Web Premium
    Adobe Download Assistant
    Adobe Flash Player 16 NPAPI
    Adobe Help Manager
    Adobe Photoshop Lightroom 3.6 64-bit
    Adobe Reader XI (11.0.01)
    Adobe Refresh Manager
    Adobe Story
    Adobe Widget Browser
    Adobe® Content Viewer
    Advanced Audio FX Engine
    AFPL Ghostscript 8.54
    AFPL Ghostscript Fonts
    ANT Drivers Installer x64
    Apple Application Support
    AudibleManager
    Audiograbber 1.83 SE
    Audiograbber MP3 Plugin (64 bit)
    BioShock 2
    Bonjour
    Canon MX920 series MP Drivers
    ColorMunki Photo 1.1.1
    CompanionLink
    Complete Gun Inventory Clerk Pro 7
    Creative Pack Volume 1
    CyberLink LabelPrint 2.5
    CyberLink Media Suite 10
    CyberLink Power2Go 8
    CyberLink PowerDirector 10
    CyberLink PowerDirector 12
    CyberLink PowerDVD 10
    dBpoweramp DirectShow Decoder
    dBpoweramp DSP Effects
    dBpoweramp Music Converter
    dBPowerAMP Real Audio (Helix) Encoder
    DDC Driver 1.5
    Dell Edoc Viewer
    Deponia
    Dillon XL650
    DivX Setup
    Driver Fusion Premium
    DVD Shrink 3.2
    Elevated Installer
    FastRawViewer x64 1.0.4.530
    FileZilla Client 3.8.0
    Filmmaker's Toolkit for Studio
    FLV to MP3 Converter 2.2.2.0
    Font Viewer 2.0
    Garmin Communicator Plugin
    Garmin Communicator Plugin x64
    Garmin Express
    Garmin Express Tray
    Garmin Training Center
    Garmin Training Center 3.4.3
    Getting Started with Avid Studio MULTILINGUAL
    Getting Started with the new Pinnacle Studio MULTILINGUAL
    GoldWave v5.69
    Google Update Helper
    HandBrake 0.9.9.1
    Hollywood FX Volumes 1-3
    ImgBurn
    Indeo® Software
    Instant JPEG From RAW
    Intel PROSet Wireless
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Turbo Boost Technology Monitor 2.0
    Intel(R) WiDi
    Intel(R) Wireless Display
    Intel® PROSet/Wireless WiFi Software
    iTunes
    Java 7 Update 71
    Java Auto Updater
    K-Lite Codec Pack 8.9.2 (Full)
    Knoll Light Factory EZ Studio 15
    Kolor Autopano Pro 2.6
    License Support
    LIMBO
    Logitech Gaming Software
    LRTimelapse 3.4.1
    Magic Bullet Looks Studio 15
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 2.0.4.1028
    Mandelbulber
    McAfee Security Scan Plus
    MDF to ISO version 1.0
    MediaInfo 0.7.65
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 SDK
    Microsoft .NET Framework 4.5.1
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
    Microsoft Help Viewer 2.0
    Microsoft Help Viewer 2.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio Team Foundation Server 2012 Object Model
    Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    Microsoft XNA Framework Redistributable 3.1
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    Motion Graphics Toolkit for Studio
    Mozilla Firefox 35.0.1 (x86 en-US)
    MPC-HC 1.7.6
    MSVCRT Redists
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MuseScore 1.3
    NewBlue Video Essentials for PowerDirector
    NVIDIA Control Panel 285.77
    NVIDIA HD Audio Driver 1.2.24.0
    NVIDIA Install Application
    NVIDIA Optimus 1.5.21
    NVIDIA PhysX
    NVIDIA Update Components
    ODIR
    PC Study Bible (remove only)
    PDF Password Remover v3.1
    PDF Printer Pro v1.3
    PDF Settings CS6
    Perfect Photo Suite 6.1
    Photomatix Pro version 5.0.5a
    Pinnacle Studio 15
    Pinnacle Studio 15 Ultimate Collection Plugins
    Pinnacle Studio 16
    Pinnacle Studio 16 - Install Manager
    Pinnacle Studio 16 - Standard Content Pack
    Pinnacle Studio Bonus Content
    Pinnacle Video Driver
    PL-2303 USB-to-Serial
    PlayReady PC Runtime x86
    Portrait Professional Studio 10.6
    PRE10STI64Installer
    Premium Pack Volumes 1-2
    Prerequisites for SSDT
    PxMergeModule
    Quickset64
    QuickTime
    Realtek High Definition Audio Driver
    Red Giant ToonIt Studio 15
    Renesas Electronics USB 3.0 Host Controller Driver
    SAMSUNG USB Driver for Mobile Phones
    ScoreFitter Volumes 1-2
    SDK
    Security Task Manager 1.8c
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    SmartSound Common Data
    SmartSound Quicktracks 5
    Snagit 11
    Sound Blaster X-Fi MB
    SpamBayes 1.1a6
    SportTracks 3.1
    Steam
    Still Life
    StreamTorrent 1.0
    SureThing Disc Labeler Deluxe
    Synaptics Pointing Device Driver
    Title Extreme
    Total Recorder 8.2
    Transistor
    Trapcode 3DStroke Studio 15
    Trapcode Particular Studio
    Trapcode Shine Studio 15
    True Launch Bar
    UltraEdit
    UninstallDeviceDll 1.1
    Universal Adb Driver
    Update for (KB2504637)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    Visual C++ 64-bit Redistributables
    Visual C++ Redistributables
    VLC media player 2.1.3
    VOB2MPG v3
    Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
    Windows Live ID Sign-in Assistant
    WinRAR archiver
    Wondershare Video Converter Ultimate(Build 7.1.3.3)
    X-Rite Device ColorMunki Service
    X-Rite Device Manager
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.71.2
    Run by dferrier at 14:25:50 on 2015-02-07
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uSearch Bar = Preserve
    mStart Page = www.google.com
    uWinlogon: Shell = -
    mWinlogon: Userinit = userinit.exe,
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll
    BHO: 50COauPonns: {5426d494-2d8f-4c5a-98fd-8abc2fc2240d} - C:\Program Files (x86)\50COauPonns\TzroCyYMSyMeeI.dll
    BHO: GirreatSavee4U: {c26a5ded-a57b-43e1-be18-ad1c8361efe0} - C:\Program Files (x86)\GirreatSavee4U\bsFElqYSiFdRkK.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [AdobeBridge] <no file>
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    dRun: [Reasonable NoClone] "C:\Program Files (x86)\Reasonable NoClone 2011 Enterprise\NoClone.exe" null /startup
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: EnableUIPI = dword:1
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: dell.com
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{BD2D18FB-1FBF-413C-94DD-79A3E1FE2F06} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{BD2D18FB-1FBF-413C-94DD-79A3E1FE2F06}\1443358303 : DHCPNameServer = 192.168.1.1 68.238.96.12
    TCP: Interfaces\{BD2D18FB-1FBF-413C-94DD-79A3E1FE2F06}\4416973794E6E67596669664F62764275656 : DHCPNameServer = 4.2.2.2 4.2.2.3
    TCP: Interfaces\{BD2D18FB-1FBF-413C-94DD-79A3E1FE2F06}\44443556276756271405 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{BD2D18FB-1FBF-413C-94DD-79A3E1FE2F06}\7597E6468616D602255637F6274737 : DHCPNameServer = 24.223.107.5 24.72.200.5
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - <orphaned>
    AppInit_DLLs= c:\windows\syswow64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
    x64-BHO: 50COauPonns: {5426d494-2d8f-4c5a-98fd-8abc2fc2240d} - C:\Program Files (x86)\50COauPonns\TzroCyYMSyMeeI.x64.dll
    x64-BHO: GirreatSavee4U: {c26a5ded-a57b-43e1-be18-ad1c8361efe0} - C:\Program Files (x86)\GirreatSavee4U\bsFElqYSiFdRkK.x64.dll
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\bzysztwx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchoholic.info/?pid=21858&r=2015/01/02&hid=2024647092360809010&lg=EN&cc=US&unqvl=72&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\bzysztwx.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\Uedit32.exe="C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1" [UserChoice]
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
    ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional Studio 10\PortraitProfessionalStudio.exe" /P "%1"
    .
    =============== Created Last 30 ================
    .
    2015-02-07 19:31:20 -------- d-----w- C:\Program Files (x86)\NickelBlock
    2015-02-07 19:31:18 -------- d-----w- C:\Program Files (x86)\GRaeatSaavE4U
    2015-02-07 19:31:11 -------- d-----w- C:\Program Files (x86)\50COauPonns
    2015-02-06 19:40:31 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E62312D-3891-4C4B-9488-CEEB3FCC1D97}\mpengine.dll
    2015-02-06 14:17:40 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-02-05 18:24:38 -------- d-----w- C:\Users\dferrier\AppData\Roaming\Athentech
    2015-02-05 18:24:35 -------- d-----w- C:\Program Files\Athentech
    2015-02-03 22:22:45 -------- d-----w- C:\Users\dferrier\AppData\Local\LibRaw LLC
    2015-02-03 22:22:36 -------- d-----w- C:\Program Files\LibRaw
    2015-01-31 23:43:34 -------- d-----w- C:\ProgramData\McAfee Security Scan
    2015-01-31 23:43:29 -------- d-----w- C:\Program Files\McAfee Security Scan
    2015-01-31 12:22:05 -------- d-----w- C:\Program Files (x86)\DiScounttExitEnsii
    2015-01-31 12:22:03 -------- d-----w- C:\Program Files (x86)\NBA Live News
    2015-01-31 12:21:58 -------- d-----w- C:\Program Files (x86)\GirreatSavee4U
    2015-01-23 06:30:49 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92762E6E-7F7C-443D-B16D-494C84DB1F9A}\gapaengine.dll
    2015-01-17 02:53:44 -------- d-----w- C:\Users\dferrier\AppData\Roaming\Avg_Update_1014av
    2015-01-17 02:53:29 -------- d-----w- C:\ProgramData\Avg_Update_1014av
    2015-01-17 02:49:07 -------- d-----w- C:\Users\dferrier\AppData\Roaming\TuneUp Software
    2015-01-17 02:43:20 -------- d--h--w- C:\ProgramData\Common Files
    2015-01-17 02:43:19 -------- d-----w- C:\Users\dferrier\AppData\Local\MFAData
    2015-01-17 02:43:19 -------- d-----w- C:\ProgramData\MFAData
    2015-01-17 02:35:37 -------- d-----w- C:\ProgramData\DiSCCountExtaensi
    2015-01-17 02:29:13 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-01-17 02:28:59 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2015-01-17 02:28:59 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2015-01-17 02:28:59 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2015-01-17 02:28:59 -------- d-----w- C:\ProgramData\Malwarebytes
    2015-01-17 02:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-17 02:20:16 -------- d-----w- C:\Program Files (x86)\NNetoCoouupon
    2015-01-17 02:20:13 -------- d-----w- C:\Program Files (x86)\RAnDommPRice
    2015-01-17 02:15:23 -------- d-----w- C:\Program Files (x86)\RelayAppend
    2015-01-16 12:14:50 -------- d-----w- C:\ProgramData\EaxsttraSSaviings
    2015-01-15 14:40:31 82112 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
    2015-01-15 14:40:31 202560 ----a-w- C:\Windows\System32\drivers\ssudserd.sys
    2015-01-15 14:40:31 202560 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
    2015-01-14 04:16:24 -------- d-----w- C:\ProgramData\RAnDommPRice
    2015-01-12 03:35:19 -------- d-----w- C:\Users\dferrier\AppData\Roaming\chc
    2015-01-12 03:21:50 -------- d-----w- C:\Program Files\PhotomatixPro5
    2015-01-11 02:11:39 -------- d-----w- C:\Users\dferrier\AppData\Roaming\DslrDashboard
    2015-01-11 02:06:44 -------- d-----w- C:\Program Files (x86)\qdslrdashboard windows
    2015-01-09 22:25:13 -------- d-----w- C:\ProgramData\GreoatSuavoe4U
    2015-01-09 22:24:54 -------- d-----w- C:\ProgramData\NNetoCoouupon
    2015-01-09 06:34:51 -------- d-----w- C:\ProgramData\81154615f828cc82
    2015-01-09 00:00:07 -------- d-----w- C:\Users\dferrier\AppData\Roaming\LRTimelapse
    2015-01-08 23:55:31 -------- d-----w- C:\Program Files (x86)\LRTimelapse 3
    .
    ==================== Find3M ====================
    .
    2015-02-06 19:34:21 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-06 19:34:21 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-02-02 22:03:16 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
    2014-12-16 15:53:53 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2008-03-19 21:50:26 97280 ----a-w- C:\Program Files (x86)\Common Files\pcsbClean.exe
    2008-03-07 01:31:44 134656 ----a-w- C:\Program Files (x86)\Common Files\PCSBoff.exe
    .
    ============= FINISH: 14:26:51.57 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  3. Dale Ferrier

