TechSpot

Trying to fix secure.imd-cdn.mediaplex.com errors

By Erik Westlake
Sep 23, 2015
  1. Below is the FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
    Ran by ewest (administrator) on EW7 (23-09-2015 08:00:09)
    Running from E:\Downloads
    Loaded Profiles: ewest & (Available Profiles: ewest & Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    () C:\Windows\System32\nvwmi64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    () C:\Windows\System32\nvwmi64.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    (Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Dropbox, Inc.) C:\Users\ewest\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Martin Prikryl) E:\WinSCP\WinSCP.exe
    (Dominik Reichl) W:\Personal\Programs\KeePass\KeePass.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
    (Sage Software Canada Ltd.) \\HABONDIA\GJCWIN\sbbwin.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\ZipSendService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
    HKU\S-1-5-21-2240542705-1553090855-234189918-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
    HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
    HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
    HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\Run: [Dropbox Update] => C:\Users\ewest\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\ewest\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
    Lsa: [Notification Packages] DPPassFilter scecli
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
    Startup: C:\Users\ewest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-25]
    ShortcutTarget: Dropbox.lnk -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    ProxyServer: [S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => 190.78.244.181:8080
    ProxyServer: [S-1-5-21-2240542705-1553090855-234189918-1103] => 61.15.172.105:8088
    ProxyServer: [S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => 61.15.172.105:8088
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{8A3AD018-E44D-4C7F-BF43-742F77CA9267}: [NameServer] 192.168.200.4,192.168.200.9
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM13/31
    HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM13/31
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM13/31
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM13/31
    HKU\S-1-5-21-2240542705-1553090855-234189918-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM13/31
    HKU\S-1-5-21-2240542705-1553090855-234189918-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPCOM13/31
    HKU\S-1-5-21-2240542705-1553090855-234189918-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM13/31
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchTerms}&l=dis&o=CMDTDF
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
    SearchScopes: HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchTerms}&l=dis&o=CMDTDF
    SearchScopes: HKU\S-1-5-21-2240542705-1553090855-234189918-1103 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2240542705-1553090855-234189918-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchTerms}&l=dis&o=CMDTDF
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-08-07] (Hewlett-Packard)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP8EP5-10049/support/ieatgpc1.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    FireFox:
    ========
    FF ProfilePath: C:\Users\ewest\AppData\Roaming\Mozilla\Firefox\Profiles\0ttxt0vf.default
    FF NewTab: about:blank
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF SelectedSearchEngine: Web Search
    FF Homepage: hxxps://www.google.ca/
    hxxps://ca-mg6.mail.yahoo.com/neo/launch?.rand=e6u3fn8mpaqn3#3736
    hxxps://www.facebook.com/
    hxxps://www.paypal.com/myaccount/home
    hxxps://www.youtube.com/watch?v=ebXbLfLACGM&list=PLfOry4fs_49duma-SBXtUnYO4UKiOJD4M&index=29
    FF NetworkProxy: "http", "46.10.161.13"
    FF NetworkProxy: "http_port", 8088
    FF NetworkProxy: "socks_version", 4
    FF NetworkProxy: "type", 2
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-20] ()
    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-31] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-20] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-08-04] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-08-04] (NVIDIA Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2240542705-1553090855-234189918-1103: @citrixonline.com/appdetectorplugin -> C:\Users\ewest\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-24] (Citrix Online)
    FF Plugin HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\ewest\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-24] (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-04-30] (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Users\ewest\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-04-30] (Cisco WebEx LLC)
    FF Extension: Firebug - C:\Users\ewest\AppData\Roaming\Mozilla\Firefox\Profiles\0ttxt0vf.default\Extensions\firebug@software.joehewitt.com.xpi [2014-09-04]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-28]
    FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
    FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-06-18]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-09]
    ==================== Services (Whitelisted) ========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
    S4 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477088 2012-09-04] (Hewlett-Packard Company)
    R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-06-19] (Macrovision Europe Ltd.) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S4 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-06-01] () [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2694432 2014-08-04] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-03-29] (Realtek Semiconductor)
    R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2122224 2013-06-06] (GlavSoft LLC.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    ===================== Drivers (Whitelisted) ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
    R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-05] (Disc Soft Ltd)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S4 LMIRfsClientNP; no ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-09-23] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
    R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-06-01] (McAfee, Inc.)
