TechSpot

Windows Vista - Popups/Viruses in the way of everything

By Marie Olgin
Mar 7, 2015
  1. Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/7/2015
    Scan Time: 9:34:35 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.03.07.03
    Rootkit Database: v2015.02.25.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Marie

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 688492
    Time Elapsed: 22 min, 5 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 2
    PUP.Optional.Multiplug, C:\Program Files (x86)\sayescoupon\sayescoupon.dll, Delete-on-Reboot, [ab04da68c3c751e5c0c86dbf29d99d63],
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.dll, Delete-on-Reboot, [812e8ab8563445f1b657141bf11126da],

    Registry Keys: 37
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e62009da-412c-458f-8fe0-7bd3741c51c6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\Pe62009da_412c_458f_8fe0_7bd3741c51c6_.Pe62009da_412c_458f_8fe0_7bd3741c51c6_, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\Pe62009da_412c_458f_8fe0_7bd3741c51c6_.Pe62009da_412c_458f_8fe0_7bd3741c51c6_.9, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pe62009da_412c_458f_8fe0_7bd3741c51c6_.Pe62009da_412c_458f_8fe0_7bd3741c51c6_, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pe62009da_412c_458f_8fe0_7bd3741c51c6_.Pe62009da_412c_458f_8fe0_7bd3741c51c6_.9, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\CLSID\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\CLSID\{E62009DA-412C-458F-8FE0-7BD3741C51C6}\INPROCSERVER32, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKU\S-1-5-21-2355649138-3362126530-1860452381-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKU\S-1-5-21-2355649138-3362126530-1860452381-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7223EDAC-E091-B3C1-BD91-B66CE557800F}, Quarantined, [832c3c06a0ea3105968d16f563a048b8],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}, Quarantined, [3778063c840663d330f37794b350ce32],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}, Quarantined, [7837c9790c7e78bec36025e6b54e8779],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}, Quarantined, [2d82162cef9b53e376ade724e61d2ad6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e026910c-80ee-4273-8f0e-098f5d3bbcf8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.9, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.9, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{E026910C-80EE-4273-8F0E-098F5D3BBCF8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, HKU\S-1-5-21-2355649138-3362126530-1860452381-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E026910C-80EE-4273-8F0E-098F5D3BBCF8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E026910C-80EE-4273-8F0E-098F5D3BBCF8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E026910C-80EE-4273-8F0E-098F5D3BBCF8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7304C9D1-98AD-55F0-636E-22D8DD57F176}, Quarantined, [b0ff083abfcb9d99d251e12a0003d32d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{51417852-174C-88D4-34A0-D0FE7858BE47}, Quarantined, [cee150f22b5f51e5df4448c3c63d38c8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{74972EDF-A814-4507-8DD0-7A8C56A7DDBF}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CEEAE576-EBDB-4824-929F-273454600785}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB9A7BD0-EE09-427E-AB13-C54EE0C4EF86}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{74972EDF-A814-4507-8DD0-7A8C56A7DDBF}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CEEAE576-EBDB-4824-929F-273454600785}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FB9A7BD0-EE09-427E-AB13-C54EE0C4EF86}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.ExtremeBlocker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [6a45ff43ff8b0c2ade69c5cb27dc1fe1],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 3
    PUP.Optional.GboxApp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/, Good: (www.google.com), Bad: (http://search.gboxapp.com/),Replaced,[f3bc62e0c1c9102646914c874db85da3]
    PUP.Optional.GboxApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/, Good: (www.google.com), Bad: (http://search.gboxapp.com/),Replaced,[1a9597ab612951e5c215f4df3dc8d42c]
    PUP.Optional.GboxApp.A, HKU\S-1-5-21-2355649138-3362126530-1860452381-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/, Good: (www.google.com), Bad: (http://search.gboxapp.com/),Replaced,[159a0240761456e020b8def5a46157a9]

    Folders: 2
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\NetoCoUpon, Delete-on-Reboot, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.ExtremeBlocker.A, C:\ProgramData\Extreme Blocker, Quarantined, [6a45ff43ff8b0c2ade69c5cb27dc1fe1],