    Dale Ferrier TS Rookie Topic Starter

    Ran Roguekiller with the following log.

    Also ran mbar but did not find any root kits.

    -----------------------
    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : dferrier [Administrator]
    Mode : Delete -- Date : 02/07/2015 19:23:04

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 9 ¤¤¤
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4216624398-3978261930-1395381454-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4216624398-3978261930-1395381454-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] c4d441a27258bc95be2bbf548713c1b2
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 212992 | Size: 20000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] c4d441a27258bc95be2bbf548713c1b2
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 212992 | Size: 20000 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]

    +++++ PhysicalDrive1: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive5: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_02072015_192151.log
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  5. Dale Ferrier

    Dale Ferrier TS Rookie Topic Starter

    Ok ran Comcofix:

    ComboFix 15-02-08.01 - dferrier 02/08/2015 18:50:46.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8086.5328 [GMT -6:00]
    Running from: c:\users\dferrier\Desktop\ComboFix.exe
    .
    ADS - Windows: deleted 256 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\50COauPonns
    c:\program files (x86)\50COauPonns\TzroCyYMSyMeeI.dat
    c:\program files (x86)\50COauPonns\TzroCyYMSyMeeI.dll
    c:\program files (x86)\50COauPonns\TzroCyYMSyMeeI.tlb
    c:\program files (x86)\50COauPonns\TzroCyYMSyMeeI.x64.dll
    c:\program files (x86)\GirreatSavee4U
    c:\program files (x86)\GirreatSavee4U\bsFElqYSiFdRkK.dat
    c:\program files (x86)\GirreatSavee4U\bsFElqYSiFdRkK.dll
    c:\program files (x86)\GirreatSavee4U\bsFElqYSiFdRkK.tlb
    c:\program files (x86)\GirreatSavee4U\bsFElqYSiFdRkK.x64.dll
    c:\programdata\81154615f828cc82
    c:\programdata\81154615f828cc82\{317D8BB4-16C3-CFBD-3777-AED69667DA46}.20150116202016
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150116201506
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127145823
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127145840
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127145855
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127145935
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127145940
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127145942
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127145944
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127145946
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127150010
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127150025
    c:\programdata\81154615f828cc82\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}.20150127215352
    c:\programdata\81154615f828cc82\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}.20150116202013
    c:\programdata\81154615f828cc82\{B138259A-351E-33FA-2726-8D71704F1DA9}.20150116204701
    c:\programdata\81154615f828cc82\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}.20150116201417
    c:\programdata\81154615f828cc82\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}.20150116204659
    c:\programdata\81154615f828cc82\{F1422DAA-0829-09A1-7536-73936CAB8FFA}.20150127145908
    c:\programdata\81154615f828cc82\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}.20150127145912
    c:\programdata\81154615f828cc82\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}.20150127145926
    c:\programdata\81154615f828cc82\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}.20150127145928
    c:\programdata\81154615f828cc82\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}.20150127145932
    c:\programdata\81154615f828cc82\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}.20150127150012
    c:\programdata\81154615f828cc82\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}.20150127150028
    c:\programdata\81154615f828cc82\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}.20150127215403
    c:\programdata\81154615f828cc82\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}.20150127215430
    c:\programdata\81154615f828cc82\07870b539a388c2b1c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\23a9763700316e4a1c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\2a0b23fa8d6e74d41c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\465f8e59c1c2d7741c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\48b7d16c1455ab251c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\4ab07dd0adbafc361c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\508d37f1a64d63af1c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\60b6132765a7b0ab1c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\62dd3921369ec2f61c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\769e86b727e42adb1c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\8c84dcdc46445dd61c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\a7739f6d0875f7b01c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\a99a93cd45c8f6c11c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\c639ec01ae8d99a91c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\f392fc60cfeefae41c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\f6f6eb7fa6ec98571c18fdcdafb18a32.ini
    c:\programdata\81154615f828cc82\ff9a431c660967481c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418
    c:\programdata\9301417665575308418\0f839359446eec4c1c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418\2a0b23fa8d6e74d41c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418\465f8e59c1c2d7741c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418\60b6132765a7b0ab1c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418\8452e691c1478e9a1c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418\8c84dcdc46445dd61c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418\a4972f3d267d78571c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418\c639ec01ae8d99a91c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418\cd5b15e575e1c3d01c18fdcdafb18a32.ini
    c:\programdata\9301417665575308418\f392fc60cfeefae41c18fdcdafb18a32.ini
    c:\programdata\Roaming
    c:\users\dferrier\AppData\Local\assembly\tmp
    c:\users\dferrier\Documents\CybBC8B.tmp
    c:\users\dferrier\GoToAssistDownloadHelper.exe
    c:\users\dferrier\libaacs.dll
    c:\windows\DellClick2Fix+_DownloadManager-0.bin
    c:\windows\msdownld.tmp
    M:\Autorun.inf
    M:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-01-09 to 2015-02-09 )))))))))))))))))))))))))))))))
    .
    .
    2015-02-09 01:02 . 2015-02-09 01:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2015-02-09 01:02 . 2015-02-09 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-02-09 00:48 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8308F75B-40DA-46C7-AF51-9797CEB3A92C}\mpengine.dll
    2015-02-08 03:11 . 2015-02-08 03:11 -------- d-----w- c:\programdata\ALM
    2015-02-08 03:03 . 2015-02-08 03:03 -------- d-----w- C:\adobeTemp
    2015-02-08 01:29 . 2015-02-08 01:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-02-08 01:17 . 2015-02-08 01:17 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-02-08 01:17 . 2015-02-08 01:17 -------- d-----w- c:\programdata\RogueKiller
    2015-02-07 20:43 . 2015-02-07 21:00 -------- d-----w- c:\programdata\Nalpeiron
    2015-02-07 20:43 . 2015-02-07 20:43 -------- d-----w- c:\program files (x86)\Athentech
    2015-02-07 20:36 . 2014-09-16 22:13 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C9DAF01-82AE-413D-8E56-D0BC511F3E4B}\gapaengine.dll
    2015-02-07 20:29 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-02-07 19:31 . 2015-02-07 19:32 -------- d-----w- c:\program files (x86)\NickelBlock
    2015-02-07 19:31 . 2015-02-07 19:32 -------- d-----w- c:\program files (x86)\GRaeatSaavE4U
    2015-02-05 18:24 . 2015-02-07 21:00 -------- d-----w- c:\users\dferrier\AppData\Roaming\Athentech
    2015-02-05 18:24 . 2015-02-07 20:43 -------- d-----w- c:\program files\Athentech
    2015-02-03 22:22 . 2015-02-03 22:22 -------- d-----w- c:\users\dferrier\AppData\Local\LibRaw LLC
    2015-02-03 22:22 . 2015-02-03 22:22 -------- d-----w- c:\program files\LibRaw
    2015-01-31 23:43 . 2015-01-31 23:43 -------- d-----w- c:\programdata\McAfee Security Scan
    2015-01-31 23:43 . 2015-01-31 23:43 -------- d-----w- c:\program files\McAfee Security Scan
    2015-01-31 12:22 . 2015-01-31 12:22 -------- d-----w- c:\program files (x86)\DiScounttExitEnsii
    2015-01-31 12:22 . 2015-01-31 12:22 -------- d-----w- c:\program files (x86)\NBA Live News
    2015-01-17 02:53 . 2015-01-17 02:53 -------- d-----w- c:\users\dferrier\AppData\Roaming\Avg_Update_1014av
    2015-01-17 02:53 . 2015-01-17 02:53 -------- d-----w- c:\programdata\Avg_Update_1014av
    2015-01-17 02:49 . 2015-01-17 02:49 -------- d-----w- c:\users\dferrier\AppData\Roaming\TuneUp Software
    2015-01-17 02:43 . 2015-01-17 02:43 -------- d--h--w- c:\programdata\Common Files
    2015-01-17 02:43 . 2015-01-18 03:16 -------- d-----w- c:\programdata\MFAData
    2015-01-17 02:43 . 2015-01-17 02:43 -------- d-----w- c:\users\dferrier\AppData\Local\MFAData
    2015-01-17 02:35 . 2015-01-17 23:01 -------- d-----w- c:\programdata\DiSCCountExtaensi
    2015-01-17 02:29 . 2015-02-08 01:29 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-17 02:28 . 2015-02-08 01:28 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-17 02:28 . 2015-01-17 02:29 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-01-17 02:28 . 2015-01-17 02:28 -------- d-----w- c:\programdata\Malwarebytes
    2015-01-17 02:28 . 2014-11-21 12:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-01-17 02:28 . 2014-11-21 12:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-01-17 02:20 . 2015-01-17 02:20 -------- d-----w- c:\program files (x86)\NNetoCoouupon
    2015-01-17 02:20 . 2015-01-17 02:20 -------- d-----w- c:\program files (x86)\RAnDommPRice
    2015-01-17 02:15 . 2015-01-17 02:15 -------- d-----w- c:\program files (x86)\RelayAppend
    2015-01-16 12:14 . 2015-01-17 23:00 -------- d-----w- c:\programdata\EaxsttraSSaviings
    2015-01-15 14:40 . 2011-02-18 04:47 82112 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2015-01-15 14:40 . 2011-02-18 04:47 202560 ----a-w- c:\windows\system32\drivers\ssudserd.sys
    2015-01-15 14:40 . 2011-02-18 04:47 202560 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2015-01-14 04:16 . 2015-01-17 23:00 -------- d-----w- c:\programdata\RAnDommPRice
    2015-01-12 03:35 . 2015-01-12 03:35 -------- d-----w- c:\users\dferrier\AppData\Roaming\chc
    2015-01-12 03:21 . 2015-01-12 03:21 -------- d-----w- c:\program files\PhotomatixPro5
    2015-01-11 02:11 . 2015-01-30 01:12 -------- d-----w- c:\users\dferrier\AppData\Roaming\DslrDashboard
    2015-01-11 02:06 . 2015-01-11 02:10 -------- d-----w- c:\program files (x86)\qdslrdashboard windows
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-06 19:34 . 2012-05-04 23:30 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-06 19:34 . 2011-12-30 07:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-02 22:03 . 2014-09-19 20:28 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
    2014-12-16 15:53 . 2014-12-16 15:53 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2008-03-19 21:50 . 2012-02-05 21:52 97280 ----a-w- c:\program files (x86)\Common Files\pcsbClean.exe
    2008-03-07 01:31 . 2012-02-05 21:52 134656 ----a-w- c:\program files (x86)\Common Files\PCSBoff.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
    "tlbHost"="c:\program files\TrueLaunchBar\tlbHost.exe" [2011-07-09 536440]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-08-07 688984]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.10.106\SSScheduler.exe [2014-11-4 332016]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableUIPI"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
    R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
    R2 bdfree;bdfree;c:\program files (x86)\BDFree\driver\bdfree_win7_x64.sys;c:\program files (x86)\BDFree\driver\bdfree_win7_x64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
    R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys;c:\windows\SYSNATIVE\DRIVERS\azvusb.sys [x]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
    R3 colormunki;colormunki;c:\windows\system32\Drivers\colormunki_x64.sys;c:\windows\SYSNATIVE\Drivers\colormunki_x64.sys [x]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
    R3 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
    R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
    R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    R3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
    R3 PCTV340_801;YUAN based TV tuner device;c:\windows\system32\Drivers\dvb7700all.sys;c:\windows\SYSNATIVE\Drivers\dvb7700all.sys [x]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
    R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
    R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
    R4 CLKMSVC10_38F51D56;CyberLink Product - 2014/07/07 21:56;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
    R4 ColorMunkiService;X-Rite Device ColorMunki;c:\program files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe;c:\program files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [x]
    R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    R4 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
    R4 xritedeviced;X-Rite Device Manager;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
    S2 8805f137;RelayAppend;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
    S2 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.10.106\McCHSvc.exe;c:\program files\McAfee Security Scan\3.10.106\McCHSvc.exe [x]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
    S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
    S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cykbfltr.sys [x]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
    S3 necbatt;Battery Filter Driver;c:\windows\system32\DRIVERS\necbatt.sys;c:\windows\SYSNATIVE\DRIVERS\necbatt.sys [x]
    S3 Nececfilter;ACPI-Compliant Embedded Controller;c:\windows\system32\DRIVERS\nececfil.sys;c:\windows\SYSNATIVE\DRIVERS\nececfil.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 ST_Accel;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
    S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 19:34]
    .
    2015-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11 16:34]
    .
    2015-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11 16:34]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
    "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-06-25 4802864]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-11-05 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-11-05 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-11-05 416024]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\bzysztwx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchoholic.info/?pid=21858&r=2015/01/02&hid=2024647092360809010&lg=EN&cc=US&unqvl=72&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{5426d494-2d8f-4c5a-98fd-8abc2fc2240d} - c:\program files (x86)\50COauPonns\TzroCyYMSyMeeI.dll
    BHO-{c26a5ded-a57b-43e1-be18-ad1c8361efe0} - c:\program files (x86)\GirreatSavee4U\bsFElqYSiFdRkK.dll
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-Reasonable NoClone - (no file)
    Wow6432Node-HKCU-Run-DellSystemDetect - c:\users\dferrier\AppData\Local\Apps\2.0\ZBE7YDQA.QX6\7XWJHBBW.Q1N\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKU-Default-Run-Reasonable NoClone - c:\program files (x86)\Reasonable NoClone 2011 Enterprise\NoClone.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    BHO-{5426d494-2d8f-4c5a-98fd-8abc2fc2240d} - c:\program files (x86)\50COauPonns\TzroCyYMSyMeeI.x64.dll
    BHO-{c26a5ded-a57b-43e1-be18-ad1c8361efe0} - c:\program files (x86)\GirreatSavee4U\bsFElqYSiFdRkK.x64.dll
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-dBpoweramp DirectShow Decoder - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBPowerAMP Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
    AddRemove-DDC Driver_is1 - c:\program files (x86)\My Program\unins000.exe
    .
    .
    "ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
    [\]^_X\01G\00\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~\00\00\00\00\00\00\00\00²\00\00\00\00\00\00\00\00‘’“"
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,b4,b5,50,13,31,06,42,b3,5e,a8,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,b4,b5,50,13,31,06,42,b3,5e,a8,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\system32\hasplms.exe
    c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2015-02-08 19:12:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-02-09 01:12
    .
    Pre-Run: 35,381,284,864 bytes free
    Post-Run: 35,274,149,888 bytes free
    .
    - - End Of File - - C1B96A8F0CC4740719C00C43DB866F35
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  7. Dale Ferrier