    R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-06-01] (McAfee, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-06-18] ()
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [24064 2013-06-30] (Shrew Soft Inc) [File not signed]
    S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [17408 2013-06-30] (Shrew Soft Inc) [File not signed]
    S3 IFCoEMP; \SystemRoot\system32\drivers\ifM60x64.sys [X]
    S3 IFCoEVB; \SystemRoot\system32\drivers\ifP60X64.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-09-23 07:49 - 2015-09-23 08:00 - 00000000 ____D C:\FRST
    2015-09-17 14:32 - 2015-09-22 15:27 - 00079664 _____ C:\Users\ewest\Documents\Charlock-Castle.xlsx
    2015-09-08 14:24 - 2015-09-08 14:24 - 00000000 ____D C:\Users\ewest\Downloads\pix
    2015-09-03 21:18 - 2015-09-03 21:18 - 00000000 ____D C:\Users\ewest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-09-03 13:15 - 2015-09-03 13:15 - 00000000 ____D C:\Windows\system32\EventProviders
    2015-09-03 12:48 - 2015-09-03 13:13 - 2048196608 _____ C:\Users\ewest\Downloads\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso
    2015-08-28 07:15 - 2015-08-28 15:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-08-27 07:48 - 2015-08-27 07:48 - 00000000 ____D C:\Users\ewest\AppData\Roaming\Sun
    2015-08-27 07:48 - 2015-08-27 07:48 - 00000000 ____D C:\Users\ewest\.oracle_jre_usage
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-09-23 07:46 - 2014-08-01 07:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-09-23 07:42 - 2015-06-24 10:16 - 00000586 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2240542705-1553090855-234189918-1103.job
    2015-09-23 07:38 - 2013-06-19 07:09 - 00000144 _____ C:\Windows\system32\config\netlogon.ftl
    2015-09-23 07:37 - 2013-06-19 07:00 - 01355597 _____ C:\Windows\WindowsUpdate.log
    2015-09-23 07:27 - 2013-06-19 11:52 - 00000000 ____D C:\Users\ewest\AppData\Roaming\Skype
    2015-09-23 07:17 - 2015-06-24 10:16 - 00000682 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2240542705-1553090855-234189918-1103.job
    2015-09-23 07:05 - 2015-06-18 14:53 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2240542705-1553090855-234189918-1103UA.job
    2015-09-23 07:03 - 2013-07-29 10:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-09-23 03:22 - 2009-07-14 00:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-09-23 03:22 - 2009-07-14 00:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-09-23 00:04 - 2015-06-18 14:53 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2240542705-1553090855-234189918-1103Core.job
    2015-09-22 15:14 - 2014-03-06 10:41 - 00000000 ____D C:\Users\ewest\AppData\Local\CrashDumps
    2015-09-22 12:39 - 2013-06-19 11:16 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2752C6FE-9792-428A-8115-8529626924DF}
    2015-09-22 08:16 - 2013-06-19 13:38 - 00000379 _____ C:\Windows\JONAS.INI
    2015-09-21 10:15 - 2013-06-20 07:41 - 00002280 ____H C:\Users\ewest\Documents\Default.rdp
    2015-09-21 10:13 - 2013-06-20 11:10 - 00000000 ____D C:\TEMP
    2015-09-19 13:00 - 2014-08-16 12:31 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForewest
    2015-09-19 13:00 - 2014-08-16 12:31 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForewest.job
    2015-09-18 23:30 - 2015-06-24 10:16 - 00003722 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2240542705-1553090855-234189918-1103
    2015-09-18 23:30 - 2015-06-24 10:16 - 00003626 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2240542705-1553090855-234189918-1103
    2015-09-17 14:37 - 2013-06-20 12:18 - 00000600 _____ C:\Users\ewest\AppData\Local\PUTTY.RND
    2015-09-17 09:04 - 2013-06-20 12:18 - 00000600 _____ C:\Users\ewest\AppData\Roaming\winscp.rnd