    Dale Ferrier TS Rookie Topic Starter

    ADWCleaner:

    # AdwCleaner v4.110 - Logfile created 08/02/2015 at 21:40:30
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-08.1 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : dferrier - LT2
    # Running from : C:\Users\dferrier\Desktop\adwcleaner_4.110.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\SecTaskMan
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\ProgramData\DiSCCountExtaensi
    Folder Deleted : C:\ProgramData\EaxsttraSSaviings
    Folder Deleted : C:\ProgramData\GreoatSuavoe4U
    Folder Deleted : C:\ProgramData\NNetoCoouupon
    Folder Deleted : C:\ProgramData\RAnDommPRice
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\NNetoCoouupon
    Folder Deleted : C:\Program Files (x86)\RAnDommPRice
    Folder Deleted : C:\Program Files (x86)\DiScounttExitEnsii
    Folder Deleted : C:\Program Files (x86)\GRaeatSaavE4U
    Folder Deleted : C:\Program Files (x86)\uniseales
    Folder Deleted : C:\Users\dferrier\AppData\Local\Conduit
    Folder Deleted : C:\Users\dferrier\AppData\Local\jZip
    Folder Deleted : C:\Users\dferrier\AppData\Local\CrashRpt
    Folder Deleted : C:\Users\dferrier\AppData\LocalLow\Conduit

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iijmpjamifmplbakhgikofogdfackici
    Key Deleted : HKLM\SOFTWARE\Classes\P24b6304e_54de_4a2d_9732_498107772ea9_.P24b6304e_54de_4a2d_9732_498107772ea9_
    Key Deleted : HKLM\SOFTWARE\Classes\P24b6304e_54de_4a2d_9732_498107772ea9_.P24b6304e_54de_4a2d_9732_498107772ea9_.9
    Key Deleted : HKLM\SOFTWARE\Classes\P2ffc702a_b655_41b4_ab55_dfaac7c6e60e_.P2ffc702a_b655_41b4_ab55_dfaac7c6e60e_
    Key Deleted : HKLM\SOFTWARE\Classes\P2ffc702a_b655_41b4_ab55_dfaac7c6e60e_.P2ffc702a_b655_41b4_ab55_dfaac7c6e60e_.9
    Key Deleted : HKLM\SOFTWARE\Classes\P49e3fa26_266d_403f_acc1_b1a16d148d0f_.P49e3fa26_266d_403f_acc1_b1a16d148d0f_
    Key Deleted : HKLM\SOFTWARE\Classes\P49e3fa26_266d_403f_acc1_b1a16d148d0f_.P49e3fa26_266d_403f_acc1_b1a16d148d0f_.9
    Key Deleted : HKLM\SOFTWARE\Classes\P5426d494_2d8f_4c5a_98fd_8abc2fc2240d_.P5426d494_2d8f_4c5a_98fd_8abc2fc2240d_
    Key Deleted : HKLM\SOFTWARE\Classes\P5426d494_2d8f_4c5a_98fd_8abc2fc2240d_.P5426d494_2d8f_4c5a_98fd_8abc2fc2240d_.9
    Key Deleted : HKLM\SOFTWARE\Classes\P6ab3fd68_b39b_4955_9859_2c5712912de6_.P6ab3fd68_b39b_4955_9859_2c5712912de6_
    Key Deleted : HKLM\SOFTWARE\Classes\P6ab3fd68_b39b_4955_9859_2c5712912de6_.P6ab3fd68_b39b_4955_9859_2c5712912de6_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pc26a5ded_a57b_43e1_be18_ad1c8361efe0_.Pc26a5ded_a57b_43e1_be18_ad1c8361efe0_
    Key Deleted : HKLM\SOFTWARE\Classes\Pc26a5ded_a57b_43e1_be18_ad1c8361efe0_.Pc26a5ded_a57b_43e1_be18_ad1c8361efe0_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pd908db46_9828_4151_afbb_303dfcb5d478_.Pd908db46_9828_4151_afbb_303dfcb5d478_
    Key Deleted : HKLM\SOFTWARE\Classes\Pd908db46_9828_4151_afbb_303dfcb5d478_.Pd908db46_9828_4151_afbb_303dfcb5d478_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pe7d264ef_0e67_40b3_8ba9_95458d50f8b5_.Pe7d264ef_0e67_40b3_8ba9_95458d50f8b5_
    Key Deleted : HKLM\SOFTWARE\Classes\Pe7d264ef_0e67_40b3_8ba9_95458d50f8b5_.Pe7d264ef_0e67_40b3_8ba9_95458d50f8b5_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pfe24c467_6362_4c39_b525_c0670a4c1feb_.Pfe24c467_6362_4c39_b525_c0670a4c1feb_
    Key Deleted : HKLM\SOFTWARE\Classes\Pfe24c467_6362_4c39_b525_c0670a4c1feb_.Pfe24c467_6362_4c39_b525_c0670a4c1feb_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24b6304e-54de-4a2d-9732-498107772ea9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2ffc702a-b655-41b4-ab55-dfaac7c6e60e}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{49e3fa26-266d-403f-acc1-b1a16d148d0f}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5426d494-2d8f-4c5a-98fd-8abc2fc2240d}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6ab3fd68-b39b-4955-9859-2c5712912de6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c26a5ded-a57b-43e1-be18-ad1c8361efe0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d908db46-9828-4151-afbb-303dfcb5d478}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e7d264ef-0e67-40b3-8ba9-95458d50f8b5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{fe24c467-6362-4c39-b525-c0670a4c1feb}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5426d494-2d8f-4c5a-98fd-8abc2fc2240d}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c26a5ded-a57b-43e1-be18-ad1c8361efe0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24b6304e-54de-4a2d-9732-498107772ea9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2ffc702a-b655-41b4-ab55-dfaac7c6e60e}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{49e3fa26-266d-403f-acc1-b1a16d148d0f}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5426d494-2d8f-4c5a-98fd-8abc2fc2240d}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6ab3fd68-b39b-4955-9859-2c5712912de6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c26a5ded-a57b-43e1-be18-ad1c8361efe0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d908db46-9828-4151-afbb-303dfcb5d478}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e7d264ef-0e67-40b3-8ba9-95458d50f8b5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fe24c467-6362-4c39-b525-c0670a4c1feb}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{24b6304e-54de-4a2d-9732-498107772ea9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2ffc702a-b655-41b4-ab55-dfaac7c6e60e}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{49e3fa26-266d-403f-acc1-b1a16d148d0f}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6ab3fd68-b39b-4955-9859-2c5712912de6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{d908db46-9828-4151-afbb-303dfcb5d478}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{e7d264ef-0e67-40b3-8ba9-95458d50f8b5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{fe24c467-6362-4c39-b525-c0670a4c1feb}
    Key Deleted : HKCU\Software\jZip
    Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)

    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchoholic.info/?pid=21858&r=2015/01/02&hid=2024647092360809010&lg=EN&cc=US&unqvl=72&l=1&q=");
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("extensions.5jswsJDRFuIh61vq.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rTaGqdg9qHa4rTr7rdYEpjaFra\")>-1url.indexOf(\"acebook\")>-1[...]
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("extensions.6XiUvDC26vAbtBln.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("extensions.ID393GqnUexQA2Vh.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("extensions.WIIY8KRpia4EhoZj.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("extensions.WIIY8KRpia4EhoZj.url", "hxxp://sunnyspytaxs.us/sync2/?q=hfZ9ofqUrHsMCyVUojsFpdk5tMqLDe49CNU0llrMCMlNhd9FqjaFrjnEqda5qdnMBzqUojw8rdwFqda9rjCEqih7hfs0pihPBMn0qdY9rdCFqdn4rHs8rTU8rH[...]
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("extensions.cegm8lusUvqrfOV2.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("extensions.jMsLu8SbxUeCZZ7p.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("extensions.tISt3OmCksxvN5Mc.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [bzysztwx.default\prefs.js] - Line Deleted : user_pref("extensions.zf16L2nWxAfqRFYK.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [11536 bytes] - [08/02/2015 21:27:09]
    AdwCleaner[S0].txt - [11513 bytes] - [08/02/2015 21:40:30]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11573 bytes] ##########

    FRT:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Ultimate x64
    Ran by dferrier on Sun 02/08/2015 at 21:46:23.50
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ammyy"
    Successfully deleted: [Folder] "C:\ProgramData\pcdr"
    Successfully deleted: [Folder] "C:\Users\dferrier\AppData\Roaming\pcdr"
    Successfully deleted: [Folder] "C:\Users\dferrier\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\dferrier\appdata\locallow\pcdr"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Emptied folder: C:\Users\dferrier\AppData\Roaming\mozilla\firefox\profiles\bzysztwx.default\minidumps [114 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/08/2015 at 21:49:01.32
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. Dale Ferrier

    Dale Ferrier TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
    Ran by dferrier (administrator) on LT2 on 08-02-2015 21:50:34
    Running from C:\Users\dferrier\Desktop
    Loaded Profiles: dferrier & UpdatusUser (Available profiles: dferrier & UpdatusUser)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (SafeNet Inc.) C:\Windows\System32\hasplms.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.10.106\McCHSvc.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
    (PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
    HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4802864 2012-06-25] (Intel(R) Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
    HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\...\Run: [tlbHost] => C:\Program Files\TrueLaunchBar\tlbHost.exe [536440 2011-07-09] (Tordex)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {AEB95F29-2B35-4AD8-BA17-7A8CFA3C36F3} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {AEB95F29-2B35-4AD8-BA17-7A8CFA3C36F3} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4216624398-3978261930-1395381454-1001 -> {AEB95F29-2B35-4AD8-BA17-7A8CFA3C36F3} URL =
    SearchScopes: HKU\S-1-5-21-4216624398-3978261930-1395381454-1011 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-4216624398-3978261930-1395381454-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\bzysztwx.default
    FF DefaultSearchEngine: Google
    FF Homepage: https://www.google.com/?gws_rd=ssl
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
    FF Plugin HKU\S-1-5-21-4216624398-3978261930-1395381454-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
    FF Extension: Garmin Communicator - C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\bzysztwx.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-12-29]
    FF Extension: DownThemAll! - C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\bzysztwx.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-13]
    FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
    FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-07-12]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-07]
    FF HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-10-27]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 8805f137; c:\Program Files (x86)\RelayAppend\RelayAppend.dll [2354688 2015-01-16] () [File not signed]
    S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
    S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)
    S4 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.) [File not signed]
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-12-30] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-30] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
    S3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
    R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 McComponentHostService; C:\Program Files\McAfee Security Scan\3.10.106\McCHSvc.exe [289256 2014-11-04] (McAfee, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
    R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-07-09] (PACE Anti-Piracy, Inc.) [File not signed]
    S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
    S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-12-30] (Creative Labs) [File not signed]
    R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
    S4 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.) [File not signed]
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
    S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2014-09-19] (Advanced Micro Devices, Inc.)
    S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
    R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-09-19] (Motorola Solutions, Inc.)
    R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-09-19] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1419576 2014-09-19] (Motorola Solutions, Inc.)
    R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [84008 2014-09-19] (Broadcom Corporation.)
    S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
    S2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [7140 2003-07-29] ()
    R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [19968 2014-09-19] (Cypress Semiconductor, Inc.)
    R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
    S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [36256 2009-11-13] (Google Inc)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [File not signed]
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [32256 2009-07-07] (http://libusb-win32.sourceforge.net)
    S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [946176 2010-03-10] (DiBcom) [File not signed]
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
    R3 necbatt; C:\Windows\System32\DRIVERS\necbatt.sys [11776 2014-09-19] (NEC Corporation, NEC Personal Products, Ltd.)
    R3 Nececfilter; C:\Windows\System32\DRIVERS\nececfil.sys [13312 2014-09-19] (NEC Corporation, NEC Personal Products, Ltd.)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
    R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [298184 2014-11-05] (NVIDIA Corporation)
    S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
    S3 PCTV340_801; C:\Windows\System32\Drivers\dvb7700all.sys [946176 2010-03-10] (DiBcom) [File not signed]
    R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
    S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [15360 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
    S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-09] (Duplex Secure Ltd.)
    S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
    R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [87776 2014-09-19] (STMicroelectronics)
    R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [121424 2010-10-14] (High Criteria inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-07] ()
    U3 agof5cax; C:\Windows\System32\Drivers\agof5cax.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
    S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
    S2 bdfree; \??\C:\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys [X]
    S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 motccgp; system32\DRIVERS\motccgp.sys [X]
    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
    S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
    S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    S4 NVHDA; system32\drivers\nvhda64v.sys [X]
    S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
    S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 21:50 - 2015-02-08 21:51 - 00022843 _____ () C:\Users\dferrier\Desktop\FRST.txt
    2015-02-08 21:50 - 2015-02-08 21:50 - 00000000 ____D () C:\FRST
    2015-02-08 21:49 - 2015-02-08 21:49 - 00001164 _____ () C:\Users\dferrier\Desktop\JRT.txt
    2015-02-08 21:44 - 2015-02-08 21:44 - 00011686 _____ () C:\Users\dferrier\Desktop\AdwCleaner[S0].txt
    2015-02-08 21:27 - 2015-02-08 21:40 - 00000000 ____D () C:\AdwCleaner
    2015-02-08 21:24 - 2015-02-08 10:46 - 02132992 _____ (Farbar) C:\Users\dferrier\Desktop\FRST64.exe
    2015-02-08 21:23 - 2015-02-02 12:13 - 01388274 _____ (Thisisu) C:\Users\dferrier\Desktop\JRT.exe
    2015-02-08 21:22 - 2015-02-08 21:22 - 02112512 _____ () C:\Users\dferrier\Desktop\adwcleaner_4.110.exe
    2015-02-08 19:23 - 2015-02-08 19:26 - 00000000 ____D () C:\Users\dferrier\Documents\True Launch Toolbar
    2015-02-08 19:12 - 2015-02-08 19:12 - 00034191 _____ () C:\ComboFix.txt
    2015-02-08 18:48 - 2015-02-08 19:12 - 00000000 ____D () C:\Qoobox
    2015-02-08 18:48 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-02-08 18:48 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-02-08 18:48 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-02-08 18:48 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-02-08 18:48 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-02-08 18:48 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-02-08 18:48 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-02-08 18:48 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-02-08 18:47 - 2015-02-08 19:11 - 00000000 ____D () C:\Windows\erdnt
    2015-02-08 18:38 - 2015-02-08 18:47 - 05609947 ____R (Swearware) C:\Users\dferrier\Desktop\ComboFix.exe
    2015-02-07 21:31 - 2015-02-07 21:31 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-lt2-dferrier
    2015-02-07 21:24 - 2015-02-07 21:24 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    2015-02-07 21:24 - 2015-02-07 21:24 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    2015-02-07 21:24 - 2015-02-07 21:24 - 00002028 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2015-02-07 21:24 - 2015-02-07 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
    2015-02-07 21:11 - 2015-02-07 21:11 - 00000000 ____D () C:\ProgramData\ALM
    2015-02-07 21:03 - 2015-02-07 21:03 - 00000000 ____D () C:\adobeTemp
    2015-02-07 21:02 - 2015-02-07 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design and Web Premium CS6
    2015-02-07 19:31 - 2015-02-07 19:34 - 00000000 ____D () C:\Users\dferrier\Downloads\adobe cs6 design premium
    2015-02-07 19:29 - 2015-02-07 19:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-07 19:28 - 2015-02-07 19:59 - 00000000 ____D () C:\Users\dferrier\Desktop\mbar
    2015-02-07 19:17 - 2015-02-07 19:17 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-07 19:17 - 2015-02-07 19:17 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-07 19:03 - 2015-02-07 20:52 - 00000000 ____D () C:\Users\dferrier\Desktop\Adobe CS6 Design and Web Premium
    2015-02-07 14:44 - 2015-02-07 14:44 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfectly Clear Plugin v2
    2015-02-07 14:43 - 2015-02-07 15:00 - 00000000 ____D () C:\ProgramData\Nalpeiron
    2015-02-07 14:43 - 2015-02-07 14:43 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfectly Clear Plugin LR v2
    2015-02-07 14:43 - 2015-02-07 14:43 - 00000000 ____D () C:\Program Files (x86)\Athentech
    2015-02-07 14:26 - 2015-02-07 14:26 - 00011540 _____ () C:\Users\dferrier\Desktop\dds.txt
    2015-02-07 14:26 - 2015-02-07 14:26 - 00011042 _____ () C:\Users\dferrier\Desktop\attach.txt
    2015-02-07 14:23 - 2015-02-07 19:27 - 00000000 ____D () C:\Users\dferrier\Downloads\malware removal
    2015-02-07 14:21 - 2015-02-07 14:21 - 00001419 _____ () C:\Users\dferrier\Desktop\my_scan_150207.txt
    2015-02-07 14:15 - 2015-02-07 14:31 - 00000000 ____D () C:\Users\dferrier\Downloads\perfectly clear plugins
    2015-02-07 13:31 - 2015-02-07 13:32 - 00000000 ____D () C:\Program Files (x86)\NickelBlock
    2015-02-06 13:34 - 2015-02-08 21:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-06 13:34 - 2015-02-06 13:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-05 12:24 - 2015-02-07 15:00 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\Athentech
    2015-02-05 12:24 - 2015-02-07 14:43 - 00000000 ____D () C:\Program Files\Athentech
    2015-02-05 12:24 - 2015-02-05 12:24 - 00000998 _____ () C:\Users\UpdatusUser\Desktop\Perfectly Clear Desktop (64 bit).lnk
    2015-02-05 12:24 - 2015-02-05 12:24 - 00000998 _____ () C:\Users\dferrier\Desktop\Perfectly Clear Desktop (64 bit).lnk
    2015-02-05 12:17 - 2015-02-05 12:24 - 00000000 ____D () C:\Users\dferrier\Downloads\Perfectly Clear beta
    2015-02-03 16:22 - 2015-02-03 16:22 - 00000984 _____ () C:\Users\dferrier\Desktop\FastRawViewer Manual.lnk
    2015-02-03 16:22 - 2015-02-03 16:22 - 00000949 _____ () C:\Users\Public\Desktop\FastRawViewer.lnk
    2015-02-03 16:22 - 2015-02-03 16:22 - 00000000 ____D () C:\Users\dferrier\AppData\Local\LibRaw LLC
    2015-02-03 16:22 - 2015-02-03 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibRaw
    2015-02-03 16:22 - 2015-02-03 16:22 - 00000000 ____D () C:\Program Files\LibRaw
    2015-02-03 16:13 - 2015-02-03 16:22 - 00000000 ____D () C:\Users\dferrier\Downloads\fastrawviewer
    2015-01-31 17:43 - 2015-01-31 17:43 - 00001938 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2015-01-31 17:43 - 2015-01-31 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2015-01-31 17:43 - 2015-01-31 17:43 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
    2015-01-31 17:43 - 2015-01-31 17:43 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2015-01-31 06:22 - 2015-01-31 06:22 - 00000000 ____D () C:\Program Files (x86)\NBA Live News
    2015-01-30 20:25 - 2015-02-08 21:42 - 00000426 _____ () C:\Windows\setupact.log
    2015-01-30 20:25 - 2015-01-30 20:25 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-27 21:56 - 2015-01-27 21:56 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-27 21:56 - 2015-01-27 21:56 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-01-27 21:56 - 2015-01-27 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-20 18:40 - 2015-01-31 17:41 - 00000000 ____D () C:\Users\dferrier\Downloads\New folder
    2015-01-20 15:03 - 2015-01-20 15:03 - 00003094 _____ () C:\Windows\System32\Tasks\{654FE19B-1DC7-40A5-B10C-A13DD9E6FE0A}
    2015-01-20 09:36 - 2015-01-20 09:36 - 00000712 _____ () C:\Users\dferrier\Documents\2015-01-20_Ferrier_Dale_private.lic
    2015-01-16 20:53 - 2015-01-16 20:53 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\Avg_Update_1014av
    2015-01-16 20:53 - 2015-01-16 20:53 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
    2015-01-16 20:49 - 2015-01-16 20:49 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\TuneUp Software
    2015-01-16 20:43 - 2015-01-17 21:16 - 00000000 ____D () C:\ProgramData\MFAData
    2015-01-16 20:43 - 2015-01-16 20:43 - 00000000 ____D () C:\Users\dferrier\AppData\Local\MFAData
    2015-01-16 20:42 - 2015-01-16 20:42 - 00000000 ____D () C:\Users\dferrier\Downloads\avg
    2015-01-16 20:29 - 2015-02-07 19:29 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-16 20:29 - 2015-01-16 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-16 20:28 - 2015-02-07 19:28 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-16 20:28 - 2015-01-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-16 20:28 - 2015-01-16 20:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-16 20:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-16 20:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-16 20:27 - 2015-01-16 20:27 - 00000000 ____D () C:\Users\dferrier\Downloads\malware
    2015-01-16 20:15 - 2015-01-16 20:15 - 00000000 ____D () C:\Program Files (x86)\RelayAppend
    2015-01-16 20:05 - 2015-01-16 20:06 - 00000000 ____D () C:\Users\dferrier\Documents\anime list
    2015-01-15 21:24 - 2015-01-17 18:03 - 00000000 ____D () C:\Users\dferrier\Documents\Stocks
    2015-01-15 17:15 - 2015-01-18 19:40 - 00000792 _____ () C:\Windows\SysWOW64\PRDMOWrapper.log
    2015-01-15 08:48 - 2015-01-15 08:48 - 00000000 _____ () C:\Users\dferrier\Desktop\New Text Document.txt
    2015-01-15 08:40 - 2011-02-17 22:47 - 00202560 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudserd.sys
    2015-01-15 08:40 - 2011-02-17 22:47 - 00202560 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
    2015-01-15 08:40 - 2011-02-17 22:47 - 00082112 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
    2015-01-15 08:36 - 2015-01-15 08:36 - 00000000 ____D () C:\Users\dferrier\Desktop\File pack for Sprint Note 2
    2015-01-15 07:53 - 2015-01-15 09:40 - 00000000 ____D () C:\Users\dferrier\Downloads\note 2 filepack
    2015-01-12 12:12 - 2015-01-30 08:50 - 00000000 ____D () C:\Users\dferrier\Documents\LRTimelapse
    2015-01-11 21:35 - 2015-01-11 21:35 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\chc
    2015-01-11 21:28 - 2015-02-08 19:44 - 00000141 _____ () C:\Users\dferrier\Documents\LRTExport.log
    2015-01-11 21:21 - 2015-01-11 21:21 - 00001743 _____ () C:\Users\dferrier\Desktop\Photomatix Pro 5.0.5a (64-bit).lnk
    2015-01-11 21:21 - 2015-01-11 21:21 - 00000000 ____D () C:\Users\dferrier\Downloads\photomatix pro
    2015-01-11 21:21 - 2015-01-11 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 5.0
    2015-01-11 21:21 - 2015-01-11 21:21 - 00000000 ____D () C:\Program Files\PhotomatixPro5
    2015-01-11 13:18 - 2015-01-11 13:21 - 00000000 ____D () C:\Users\dferrier\Downloads\d300 firmware update
    2015-01-10 20:11 - 2015-01-29 19:12 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\DslrDashboard
    2015-01-10 20:06 - 2015-01-10 20:10 - 00000000 ____D () C:\Program Files (x86)\qdslrdashboard windows
    2015-01-10 13:39 - 2015-01-17 19:43 - 00000000 ____D () C:\Users\dferrier\Downloads\ammyy