    2015-09-17 08:25 - 2015-06-02 07:57 - 00000000 ____D C:\Users\ewest\AppData\Local\Pokemon Showdown
    2015-09-16 14:54 - 2014-04-30 14:39 - 00000000 ____D C:\Users\ewest\AppData\Roaming\.minecraft
    2015-09-16 09:08 - 2013-06-19 12:35 - 00000000 ____D C:\Users\ewest\AppData\Roaming\Azureus
    2015-09-14 07:43 - 2013-06-19 10:18 - 00058880 _____ C:\Users\ewest\Desktop\TimeSheets.xls
    2015-09-12 12:53 - 2013-06-21 06:48 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2015-09-09 14:07 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
    2015-09-09 12:52 - 2013-07-16 10:28 - 00000000 ____D C:\Users\ewest\AppData\Roaming\VMware
    2015-09-03 21:18 - 2013-06-19 12:51 - 00000000 ____D C:\Users\ewest\AppData\Roaming\Dropbox
    2015-08-31 13:10 - 2013-06-19 12:35 - 00000000 ____D C:\Program Files\Vuze
    2015-08-27 08:37 - 2013-12-08 11:20 - 00000000 ____D C:\ProgramData\Oracle
    2015-08-27 07:49 - 2013-12-08 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-08-27 07:49 - 2013-07-29 09:56 - 00000000 ____D C:\Program Files (x86)\Java
    2015-08-27 07:48 - 2014-01-20 08:51 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-08-27 07:48 - 2013-06-19 11:16 - 00000000 ____D C:\Users\ewest
    ==================== Files in the root of some directories =======
    2014-07-07 14:11 - 2014-07-07 14:11 - 0000034 _____ () C:\Users\ewest\AppData\Roaming\AdobeWLCMCache.dat
    2013-11-20 12:56 - 2013-11-20 12:58 - 0022099 _____ () C:\Users\ewest\AppData\Roaming\Comma Separated Values (DOS).ADR
    2015-03-03 14:07 - 2015-03-03 14:07 - 0000042 _____ () C:\Users\ewest\AppData\Roaming\JONAS.INI
    2013-11-27 09:03 - 2013-11-27 09:03 - 0038458 _____ () C:\Users\ewest\AppData\Roaming\Microsoft Excel 97-2003.ADR
    2013-06-27 14:04 - 2012-08-24 01:36 - 0004096 _____ () C:\Users\ewest\AppData\Roaming\serverdb.rsd
    2014-02-12 15:48 - 2014-02-12 15:48 - 0000100 _____ () C:\Users\ewest\AppData\Roaming\settings.xml
    2013-06-27 14:03 - 2013-06-27 14:05 - 0000280 _____ () C:\Users\ewest\AppData\Roaming\Ultima Mapper Server.xml
    2013-06-20 12:18 - 2015-09-17 09:04 - 0000600 _____ () C:\Users\ewest\AppData\Roaming\winscp.rnd
    2014-04-15 11:46 - 2014-04-15 11:46 - 0004096 ____H () C:\Users\ewest\AppData\Local\keyfile3.drm
    2013-06-20 12:18 - 2015-09-17 14:37 - 0000600 _____ () C:\Users\ewest\AppData\Local\PUTTY.RND
    2013-12-12 12:27 - 2013-12-12 12:27 - 0000017 _____ () C:\Users\ewest\AppData\Local\resmon.resmoncfg
    2014-10-04 12:27 - 2014-10-11 12:29 - 0089484 _____ () C:\ProgramData\hpcsmmsilogs.log
    Some files in TEMP:
    ====================
    C:\Users\ewest\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpssyd2n.dll
    C:\Users\ewest\AppData\Local\Temp\i4jdel0.exe
    C:\Users\ewest\AppData\Local\Temp\IntResource.dll
    C:\Users\ewest\AppData\Local\Temp\jre-8u60-windows-au.exe
    ==================== Bamital & volsnap =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
    LastRegBack: 2015-09-21 00:25
    ==================== End of FRST.txt ============================
     
  2. Erik Westlake

    Erik Westlake TS Rookie Topic Starter

    Addition.txt content
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
    Ran by ewest (2015-09-23 08:00:24)
    Running from E:\Downloads
    Windows 7 Professional Service Pack 1 (X64) (2013-06-19 11:02:57)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Administrator (S-1-5-21-1805343978-2917940140-3893092417-500 - Administrator - Disabled)
    Guest (S-1-5-21-1805343978-2917940140-3893092417-501 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    "Nero SoundTrax Help (x32 Version: 4.0.15.0 - Nero AG) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    AcornPipe 8.572 (HKLM-x32\...\AcornPipe_8.0) (Version: 8.572 - Acorn Pipe Systems Inc.)