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 21:50 - 2009-07-13 22:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-08 21:50 - 2009-07-13 22:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-08 21:49 - 2009-07-13 23:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-08 21:48 - 2013-03-25 19:50 - 00000000 ____D () C:\Users\dferrier\Documents\email
    2015-02-08 21:46 - 2014-04-04 17:09 - 00000000 ____D () C:\Users\dferrier\AppData\Local\CrashDumps
    2015-02-08 21:46 - 2011-12-30 03:38 - 01337223 _____ () C:\Windows\WindowsUpdate.log
    2015-02-08 21:42 - 2013-11-11 10:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-08 21:42 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-08 21:39 - 2013-11-11 10:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-08 19:44 - 2012-05-06 13:48 - 00019792 _____ () C:\Users\dferrier\Documents\PerfectEffectsConduit.log
    2015-02-08 19:44 - 2012-05-06 13:48 - 00015297 _____ () C:\Users\dferrier\Documents\PerfectPortraitConduit.log
    2015-02-08 19:44 - 2012-05-06 13:48 - 00015173 _____ () C:\Users\dferrier\Documents\PerfectLayersConduit.log
    2015-02-08 19:44 - 2012-05-06 13:48 - 00005867 _____ () C:\Users\dferrier\Documents\PhotoFrameConduit.log
    2015-02-08 19:44 - 2012-05-06 13:48 - 00005718 _____ () C:\Users\dferrier\Documents\GenuineFractalsConduit.log
    2015-02-08 19:44 - 2012-05-06 13:48 - 00005619 _____ () C:\Users\dferrier\Documents\FocalPointConduit.log
    2015-02-08 19:29 - 2012-01-06 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Launch Bar
    2015-02-08 19:29 - 2012-01-06 22:46 - 00000000 ____D () C:\Program Files\TrueLaunchBar
    2015-02-08 19:12 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
    2015-02-08 19:06 - 2009-07-13 22:45 - 05517472 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-08 19:06 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
    2015-02-08 19:04 - 2010-11-20 21:47 - 00520526 _____ () C:\Windows\PFRO.log
    2015-02-08 19:02 - 2012-01-06 20:48 - 00000000 ____D () C:\Users\dferrier
    2015-02-08 18:38 - 2012-01-06 21:11 - 00000000 ____D () C:\Users\dferrier\AppData\Local\Adobe
    2015-02-07 21:31 - 2012-03-18 11:35 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
    2015-02-07 21:30 - 2012-01-06 20:48 - 00179472 _____ () C:\Users\dferrier\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-02-07 21:17 - 2012-01-06 21:07 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-02-07 21:16 - 2011-12-30 02:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-02-07 21:06 - 2012-01-06 21:07 - 00000000 ____D () C:\Program Files\Adobe
    2015-02-07 21:02 - 2011-12-30 02:21 - 00000000 ____D () C:\ProgramData\Adobe
    2015-02-07 14:17 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\DigitalLocker
    2015-02-07 14:16 - 2014-08-12 10:18 - 00000000 ____D () C:\Users\dferrier\Documents\photography
    2015-02-06 13:34 - 2012-05-04 17:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-06 13:34 - 2011-12-30 01:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-06 13:33 - 2014-12-27 13:24 - 00000000 ____D () C:\Users\dferrier\Downloads\flash
    2015-02-06 12:55 - 2014-05-27 08:05 - 00016384 _____ () C:\Users\dferrier\Documents\Joebob.xlsx
    2015-02-05 13:37 - 2012-02-09 16:24 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\vlc
    2015-02-02 16:03 - 2014-09-19 14:28 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2015-02-02 16:03 - 2014-09-19 14:28 - 00003100 _____ () C:\Windows\LkmdfCoInst.log
    2015-01-29 15:34 - 2013-11-28 11:49 - 00000000 ____D () C:\Program Files (x86)\Ultra Fractal 5
    2015-01-29 15:29 - 2013-09-13 12:09 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-01-29 15:24 - 2012-01-12 16:32 - 00000000 ____D () C:\Windows\Minidump
    2015-01-29 15:09 - 2012-09-07 19:45 - 00000120 _____ () C:\Users\dferrier\AppData\Roaming\FixVTS.ini
    2015-01-29 14:40 - 2015-01-08 16:55 - 00000000 ____D () C:\Users\dferrier\Downloads\lrtimelapse
    2015-01-28 21:14 - 2012-03-03 07:08 - 00000000 ____D () C:\Users\dferrier\temp
    2015-01-28 17:18 - 2012-09-05 14:29 - 00000455 _____ () C:\Users\dferrier\AppData\Roaming\__AvidCloudManager.log
    2015-01-28 17:07 - 2012-03-03 06:16 - 00000000 ____D () C:\Users\dferrier\AppData\Local\Avid
    2015-01-28 17:06 - 2012-03-03 06:16 - 00023142 _____ () C:\Users\dferrier\AppData\Roaming\LT2.MTBF.txt
    2015-01-28 17:06 - 2012-01-08 01:05 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
    2015-01-27 15:01 - 2009-07-13 23:08 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-25 16:01 - 2015-01-08 18:00 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\LRTimelapse
    2015-01-20 16:52 - 2013-11-29 12:34 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
    2015-01-20 16:49 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-01-20 16:24 - 2013-11-29 12:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2015-01-20 16:22 - 2014-03-21 08:08 - 00000000 ____D () C:\ProgramData\Sony
    2015-01-20 16:20 - 2014-12-11 09:07 - 00000000 ____D () C:\Program Files (x86)\Reasonable NoClone 2014
    2015-01-20 16:19 - 2014-04-06 19:44 - 00000000 ____D () C:\Program Files (x86)\ProgeCAD
    2015-01-20 16:15 - 2014-05-07 22:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
    2015-01-20 15:42 - 2013-11-29 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
    2015-01-20 15:33 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
    2015-01-20 15:25 - 2013-11-29 12:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
    2015-01-20 15:13 - 2014-11-17 13:36 - 00000000 ____D () C:\Program Files (x86)\LOOT
    2015-01-20 15:13 - 2014-10-20 19:52 - 00000000 ____D () C:\Program Files (x86)\ChaosPro 4.0
    2015-01-20 15:12 - 2014-02-17 12:34 - 00000000 ____D () C:\Program Files\Lightworks
    2015-01-20 15:12 - 2012-07-19 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
    2015-01-20 15:11 - 2012-12-21 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2015-01-20 15:11 - 2012-12-21 12:06 - 00000000 ____D () C:\GOG Games
    2015-01-20 15:11 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-20 15:10 - 2014-02-12 20:57 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-20 15:07 - 2014-11-16 20:08 - 00000000 ____D () C:\Users\dferrier\AppData\Local\Black_Tree_Gaming
    2015-01-20 15:07 - 2013-12-22 18:41 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
    2015-01-20 15:06 - 2012-01-08 00:06 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-01-20 15:04 - 2012-01-15 08:04 - 00000000 ____D () C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-01-17 20:33 - 2013-11-11 10:34 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-17 19:44 - 2014-07-24 07:43 - 00000000 ____D () C:\Users\dferrier\Downloads\mediainfo
    2015-01-17 19:43 - 2015-01-01 21:12 - 00000000 ____D () C:\Users\dferrier\Downloads\gimp
    2015-01-16 20:14 - 2014-04-04 12:35 - 00000000 ____D () C:\Fraps

    ==================== Files in the root of some directories =======

    2012-02-05 15:52 - 2008-03-19 15:50 - 0097280 _____ () C:\Program Files (x86)\Common Files\pcsbClean.exe
    2012-02-05 15:52 - 2008-03-06 19:31 - 0134656 _____ () C:\Program Files (x86)\Common Files\PCSBoff.exe
    2012-10-14 23:12 - 2014-10-17 09:36 - 0000132 _____ () C:\Users\dferrier\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2013-05-27 20:38 - 2014-01-11 09:50 - 0000132 _____ () C:\Users\dferrier\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2012-12-18 18:08 - 2012-12-18 18:08 - 0000642 _____ () C:\Users\dferrier\AppData\Roaming\Contact Sheet II.xml
    2012-12-18 18:08 - 2012-12-18 18:08 - 0006094 _____ () C:\Users\dferrier\AppData\Roaming\ContactSheetII.log
    2012-07-14 18:02 - 2012-07-14 18:02 - 0167750 _____ () C:\Users\dferrier\AppData\Roaming\EDLManager_Install.log
    2012-09-07 19:45 - 2015-01-29 15:09 - 0000120 _____ () C:\Users\dferrier\AppData\Roaming\FixVTS.ini
    2012-03-03 06:16 - 2015-01-28 17:06 - 0023142 _____ () C:\Users\dferrier\AppData\Roaming\LT2.MTBF.txt
    2012-06-25 23:02 - 2012-07-17 21:17 - 9895874 _____ () C:\Users\dferrier\AppData\Roaming\MediaComposer_Install.log
    2012-01-11 22:29 - 2012-01-11 22:29 - 0000268 ___RH () C:\Users\dferrier\AppData\Roaming\Tribal Masks
    2012-09-05 14:29 - 2015-01-28 17:18 - 0000455 _____ () C:\Users\dferrier\AppData\Roaming\__AvidCloudManager.log
    2012-09-05 14:29 - 2014-12-11 14:37 - 0000902 _____ () C:\Users\dferrier\AppData\Roaming\__AvidCloudManagerPrevious.log
    2012-01-11 17:22 - 2014-10-10 05:30 - 0034816 _____ () C:\Users\dferrier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-01-26 16:02 - 2014-05-13 12:42 - 0000600 _____ () C:\Users\dferrier\AppData\Local\PUTTY.RND
    2013-12-02 19:52 - 2013-12-02 19:52 - 0009632 _____ () C:\Users\dferrier\AppData\Local\recently-used.xbel
    2012-07-05 11:21 - 2012-07-05 11:21 - 0007609 _____ () C:\Users\dferrier\AppData\Local\Resmon.ResmonCfg
    2013-10-04 17:06 - 2013-10-04 17:06 - 0005079 _____ () C:\ProgramData\aqcazbcx.mca
    2014-07-07 15:42 - 2014-10-24 13:06 - 6696936 _____ (Dell ) C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe
    2014-12-13 19:12 - 2014-12-13 19:12 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2014-12-11 08:47 - 2014-12-11 08:47 - 0000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    2012-01-11 22:28 - 2012-01-16 20:23 - 0000020 ____H () C:\ProgramData\PKP_DLdy.DAT
    2012-01-11 22:29 - 2012-01-11 22:29 - 0000268 ___RH () C:\ProgramData\User Loops
    2013-09-27 16:42 - 2013-09-27 16:42 - 0005086 _____ () C:\ProgramData\zscupymp.kxv
    2012-05-31 14:05 - 2012-08-01 20:40 - 0000340 _____ () C:\ProgramData\__FileUploader.log

    Files to move or delete:
    ====================
    C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe
    C:\Users\dferrier\key_workshop.dat


    Some content of TEMP:
    ====================
    C:\Users\dferrier\AppData\Local\Temp\Quarantine.exe
    C:\Users\dferrier\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-03 12:44

    ==================== End Of Log ============================
     
  9. Dale Ferrier

    Dale Ferrier TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
    Ran by dferrier at 2015-02-08 21:51:48
    Running from C:\Users\dferrier\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\...\uTorrent) (Version: 3.3.2.30260 - BitTorrent Inc.)
    AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
    Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
    Adobe Reader XI (11.0.01) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
    Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - )
    AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - )
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2130567168.1965887226.1638264.2008642005 - Audible, Inc.)
    Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
    Audiograbber MP3 Plugin (64 bit) (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
    BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
    ColorMunki Photo 1.1.1 (HKLM-x32\...\ColorMunki Photo_is1) (Version: - X-Rite)
    CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 6.00.6000 - CompanionLink Software, Inc.)
    Complete Gun Inventory Clerk Pro 7 (HKLM-x32\...\{3CF25F98-338C-4F05-BABE-29F66D13B143}) (Version: 7.0.0.1 - Heavy Metal Software)
    Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.0 - Avid Technology, Inc.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2930.0 - CyberLink Corp.)
    CyberLink PowerDirector 12 (Version: 12.0.2930.0 - CyberLink Corp.) Hidden
    dBpoweramp DirectShow Decoder (HKLM-x32\...\dBpoweramp DirectShow Decoder) (Version: Release 2 - Illustrate)
    dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
    dBPowerAMP Real Audio (Helix) Encoder (HKLM-x32\...\dBPowerAMP Real Audio (Helix) Encoder) (Version: Release 6 - Illustrate)
    DDC Driver 1.5 (HKLM-x32\...\DDC Driver_is1) (Version: - )
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Deponia (HKLM-x32\...\1207659103_is1) (Version: 2.2.0.8 - GOG.com)
    Dillon XL650 (HKLM-x32\...\Dillon XL650_is1) (Version: 2.3 - Gary James (MOA Software))
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
    Driver Fusion Premium (HKLM-x32\...\Steam App 234820) (Version: - Treexy)
    DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
    Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    FastRawViewer x64 1.0.4.530 (HKLM\...\FastRawViewer_is1) (Version: 1.0.4.530 - LibRaw,LLC)
    FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
    Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}) (Version: 1.00.0000 - Red Giant)
    Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
    FLV to MP3 Converter 2.2.2.0 (HKLM-x32\...\FLV to MP3 Converter_is1) (Version: 2.2.2.0 - AbyssMedia.com)
    Font Viewer 2.0 (HKLM-x32\...\Font Viewer_is1) (Version: - Thinking BIG Information Technology Inc.)
    Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Training Center (HKLM-x32\...\{8E6564CE-1738-417C-8178-BBB7651D972B}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
    Garmin Training Center 3.4.3 (HKLM-x32\...\{CEAEEFA6-DEBC-4B16-8F04-84C81440CA32}) (Version: 3.4.3 - Garmin Ltd or its subsidiaries)
    Getting Started with Avid Studio MULTILINGUAL (HKLM-x32\...\COD Training_is1) (Version: - Class On Demand)
    Getting Started with the new Pinnacle Studio MULTILINGUAL (HKLM-x32\...\COD Studio Training_is1) (Version: - Class On Demand)
    GoldWave v5.69 (HKLM-x32\...\GoldWave v5.69) (Version: 5.69 - GoldWave Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
    Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.0 - Avid Technology, Inc.)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Indeo® Software (HKLM-x32\...\Indeo® Software) (Version: - )
    Instant JPEG From RAW (HKLM\...\{F1A7A2B7-21EB-4788-8623-B6037096CD42}) (Version: 1.6.0 - Imagenomic, LLC)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
    Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
    iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    K-Lite Codec Pack 8.9.2 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.9.2 - )
    Knoll Light Factory EZ Studio 15 (HKLM-x32\...\Knoll Light Factory EZ Studio 15) (Version: - )
    Kolor Autopano Pro 2.6 (HKLM\...\AutopanoPro2.6) (Version: V2.6.3 - Kolor)
    License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.)
    License Support (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.) Hidden
    LIMBO (HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\...\Limbo) (Version: - )
    LRTimelapse 3.4.1 (HKLM-x32\...\{7413A137-4748-4073-BD2D-F87716D37D6C}_is1) (Version: 3.4.1 - Gunther Wegner)
    Magic Bullet Looks Studio 15 (HKLM-x32\...\Magic Bullet Looks Studio 15) (Version: - )
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mandelbulber (HKLM-x32\...\35A39AB0-5E9F-4B70-98DA-4B8158C89C4B) (Version: 1.19 - )
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.10.106.1 - McAfee, Inc.)
    MDF to ISO version 1.0 (HKLM-x32\...\{79DDA36F-B19E-4293-A4F2-FA3EC1C06E6E}_is1) (Version: 1.0 - mdftoiso.com)
    MediaInfo 0.7.65 (HKLM\...\MediaInfo) (Version: 0.7.65 - MediaArea.net)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
    Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
    Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    MPC-HC 1.7.6 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
    NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
    NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
    ODIR (HKLM-x32\...\ODIR_is1) (Version: - Vaita)
    PC Study Bible (remove only) (HKLM-x32\...\PC Study Bible) (Version: - )
    PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version: - VeryPDF.com Inc)
    PDF Printer Pro v1.3 (HKLM-x32\...\{459B7058-BD08-4fc5-AC1B-24F0A4FFDEFA}_is1) (Version: - Datagenn Software Ltd)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Perfect Photo Suite 6.1 (HKLM-x32\...\{59679381-3F22-4A40-A7AD-890242D74DF4}) (Version: 6.1 - onOne Software)
    Perfectly Clear LightroomPlugin v2 2.0.0.28 (HKLM-x32\...\Perfectly Clear LightroomPlugin v2) (Version: 2.0.0.28 - Athentech)
    Perfectly Clear Plugin v2 2.0.0.28 (HKLM-x32\...\Perfectly Clear Plugin v2) (Version: 2.0.0.28 - Athentech)
    Photomatix Pro version 5.0.5a (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.5a - HDRsoft Ltd)
    Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
    Pinnacle Studio 15 Ultimate Collection Plugins (HKLM-x32\...\{BC7BED89-618B-4E89-8ADF-75D47F276223}) (Version: 15.0.0.7593 - Pinnacle Systems)
    Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.0.75 - Avid Technology, Inc.)
    Pinnacle Studio 16 - Standard Content Pack (HKLM-x32\...\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}) (Version: 16.0.0 - Avid Technology, Inc.)
    Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation)
    Pinnacle Studio Bonus Content (HKLM-x32\...\{FC030CB5-46A6-4229-AD6E-0AC869F509C8}) (Version: 15.0.0.51 - Pinnacle Systems)
    Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Portrait Professional Studio 10.6 (HKLM-x32\...\PortraitProfessionalStudio10_is1) (Version: 10.6 - Anthropics Technology Ltd.)
    PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.0 - Avid Technology, Inc.)
    Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
    PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
    Red Giant ToonIt Studio 15 (HKLM-x32\...\Red Giant ToonIt Studio 15) (Version: - )
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
    ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.0 - Avid Technology, Inc.)
    SDK (x32 Version: 1.40.002 - Portrait Displays, Inc.) Hidden
    Security Task Manager 1.8c (HKLM-x32\...\Security Task Manager) (Version: 1.8c - Neuber Software)
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
    SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
    Snagit 11 (HKLM-x32\...\{1FB78CB6-F4EA-474F-8B0B-100EFACF3558}) (Version: 11.4.0 - TechSmith Corporation)
    Sound Blaster X-Fi MB (HKLM-x32\...\{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}) (Version: 1.0 - Creative Technology Limited)
    SpamBayes 1.1a6 (HKLM-x32\...\SpamBayes_is1) (Version: 1.1a6 - )
    SportTracks 3.1 (HKLM-x32\...\{99895EF0-B290-4B21-B1FE-FB00E1B5D195}) (Version: 3.1.5202 - Zone Five Software)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Still Life (HKLM-x32\...\GOGPACKSTILLLIFE_is1) (Version: 2.0.0.10 - GOG.com)
    StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
    SureThing Disc Labeler Deluxe (HKLM-x32\...\{15425F24-09AC-4771-8075-C097236806AB}_is1) (Version: 6.1.63.0 - MicroVision Development, Inc.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
    Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.0 - Avid Technology, Inc.)
    Total Recorder 8.2 (HKLM-x32\...\TotalRecorder) (Version: - )
    Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
    Trapcode 3DStroke Studio 15 (HKLM-x32\...\Trapcode 3DStroke Studio 15) (Version: - )
    Trapcode Particular Studio (HKLM-x32\...\Trapcode Particular Studio) (Version: - )
    Trapcode Shine Studio 15 (HKLM-x32\...\Trapcode Shine Studio 15) (Version: - )
    UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 21.30.1006 - IDM Computer Solutions, Inc.)
    UltraEdit (x32 Version: 21.30.1006 - IDM Computer Solutions, Inc.) Hidden
    UninstallDeviceDll 1.1 (HKLM-x32\...\UninstallDeviceDll_is1) (Version: - X-Rite)
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{5B0E60DB-7741-412F-88B3-E6975D30D019}) (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.)
    Visual C++ Redistributables (HKLM-x32\...\InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}) (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    VOB2MPG v3 (HKLM-x32\...\{908B5359-244E-4E09-AA9F-DBF240679B46}) (Version: 3.2.2000 - BadgerIT)
    Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Wondershare Video Converter Ultimate(Build 7.1.3.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.1.3.3 - Wondershare Software)
    X-Rite Device ColorMunki Service (HKLM-x32\...\{EAEFA1B2-64E3-4B8E-942F-F57A73BC1CAE}_is1) (Version: 1.0 - X-Rite Inc.)
    X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4216624398-3978261930-1395381454-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
    CustomCLSID: HKU\S-1-5-21-4216624398-3978261930-1395381454-1001_Classes\CLSID\{0c597e25-b416-4029-b38f-6c250e3ade2f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4216624398-3978261930-1395381454-1001_Classes\CLSID\{5d1ca8f3-96bb-4e96-b0b2-fcceb888d60a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4216624398-3978261930-1395381454-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()