    Activation (Nero 9) (HKLM-x32\...\{7ba56743-96bb-4169-9f0a-557e0fe0e1aa}) (Version: - Nero AG)
    Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
    Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
    Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
    Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
    Bitcoin (HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
    Bitcoin (HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
    Bitcoin (HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
    Bitcoin Core (64-bit) (HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\Bitcoin Core (64-bit)) (Version: 0.9.2 - Bitcoin Core project)
    Bitcoin Core (64-bit) (HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Bitcoin Core (64-bit)) (Version: 0.9.2 - Bitcoin Core project)
    Cisco Configuration Professional (HKLM-x32\...\{29342492-9F4F-4089-866A-10D801B610FD}) (Version: 2.5 - Cisco Systems)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{8A16C63D-027A-4645-B394-C033665D0195}) (Version: 1.0.325 - Citrix)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
    Design Your Own Forms (HKLM-x32\...\{178E737B-0C34-4630-A3E3-0C103E4898B5}) (Version: 1.4.400 - Jonas Software)
    Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    D-Link SmartConsole Utility (HKLM-x32\...\{B562C735-BAB2-473D-AF3C-80D1C8284020}) (Version: 2.10.02 - D-Link)
    Dogecoin Core (64-bit) (HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\Dogecoin Core (64-bit)) (Version: 1.8.0 - Dogecoin project)
    Dogecoin Core (64-bit) (HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dogecoin Core (64-bit)) (Version: 1.8.0 - Dogecoin project)
    DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
    Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.38.31665 - Hewlett-Packard Company)
    Dropbox (HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 2.2.13 - Dropbox, Inc.)
    Dropbox (HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
    Dropbox (HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
    DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
    EPISUITE SDK (HKLM-x32\...\{FB37C1A7-9F70-4056-812F-41AC8D436AE1}) (Version: 5.0 - G&A Imaging Ltd)
    File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.2.2 - Hewlett-Packard Company)
    GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)
    GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
    IceChat 9.0 (Build 20140925) (HKLM\...\IceChat9_is1) (Version: 9.00 - IceChat Networks)
    ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
    Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Jonas Club Help (HKLM-x32\...\{05C9F679-A686-45DB-9363-4088FCDAE1C4}) (Version: 1.0.0 - Jonas Software)
    JonasPDFConvertor (HKLM\...\JonasPDFConvertor) (Version: - )
    K-Lite Codec Pack 4.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.0.0 - )
    Litecoin (HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\Litecoin) (Version: 0.8.7.2 - Litecoin project)
    Litecoin (HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Litecoin) (Version: 0.8.7.2 - Litecoin project)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
    Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
    Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
    mp3-2-wav converter 1.14 (HKLM-x32\...\mp3-2-wav) (Version: - )
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    Nero 9 (HKLM-x32\...\{24174ed3-5156-4c5a-badb-e3d3d2f7d474}) (Version: - Nero AG)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 340.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.66 - NVIDIA Corporation)
    NVIDIA Graphics Driver 340.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.66 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA nView 141.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.24 - NVIDIA Corporation)
    NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown")
    Pokémon Trading Card Game Online (HKLM-x32\...\{E46A5439-C642-43B5-A639-107662FF9A49}) (Version: 2.25.0 - The Pokémon Company International)
    PPCoin (HKU\S-1-5-21-2240542705-1553090855-234189918-1103\...\PPCoin) (Version: 0.4.0 - PPCoin project)
    PPCoin (HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\PPCoin) (Version: 0.4.0 - PPCoin project)
    Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.862 - Hewlett-Packard Company)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
    SoundTrax (x32 Version: 4.0.18.0 - Nero AG) Hidden
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
    The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version: - Bethesda Softworks)
    Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
    Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
    TightVNC (HKLM\...\{49195D89-1266-4E6A-A9CD-D5FB2B949774}) (Version: 2.7.7.0 - GlavSoft LLC.)
    Tournament Operations Manager (HKLM-x32\...\{B486F783-DD2F-4F18-B570-79F8C4E84AD4}) (Version: 1.45 - The Pokémon Company International)
    TreeSize Free V2.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.5 - JAM Software)
    Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
    Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version: - Electronic Arts)
    UOS version 1.0.5 (HKLM-x32\...\{FC6804BE-B90F-4C2B-BF21-6A4063C8FD4C}_is1) (Version: 1.0.5 - UOS, Team.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VIP Access SDK (1.1.0.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.2 - Symantec Inc.)
    VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.14766 - VMware, Inc.)
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.0.0.0 - Azureus Software, Inc.)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )
    Wise Registry Cleaner 8.52 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.52 - WiseCleaner.com, Inc.)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2014\en-US\dwgviewrficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2014\dwgviewr.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ewest\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2014\en-US\dwgviewrficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2014\dwgviewr.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ewest\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2240542705-1553090855-234189918-1103_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\ewest\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
    ==================== Restore Points =========================
    21-08-2015 20:00:16 Windows Backup
    24-08-2015 02:05:25 Windows Update
    27-08-2015 09:32:08 Windows Update
    28-08-2015 20:00:17 Windows Backup
    31-08-2015 02:05:44 Windows Update
    03-09-2015 09:31:58 Windows Update
    04-09-2015 20:00:15 Windows Backup
    07-09-2015 02:05:20 Windows Update
    10-09-2015 09:31:30 Windows Update
    11-09-2015 20:00:15 Windows Backup
    14-09-2015 02:05:32 Windows Update
    17-09-2015 09:31:15 Windows Update
    18-09-2015 20:00:15 Windows Backup
    21-09-2015 02:05:22 Windows Update
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 22:34 - 2014-09-24 10:00 - 00000873 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {014832FC-A808-48B2-8479-4F9F705E0787} - System32\Tasks\G2MUploadTask-S-1-5-21-2240542705-1553090855-234189918-1103 => C:\Users\ewest\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {22B20B33-3744-4151-8733-30BE77FD0E69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {24931B3C-D532-4C01-A6C0-56961A705705} - System32\Tasks\{901D8223-5B04-40F1-80C1-90A2DFD018D1} => pcalua.exe -a W:\Music\MP32WAV.exe -d W:\Music
    Task: {39C48602-F5C2-4A54-BCCB-CF8F30B3DEA2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2240542705-1553090855-234189918-1103UA => C:\Users\ewest\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
    Task: {4EA537BD-6EC9-44DE-B9ED-1E039876F039} - System32\Tasks\G2MUpdateTask-S-1-5-21-2240542705-1553090855-234189918-1103 => C:\Users\ewest\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {551FB60C-EFD0-4504-87EA-5C663DEC36B3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2240542705-1553090855-234189918-1103Core => C:\Users\ewest\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
    Task: {5D473991-8CCE-4E52-930F-937E3CC56AFF} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-02-17] ()
    Task: {7BD4F903-93D2-42BA-9F66-55AF11A4A967} - System32\Tasks\HPCeeScheduleForewest => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {7E1B8D11-84A1-4A1A-A8AE-BF381838B9DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {90BC13C6-584A-4E51-938D-A899132F95A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {C154777D-894F-42F5-BB29-2664CF4942F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-20] (Adobe Systems Incorporated)
    Task: {CCE15D91-4DA0-4698-A3E2-FB7F24C4BD86} - System32\Tasks\{CD1631E8-CACB-4019-851F-F434A6D391E1} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{90F523EB-47C3-479E-A8C8-1999F70147A4}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2240542705-1553090855-234189918-1103Core.job => C:\Users\ewest\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2240542705-1553090855-234189918-1103UA.job => C:\Users\ewest\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2240542705-1553090855-234189918-1103.job => C:\Users\ewest\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2240542705-1553090855-234189918-1103.job => C:\Users\ewest\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForewest.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    ==================== Loaded Modules (Whitelisted) ==============
    2014-08-21 08:55 - 2014-08-04 15:17 - 02694432 _____ () C:\Windows\system32\nvwmi64.exe
    2012-06-01 19:55 - 2012-06-01 19:55 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
    2012-06-01 19:13 - 2012-06-01 19:13 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
    2013-06-20 14:28 - 2008-07-19 16:26 - 00087040 _____ () C:\Windows\System32\custmon64.dll
    2014-08-21 08:54 - 2014-08-04 13:57 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2010-04-12 04:04 - 2013-01-17 22:22 - 01054208 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\Rica4dUR.dll
    2014-08-21 08:55 - 2014-08-04 15:17 - 00711456 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
    2013-06-18 20:40 - 2012-02-21 16:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2015-09-03 21:18 - 2015-09-03 21:18 - 00071168 _____ () c:\Users\ewest\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpssyd2n.dll
    2015-03-04 17:45 - 2015-08-05 01:26 - 00012800 _____ () C:\Users\ewest\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
    2015-03-04 17:45 - 2015-08-05 01:26 - 00779776 _____ () C:\Users\ewest\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-07-28 20:05 - 2015-08-05 01:26 - 00056320 _____ () C:\Users\ewest\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-03-04 17:45 - 2015-08-05 01:26 - 00012288 _____ () C:\Users\ewest\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
    2015-06-18 14:53 - 2015-08-05 01:25 - 00056320 _____ () C:\Users\ewest\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-06-18 14:53 - 2015-08-05 01:25 - 01128448 _____ () C:\Users\ewest\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
    2011-07-18 17:07 - 2011-07-18 17:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
    2011-09-21 16:46 - 2011-09-21 16:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
    2013-06-20 08:21 - 2013-06-20 08:21 - 00018944 _____ () C:\Windows\assembly\GAC_MSIL\RoboHelp\1.0.0.0__a0d45ef52db4975f\RoboHelp.dll
    2015-01-08 10:58 - 2015-01-08 10:58 - 00017408 _____ () C:\Program Files (x86)\Jonas Software\Design Your Own Forms\JonasNetHelper.dll
    2013-06-20 08:21 - 2004-02-24 00:00 - 00086016 _____ () C:\GJCWIN\DATA\JMAILOUTLOOK.DLL
    2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
    2013-12-06 13:01 - 2013-05-08 03:57 - 02666496 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
    2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    2012-10-18 17:00 - 2012-10-18 17:00 - 00466944 ____R () C:\Program Files\WinZip\adxloader.dll
    2015-09-23 07:59 - 2015-09-23 07:59 - 00139776 _____ () C:\Users\ewest\AppData\Local\Temp\IntResource.dll
    2015-08-20 11:40 - 2015-08-20 11:40 - 17482952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
     
  3. Erik Westlake

    Erik Westlake TS Rookie Topic Starter

    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
    ==================== EXE Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
    There are 7864 more restricted sites.