    ==================== Restore Points =========================

    04-02-2015 22:14:31 Scheduled Checkpoint
    07-02-2015 13:31:41 Microsoft Antimalware Checkpoint
    07-02-2015 14:29:25 Windows Update
    07-02-2015 19:26:25 malware clean

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2015-02-08 19:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0981D944-8DE3-422D-89BC-CED0ED2C7D87} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
    Task: {0B5CEBDD-8127-4159-A9E1-97933C52CD1B} - System32\Tasks\Halo 2 for Vista restart => C:\Program Files (x86)\Microsoft Games\Halo 2\startup.exe
    Task: {33442A0F-33D7-4C8F-9709-1C2710BA5D18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {33939BB1-E929-45E4-AFAC-92C27598DAF7} - System32\Tasks\{14503DDD-10E4-4BD7-9CDB-62BB8DA1E584} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/620
    Task: {4763F80C-1A56-4205-A2E0-C0DBBFB88142} - System32\Tasks\{E52CC5BE-A4FA-4973-B9DF-4751F14FF743} => pcalua.exe -a "C:\Users\dferrier\Desktop\Borderlands Game of the Year Edition\Setup.exe" -d "C:\Users\dferrier\Desktop\Borderlands Game of the Year Edition"
    Task: {7D7B0836-DE6C-4BF1-8335-E192AB018848} - System32\Tasks\AdobeAAMUpdater-1.0-lt2-dferrier => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {8ACF2199-1D9D-4613-AA47-8693860D965E} - System32\Tasks\{7721D70B-49B8-4800-896E-F61FD8F3B4E1} => pcalua.exe -a C:\Users\dferrier\Downloads\VirtualBox-4.1.22-80657-Win.exe -d C:\Users\dferrier\Downloads
    Task: {8AE4BD64-957F-428B-BABB-750390BD2F97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
    Task: {8FF573EB-5B54-4D4E-BC6C-F00FB6D763A3} - System32\Tasks\{654FE19B-1DC7-40A5-B10C-A13DD9E6FE0A} => pcalua.exe -a "C:\Program Files (x86)\DVD Decrypter\uninstall.exe"
    Task: {9E74039B-06D5-416A-824D-22D9ECB06487} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
    Task: {A2EC414C-E5DD-42C9-9448-88A454CE5BEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
    Task: {E137A48F-2D24-4B2D-8AF3-028AEC6E666F} - System32\Tasks\{C83149D9-3B25-40F8-A511-EB5134F500D8} => pcalua.exe -a C:\Users\dferrier\Downloads\VirtualBox-4.2.4-81684-Win.exe -d C:\Users\dferrier\Downloads
    Task: {FC82BDAF-6BD2-4451-B3B2-2A0EC62F1BEB} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-04-28 21:13 - 2009-08-13 15:39 - 00558592 _____ () C:\Windows\System32\portmon.dll
    2011-12-30 03:00 - 2011-07-20 07:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-01-02 08:42 - 2010-01-02 08:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2015-01-27 21:56 - 2015-01-23 04:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2015-02-06 13:34 - 2015-02-06 13:34 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:FD268286
    AlternateDataStreams: C:\Users\dferrier\Local Settings:hgG9kL1aRShvqwpjBi0UEZq
    AlternateDataStreams: C:\Users\dferrier\AppData\Local:hgG9kL1aRShvqwpjBi0UEZq
    AlternateDataStreams: C:\Users\dferrier\AppData\Local\Application Data:hgG9kL1aRShvqwpjBi0UEZq
    AlternateDataStreams: C:\Users\dferrier\AppData\Local\Temporary Internet Files:6pduhxTJUR4gEXQDCS1IFTAFTRa

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\Control Panel\Desktop\\Wallpaper ->

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: CLKMSVC10_38F51D56 => 2
    MSCONFIG\Services: ColorMunkiService => 2
    MSCONFIG\Services: DAZContentManagementService => 2
    MSCONFIG\Services: DellDigitalDelivery => 2
    MSCONFIG\Services: Garmin Core Update Service => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MyWiFiDHCPDNS => 3
    MSCONFIG\Services: NAUpdate => 2
    MSCONFIG\Services: nlsX86cc => 2
    MSCONFIG\Services: NOBU => 2
    MSCONFIG\Services: NvNetworkService => 2
    MSCONFIG\Services: NvStreamSvc => 2
    MSCONFIG\Services: RichVideo => 2
    MSCONFIG\Services: RichVideo64 => 2
    MSCONFIG\Services: RoxMediaDB12OEM => 3
    MSCONFIG\Services: RoxWatch12 => 2
    MSCONFIG\Services: Stereo Service => 2
    MSCONFIG\Services: xritedeviced => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Check for Updates.lnk => C:\Windows\pss\Check for Updates.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ColorMunki Gamma.lnk => C:\Windows\pss\ColorMunki Gamma.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ColorMunkiPhotoTray.exe.lnk => C:\Windows\pss\ColorMunkiPhotoTray.exe.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^dferrier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
    MSCONFIG\startupfolder: C:^Users^dferrier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
    MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: ANT Agent => C:\Garmin\ANT_Agent\ANT Agent.exe
    MSCONFIG\startupreg: APSDaemon => "c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
    MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe"
    MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
    MSCONFIG\startupreg: CTMasterOnOffMonitor => Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
    MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
    MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
    MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: FATrayAlert => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    MSCONFIG\startupreg: PDVD9LanguageShortcut => "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    MSCONFIG\startupreg: RemoteControl9 => "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    MSCONFIG\startupreg: tlbHost => C:\Program Files\TrueLaunchBar\tlbHost.exe
    MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
    MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

    ==================== Accounts: =============================

    803A803403B745EB9174 (S-1-5-21-4216624398-3978261930-1395381454-1009 - Limited - Enabled)
    Administrator (S-1-5-21-4216624398-3978261930-1395381454-500 - Administrator - Disabled)
    dferrier (S-1-5-21-4216624398-3978261930-1395381454-1001 - Administrator - Enabled) => C:\Users\dferrier
    EF70537B3DBC4BCB9316 (S-1-5-21-4216624398-3978261930-1395381454-1005 - Limited - Enabled)
    Guest (S-1-5-21-4216624398-3978261930-1395381454-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4216624398-3978261930-1395381454-1003 - Limited - Enabled)
    UpdatusUser (S-1-5-21-4216624398-3978261930-1395381454-1011 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============

    Name: Integrated Webcam
    Description: Integrated Webcam
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Quanta Computer Inc.
    Service: usbvideo
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
    Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: NVIDIA
    Service: nvvad_WaveExtensible
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

    Name: Logitech Cordless Device
    Description: Logitech Cordless Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Logitech Cordless Device
    Description: Logitech Cordless Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: ArcCtrl
    Description: ArcCtrl
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ArcCtrl
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: bdfree
    Description: bdfree
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: bdfree
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Logitech Cordless Device
    Description: Logitech Cordless Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Sentinel64
    Description: Sentinel64
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: Sentinel64
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Logitech Cordless Device
    Description: Logitech Cordless Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-08 19:02:17.113
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-02-08 19:02:17.081
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-07 08:13:30.712
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-07 08:13:30.659
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-06 10:01:06.476
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-06 10:01:06.430
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-04 11:51:37.268
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-04 11:51:36.972
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-04 10:38:10.807
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-04 10:38:10.761
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2860QM CPU @ 2.50GHz
    Percentage of memory in use: 27%
    Total physical RAM: 8086.17 MB
    Available physical RAM: 5827.11 MB
    Total Pagefile: 16170.52 MB
    Available Pagefile: 13844.73 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:679 GB) (Free:33.52 GB) NTFS
    Drive m: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:15.2 GB) NTFS
    Drive y: () (Network) (Total:232.88 GB) (Free:31.25 GB)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 07F2837E)
    Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
    Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 6 (Size: 298.1 GB) (Disk ID: A4B57300)
    Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  11. Dale Ferrier

    Dale Ferrier TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
    Ran by dferrier at 2015-02-08 22:27:27 Run:1
    Running from C:\Users\dferrier\Desktop
    Loaded Profiles: dferrier & UpdatusUser (Available profiles: dferrier & UpdatusUser)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4216624398-3978261930-1395381454-1001 -> {AEB95F29-2B35-4AD8-BA17-7A8CFA3C36F3} URL =
    SearchScopes: HKU\S-1-5-21-4216624398-3978261930-1395381454-1011 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-4216624398-3978261930-1395381454-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
    FF Plugin HKU\S-1-5-21-4216624398-3978261930-1395381454-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
    S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
    U3 agof5cax; C:\Windows\System32\Drivers\agof5cax.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
    S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
    S2 bdfree; \??\C:\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys [X]
    S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 motccgp; system32\DRIVERS\motccgp.sys [X]
    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
    S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
    S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    S4 NVHDA; system32\drivers\nvhda64v.sys [X]
    S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
    S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
    C:\Windows\System32\Drivers\agof5cax.sys
    2012-02-05 15:52 - 2008-03-19 15:50 - 0097280 _____ () C:\Program Files (x86)\Common Files\pcsbClean.exe
    2012-02-05 15:52 - 2008-03-06 19:31 - 0134656 _____ () C:\Program Files (x86)\Common Files\PCSBoff.exe
    2012-10-14 23:12 - 2014-10-17 09:36 - 0000132 _____ () C:\Users\dferrier\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2013-05-27 20:38 - 2014-01-11 09:50 - 0000132 _____ () C:\Users\dferrier\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2012-12-18 18:08 - 2012-12-18 18:08 - 0000642 _____ () C:\Users\dferrier\AppData\Roaming\Contact Sheet II.xml
    2012-12-18 18:08 - 2012-12-18 18:08 - 0006094 _____ () C:\Users\dferrier\AppData\Roaming\ContactSheetII.log
    2012-07-14 18:02 - 2012-07-14 18:02 - 0167750 _____ () C:\Users\dferrier\AppData\Roaming\EDLManager_Install.log
    2012-09-07 19:45 - 2015-01-29 15:09 - 0000120 _____ () C:\Users\dferrier\AppData\Roaming\FixVTS.ini
    2012-03-03 06:16 - 2015-01-28 17:06 - 0023142 _____ () C:\Users\dferrier\AppData\Roaming\LT2.MTBF.txt
    2012-06-25 23:02 - 2012-07-17 21:17 - 9895874 _____ () C:\Users\dferrier\AppData\Roaming\MediaComposer_Install.log
    2012-01-11 22:29 - 2012-01-11 22:29 - 0000268 ___RH () C:\Users\dferrier\AppData\Roaming\Tribal Masks
    2012-09-05 14:29 - 2015-01-28 17:18 - 0000455 _____ () C:\Users\dferrier\AppData\Roaming\__AvidCloudManager.log
    2012-09-05 14:29 - 2014-12-11 14:37 - 0000902 _____ () C:\Users\dferrier\AppData\Roaming\__AvidCloudManagerPrevious.log
    2012-01-11 17:22 - 2014-10-10 05:30 - 0034816 _____ () C:\Users\dferrier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-01-26 16:02 - 2014-05-13 12:42 - 0000600 _____ () C:\Users\dferrier\AppData\Local\PUTTY.RND
    2013-12-02 19:52 - 2013-12-02 19:52 - 0009632 _____ () C:\Users\dferrier\AppData\Local\recently-used.xbel
    2012-07-05 11:21 - 2012-07-05 11:21 - 0007609 _____ () C:\Users\dferrier\AppData\Local\Resmon.ResmonCfg
    2013-10-04 17:06 - 2013-10-04 17:06 - 0005079 _____ () C:\ProgramData\aqcazbcx.mca
    2014-07-07 15:42 - 2014-10-24 13:06 - 6696936 _____ (Dell ) C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe
    2014-12-13 19:12 - 2014-12-13 19:12 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2014-12-11 08:47 - 2014-12-11 08:47 - 0000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    2012-01-11 22:28 - 2012-01-16 20:23 - 0000020 ____H () C:\ProgramData\PKP_DLdy.DAT
    2012-01-11 22:29 - 2012-01-11 22:29 - 0000268 ___RH () C:\ProgramData\User Loops
    2013-09-27 16:42 - 2013-09-27 16:42 - 0005086 _____ () C:\ProgramData\zscupymp.kxv
    2012-05-31 14:05 - 2012-08-01 20:40 - 0000340 _____ () C:\ProgramData\__FileUploader.log
    C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe
    C:\Users\dferrier\key_workshop.dat
    C:\Users\dferrier\AppData\Local\Temp\Quarantine.exe
    C:\Users\dferrier\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-4216624398-3978261930-1395381454-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
    AlternateDataStreams: C:\ProgramData\Temp:FD268286
    AlternateDataStreams: C:\Users\dferrier\Local Settings:hgG9kL1aRShvqwpjBi0UEZq
    AlternateDataStreams: C:\Users\dferrier\AppData\Local:hgG9kL1aRShvqwpjBi0UEZq
    AlternateDataStreams: C:\Users\dferrier\AppData\Local\Application Data:hgG9kL1aRShvqwpjBi0UEZq
    AlternateDataStreams: C:\Users\dferrier\AppData\Local\Temporary Internet Files:6pduhxTJUR4gEXQDCS1IFTAFTRa

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AEB95F29-2B35-4AD8-BA17-7A8CFA3C36F3}" => Key deleted successfully.
    HKCR\CLSID\{AEB95F29-2B35-4AD8-BA17-7A8CFA3C36F3} => Key not found.
    HKU\S-1-5-21-4216624398-3978261930-1395381454-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
    "HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => Key deleted successfully.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect" => Key deleted successfully.
    "HKU\S-1-5-21-4216624398-3978261930-1395381454-1001\Software\MozillaPlugins\wacom.com/WacomTabletPlugin" => Key deleted successfully.
    C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll not found.
    ADExchange => Service deleted successfully.
    agof5cax => Service deleted successfully.
    ArcCtrl => Service deleted successfully.
    bdfree => Service deleted successfully.
    BTCFilterService => Service deleted successfully.
    catchme => Service deleted successfully.
    CtClsFlt => Service deleted successfully.
    EagleX64 => Service deleted successfully.
    motccgp => Service deleted successfully.
    motccgpfl => Service deleted successfully.
    MotoSwitchService => Service deleted successfully.
    Motousbnet => Service deleted successfully.
    motusbdevice => Service deleted successfully.
    NVHDA => Service deleted successfully.
    NvStreamKms => Service deleted successfully.
    nvvad_WaveExtensible => Service deleted successfully.
    VBoxNetFlt => Service deleted successfully.
    VGPU => Service deleted successfully.
    WacHidRouter => Service deleted successfully.
    wacomrouterfilter => Service deleted successfully.
    Could not move "C:\Windows\System32\Drivers\agof5cax.sys" => Scheduled to move on reboot.
    C:\Program Files (x86)\Common Files\pcsbClean.exe => Moved successfully.
    C:\Program Files (x86)\Common Files\PCSBoff.exe => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\Adobe GIF Format CS6 Prefs => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\Adobe PNG Format CS6 Prefs => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\Contact Sheet II.xml => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\ContactSheetII.log => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\EDLManager_Install.log => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\FixVTS.ini => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\LT2.MTBF.txt => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\MediaComposer_Install.log => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\Tribal Masks => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\__AvidCloudManager.log => Moved successfully.
    C:\Users\dferrier\AppData\Roaming\__AvidCloudManagerPrevious.log => Moved successfully.
    C:\Users\dferrier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
    C:\Users\dferrier\AppData\Local\PUTTY.RND => Moved successfully.
    C:\Users\dferrier\AppData\Local\recently-used.xbel => Moved successfully.
    C:\Users\dferrier\AppData\Local\Resmon.ResmonCfg => Moved successfully.
    C:\ProgramData\aqcazbcx.mca => Moved successfully.
    C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe => Moved successfully.
    C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => Moved successfully.
    C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc => Moved successfully.
    C:\ProgramData\PKP_DLdy.DAT => Moved successfully.
    C:\ProgramData\User Loops => Moved successfully.
    C:\ProgramData\zscupymp.kxv => Moved successfully.
    C:\ProgramData\__FileUploader.log => Moved successfully.
    "C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe" => File/Directory not found.
    C:\Users\dferrier\key_workshop.dat => Moved successfully.
    C:\Users\dferrier\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\dferrier\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-4216624398-3978261930-1395381454-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}" => Key deleted successfully.
    C:\ProgramData\Temp => ":FD268286" ADS removed successfully.
    "C:\Users\dferrier\Local Settings" => ":hgG9kL1aRShvqwpjBi0UEZq" ADS not found.
    C:\Users\dferrier\AppData\Local => ":hgG9kL1aRShvqwpjBi0UEZq" ADS removed successfully.
    "C:\Users\dferrier\AppData\Local\Application Data" => ":hgG9kL1aRShvqwpjBi0UEZq" ADS not found.
    "C:\Users\dferrier\AppData\Local\Temporary Internet Files" => ":6pduhxTJUR4gEXQDCS1IFTAFTRa" ADS not found.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-08 22:30:54)<=

    C:\Windows\System32\Drivers\agof5cax.sys => Is moved successfully.

    ==== End of Fixlog 22:30:54 ====
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  13. Dale Ferrier

    Dale Ferrier TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.96
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 71
    Java version 32-bit out of Date!
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Adobe Reader XI
    Mozilla Firefox (35.0.1)
    Google Chrome 31.0.1650.57 Google Chrome out of date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
     
  14. Dale Ferrier

    Dale Ferrier TS Rookie Topic Starter

    Sophos did not find anything.

    I notice that the security report says that chrome is out of date. However I do not see it installed anywhere on my pc.
     
  15. Dale Ferrier

    Dale Ferrier TS Rookie Topic Starter

    By the way, are there any recommendations for virus/malware software that might have prevented this?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    There is no perfect security program.
    A lot depends on your computing habits.
    You'll find some hints toward the end of this reply.

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    You only need to update 32-bit version. 64-bit version is up to date.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    ===================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...