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1805343978-2917940140-3893092417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\erik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103\Control Panel\Desktop\\Wallpaper -> C:\Users\ewest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-2240542705-1553090855-234189918-1103-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\ewest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-2240542705-1553090855-234189918-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\administrator.WESTLAKEIND\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.200.4 - 192.168.200.9
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AERTFilters => 2
    MSCONFIG\Services: atashost => 2
    MSCONFIG\Services: FLCDLOCK => 3
    MSCONFIG\Services: HP Support Assistant Service => 2
    MSCONFIG\Services: HPFSService => 2
    MSCONFIG\Services: hpqwmiex => 3
    MSCONFIG\Services: McAfee Endpoint Encryption Agent => 2
    MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: TeamViewer9 => 2
    MSCONFIG\startupfolder: C:^Users^ewest^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: ccApp => "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: File Sanitizer => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    MSCONFIG\startupreg: HPSYSDRV => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
    MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
    MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
    MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
    MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{678A6226-BE5A-4556-B67C-B654EBCFC83D}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
    FirewallRules: [TCP Query User{18411D73-6788-4D83-8198-A67E790AD0C8}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [UDP Query User{53DC9988-CA9B-484F-9A6B-8841173CBD59}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [{2203E9F3-0B79-4999-B43E-C6EFCF4A4608}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{FFAA9183-45C5-4FA5-B7FC-D1CD08630A74}] => (Allow) C:\Program Files\Vuze\Azureus.exe
    FirewallRules: [{1A5B6E41-B2DF-426A-A388-DE0BE7CB27B1}] => (Allow) C:\Program Files\Vuze\Azureus.exe
    FirewallRules: [{72E4B38E-EBDF-4506-8993-EFDECD5AC663}] => (Allow) C:\Users\ewest\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{24D4B865-8C73-4BCC-9697-17FEE21AC339}] => (Allow) C:\Users\ewest\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{0E264D3F-2B4C-4DC1-8E2E-3188AB92995C}E:\ulmaria\client.exe] => (Allow) E:\ulmaria\client.exe
    FirewallRules: [UDP Query User{A895D6B7-3002-458B-9A3C-8A5E79265B9B}E:\ulmaria\client.exe] => (Allow) E:\ulmaria\client.exe
    FirewallRules: [{DB84400A-C591-48D8-BDB4-767175E27B5A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F52BD69A-E0B6-4D76-B568-9F2C31334854}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{5F2D6B96-76D8-4AAF-9219-8503A5E4F5CE}E:\ultima online classic\client.exe] => (Allow) E:\ultima online classic\client.exe
    FirewallRules: [UDP Query User{BEFF8925-8281-4090-9A22-80900038E785}E:\ultima online classic\client.exe] => (Allow) E:\ultima online classic\client.exe
    FirewallRules: [TCP Query User{B40A3D92-3E1C-49FF-B541-C5A2827FCB30}C:\program files (x86)\d-link smartconsole utility\d-link smartconsole utility.exe] => (Allow) C:\program files (x86)\d-link smartconsole utility\d-link smartconsole utility.exe
    FirewallRules: [UDP Query User{209C53B9-A7A7-40A3-ACE9-05CAE4650F87}C:\program files (x86)\d-link smartconsole utility\d-link smartconsole utility.exe] => (Allow) C:\program files (x86)\d-link smartconsole utility\d-link smartconsole utility.exe
    FirewallRules: [{BB83EE64-1159-484B-BE05-BEE0CF8A8362}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    FirewallRules: [{57289527-B5D2-4C99-8F3B-2623390E95E7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    FirewallRules: [{D97C46D6-04AB-4BCD-B4F9-CB58CDD759D9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    FirewallRules: [{D06B79EA-C2F4-4686-873A-AE14FEFDD6FE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    FirewallRules: [{4B09C004-2460-445C-9437-42F0C3397374}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{A07BC215-7BCE-4568-A6BF-79C85F4BCA0A}] => (Allow) LPort=2869
    FirewallRules: [{A1FB00E4-3D95-4C96-977A-659AF402BE72}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{77933E69-3CE9-44BA-8491-69E311777858}C:\bitcoin\bitcoin-qt.exe] => (Allow) C:\bitcoin\bitcoin-qt.exe
    FirewallRules: [UDP Query User{A663EDC9-7F8A-462F-A355-7EF76E1562F3}C:\bitcoin\bitcoin-qt.exe] => (Allow) C:\bitcoin\bitcoin-qt.exe
    FirewallRules: [{05C4D137-D158-4F4B-8CA4-437802B16BAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{15CF0CDF-8D4D-43FA-92FE-905C979B7C9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{1B5D5BE9-39E7-45EB-8B59-F2FBE5D146F0}C:\bitcoin\bitcoin-qt.exe] => (Allow) C:\bitcoin\bitcoin-qt.exe
    FirewallRules: [UDP Query User{89FA77C4-50AD-44D7-8FC9-CA9F145ACE4B}C:\bitcoin\bitcoin-qt.exe] => (Allow) C:\bitcoin\bitcoin-qt.exe
    FirewallRules: [TCP Query User{C32DB439-8695-452B-992E-DEA867192D9A}C:\users\ewest\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ewest\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{198DC1EF-8975-4DD1-9BE8-F380C5412F5A}C:\users\ewest\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ewest\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [TCP Query User{30B688DC-AD12-4839-9983-6DA6E3C9BAD1}E:\digitalcoin\digitalcoin-qt.exe] => (Allow) E:\digitalcoin\digitalcoin-qt.exe
    FirewallRules: [UDP Query User{5FF3F69E-2808-4896-93A1-EBC3515FF41C}E:\digitalcoin\digitalcoin-qt.exe] => (Allow) E:\digitalcoin\digitalcoin-qt.exe
    FirewallRules: [TCP Query User{7C7569C6-D2E6-4B18-A085-DF930E81C124}C:\bitcoin\bitcoin-qt.exe] => (Allow) C:\bitcoin\bitcoin-qt.exe
    FirewallRules: [UDP Query User{E97CD4DB-CCFA-4A8C-8496-357B5A531464}C:\bitcoin\bitcoin-qt.exe] => (Allow) C:\bitcoin\bitcoin-qt.exe
    ==================== Faulty Device Manager Devices =============
    Name: Shrew Soft Lightweight Filter
    Description: Shrew Soft Lightweight Filter
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: vflt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (09/22/2015 03:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
    Faulting module name: NPSWF32_18_0_0_232.dll, version: 18.0.0.232, time stamp: 0x55c42e9b
    Exception code: 0x80000003
    Fault offset: 0x0036331d
    Faulting process id: 0xa304
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Error: (09/22/2015 09:41:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
    Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
    Exception code: 0x80000003
    Fault offset: 0x0000e250
    Faulting process id: 0x3304
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Error: (09/21/2015 07:54:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: EXCEL.EXE, version: 12.0.6723.5000, time stamp: 0x5584c8e3
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0d81fba2
    Faulting process id: 0x359c
    Faulting application start time: 0xEXCEL.EXE0
    Faulting application path: EXCEL.EXE1
    Faulting module path: EXCEL.EXE2
    Report Id: EXCEL.EXE3
    Error: (09/17/2015 02:33:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: EXCEL.EXE, version: 12.0.6723.5000, time stamp: 0x5584c8e3
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x08cefbf4
    Faulting process id: 0xa0a8
    Faulting application start time: 0xEXCEL.EXE0
    Faulting application path: EXCEL.EXE1
    Faulting module path: EXCEL.EXE2
    Report Id: EXCEL.EXE3
    Error: (09/17/2015 10:39:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program EXCEL.EXE version 12.0.6723.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 688c
    Start Time: 01d0eeec614b5ecf
    Termination Time: 22
    Application Path: C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
    Report Id: ded5acbd-5d49-11e5-b48d-10604b830fc5
    Error: (09/15/2015 07:13:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
    Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
    Exception code: 0x80000003
    Fault offset: 0x0000e250
    Faulting process id: 0x7bc4
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Error: (09/14/2015 09:41:55 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: EXCEL.EXE, version: 12.0.6723.5000, time stamp: 0x5584c8e3
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0b54f834
    Faulting process id: 0x688c
    Faulting application start time: 0xEXCEL.EXE0
    Faulting application path: EXCEL.EXE1
    Faulting module path: EXCEL.EXE2
    Report Id: EXCEL.EXE3
    Error: (09/14/2015 09:26:51 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
    Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
    Exception code: 0x80000003
    Fault offset: 0x0000e250
    Faulting process id: 0x4c14
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Error: (09/11/2015 10:24:41 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: EXCEL.EXE, version: 12.0.6723.5000, time stamp: 0x5584c8e3
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0b4bfc7c
    Faulting process id: 0x49cc
    Faulting application start time: 0xEXCEL.EXE0
    Faulting application path: EXCEL.EXE1
    Faulting module path: EXCEL.EXE2
    Report Id: EXCEL.EXE3
    Error: (09/10/2015 09:54:37 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
    Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
    Exception code: 0x80000003
    Fault offset: 0x0000e250
    Faulting process id: 0x514c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    System errors:
    =============
    Error: (09/21/2015 10:13:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The VPRemote Install Bootstrap Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    Error: (09/12/2015 02:06:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.205.2312.0).
    Error: (09/12/2015 02:05:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.205.2284.0
    Update Source: %NT AUTHORITY59
    Update Stage: 4.8.0204.00
    Source Path: 4.8.0204.01
    Signature Type: %NT AUTHORITY602
    Update Type: %NT AUTHORITY604
    User: NT AUTHORITY\SYSTEM
    Current Engine Version: %NT AUTHORITY605
    Previous Engine Version: %NT AUTHORITY606
    Error code: %NT AUTHORITY607
    Error description: %NT AUTHORITY608
    Error: (09/09/2015 02:06:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.205.1937.0).
    Error: (09/09/2015 02:05:52 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.205.1918.0
    Update Source: %NT AUTHORITY59
    Update Stage: 4.8.0204.00
    Source Path: 4.8.0204.01
    Signature Type: %NT AUTHORITY602
    Update Type: %NT AUTHORITY604
    User: NT AUTHORITY\SYSTEM
    Current Engine Version: %NT AUTHORITY605
    Previous Engine Version: %NT AUTHORITY606
    Error code: %NT AUTHORITY607
    Error description: %NT AUTHORITY608
    Error: (09/03/2015 01:16:01 PM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: WESTLAKEIND)
    Description: Service Pack installation failed with error code 0x800f0a03.
    Error: (08/21/2015 09:32:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.205.58.0
    Update Source: %NT AUTHORITY59
    Update Stage: 4.8.0204.00
    Source Path: 4.8.0204.01
    Signature Type: %NT AUTHORITY602
    Update Type: %NT AUTHORITY604
    User: NT AUTHORITY\SYSTEM
    Current Engine Version: %NT AUTHORITY605
    Previous Engine Version: %NT AUTHORITY606
    Error code: %NT AUTHORITY607
    Error description: %NT AUTHORITY608
    Error: (08/21/2015 09:17:20 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk4\DR4.
    Error: (08/21/2015 09:17:16 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk4\DR4.
    Error: (08/12/2015 09:32:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
    %%5
    CodeIntegrity:
    ===================================
    Date: 2015-08-12 09:20:56.837
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-08-12 09:20:56.806
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-08-05 07:54:05.428
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-08-05 07:54:05.413
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-08-05 07:50:42.020
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-08-05 07:50:42.004
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-06-08 07:48:31.605
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-06-08 07:48:31.574
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-06-01 14:52:01.324
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-06-01 14:52:01.278
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
    Percentage of memory in use: 28%
    Total physical RAM: 32712.52 MB
    Available physical RAM: 23382.33 MB
    Total Virtual: 34758.73 MB
    Available Virtual: 27785.3 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:459.07 GB) (Free:296.54 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:6.49 GB) (Free:0.78 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive e: (Programs) (Fixed) (Total:931.51 GB) (Free:643.04 GB) NTFS
    Drive w: (ERIKSDISK) (Fixed) (Total:298.09 GB) (Free:175.44 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C668CAFB)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=459.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=6.5 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=101 MB) - (Type=27)
    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3F6B0A48)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 3 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: CC366CDA)
    Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. Erik Westlake

    Erik Westlake TS Rookie Topic Starter

    I have run all these, and nothing major jumped out, so I took another path and edited my hosts file and put in the following lines:
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mediaplex.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 secure.img-cdn.mediaplex.com

    This has stopped the Ads from this company to pop up on websites. Thus stopping the pop-ups. It is not an issue with the computer in this case. It ended up being bad code on the other end of the system trying to run.

    Thank you for the quick reply on this, and I hope my reply helps others fix this issue with this Google Advertiser.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    You're very welcome [​IMG]
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...