    Files: 26
    PUP.Optional.Multiplug, C:\Program Files (x86)\sayescoupon\sayescoupon.dll, Delete-on-Reboot, [ab04da68c3c751e5c0c86dbf29d99d63],
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.dll, Delete-on-Reboot, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.x64.dll, Quarantined, [812e8ab8563445f1b657141bf11126da],
    PUP.Optional.Multiplug, C:\Program Files (x86)\DigiSaaver\DigiSaaver.exe, Quarantined, [832c3c06a0ea3105968d16f563a048b8],
    PUP.Optional.Multiplug, C:\Program Files (x86)\EnnjeoyCOupoenn\EnnjeoyCOupoenn.exe, Quarantined, [3778063c840663d330f37794b350ce32],
    PUP.Optional.Multiplug, C:\Program Files (x86)\Jobisjob Alerts\Jobisjob Alerts.exe, Quarantined, [7837c9790c7e78bec36025e6b54e8779],
    PUP.Optional.Multiplug, C:\Program Files (x86)\JoniCoupOin\JoniCoupOin.exe, Quarantined, [5b54d56d3f4ba88ebc675bb04db615eb],
    PUP.Optional.Multiplug, C:\Program Files (x86)\Omnifinder\Omnifinder.exe, Quarantined, [2d82162cef9b53e376ade724e61d2ad6],
    PUP.Optional.Multiplug, C:\Program Files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.dll, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, C:\Program Files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.x64.dll, Quarantined, [634cf54d850596a04641fb31649e31cf],
    PUP.Optional.Multiplug, C:\Program Files (x86)\SaVeNewwaApppz\SaVeNewwaApppz.exe, Quarantined, [b0ff083abfcb9d99d251e12a0003d32d],
    PUP.Optional.Multiplug, C:\Program Files (x86)\SiteLauncher\SiteLauncher.exe, Quarantined, [cee150f22b5f51e5df4448c3c63d38c8],
    PUP.Optional.SafeInstall.A, C:\Users\Marie\AppData\Local\temp\vXVL29Vi.exe.part, Quarantined, [1d92ef53d6b4e452c55d80f741c02fd1],
    PUP.Optional.Multiplug, C:\Users\Marie\AppData\Local\temp\__tmp_049d95a0, Delete-on-Reboot, [ab048ab8a7e3979f3d4a41eb669c04fc],
    PUP.Optional.Multiplug, C:\Users\Marie\AppData\Local\temp\__tmp_0f387289, Delete-on-Reboot, [c6e9073b4f3bf442e99e58d41ce618e8],
    PUP.Optional.Multiplug, C:\Users\Marie\AppData\Local\temp\__tmp_2438de68, Delete-on-Reboot, [129df1515733fb3b6d1a6cc0e91947b9],
    PUP.Optional.Multiplug, C:\Users\Marie\AppData\Local\temp\__tmp_2fd686b4, Delete-on-Reboot, [456ae85a6822fe38582f71bbdc26db25],
    PUP.Optional.ShoppingGate.A, C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [644b10324a40ff37d5607f5c986b53ad],
    PUP.Optional.ShoppingGate.A, C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [c8e70240afdb5dd9181d8b50c73ca759],
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\NetoCoUpon\30TtggZq7DQrLp.dat, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\NetoCoUpon\30TtggZq7DQrLp.tlb, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
    PUP.Optional.ExtremeBlocker.A, C:\ProgramData\Extreme Blocker\Extreme Blocker.exe, Quarantined, [6a45ff43ff8b0c2ade69c5cb27dc1fe1],
    PUP.Optional.GboxApp.A, C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage": "http://search.gboxapp.com/",), Replaced,[8827d76baedcb97d18b1ca508c7af50b]
    PUP.Optional.GboxApp.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage": "http://search.gboxapp.com/",), Replaced,[04ab87bb94f67db921a84bcf3acceb15]
    PUP.Optional.GboxApp.A, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zzgh3ra2.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.gboxapp.com/");), Replaced,[9c13053d98f2cc6a6164889236d08f71]
    PUP.Optional.GboxApp.A, C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.gboxapp.com/");), Replaced,[ddd2073b8cfe7cba6362170395719d63]

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 5/7/2009 11:03:39 AM
    System Uptime: 3/7/2015 10:02:02 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0R849J
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 4.134 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 6.937 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001106-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001106-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Shrew Soft Virtual Adapter
    Device ID: ROOT\VNET\0000
    Manufacturer: Shrew Soft
    Name: Shrew Soft Virtual Adapter
    PNP Device ID: ROOT\VNET\0000
    Service: vnet
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    64 bit Windows Card Reader Driver
    Acrobat.com
    Action!
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 16 ActiveX
    Adobe Flash Player 16 NPAPI
    Adobe Reader XI (11.0.06)
    Adobe Refresh Manager
    Adobe Shockwave Player 12.1
    AIM 7
    Amazon MP3 Downloader 1.0.18
    AOL Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    Avidemux 2.6
    BitRaider Web Client
    Bonjour
    CamStudio
    CamStudio 2.7.2
    Canon MP Navigator 2.2
    Canon MP530
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Turkish
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    D3DX10
    Data Lifeguard Diagnostic for Windows 1.27
    Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
    Dell Client Configuration Utility - Powered by Altiris
    Dell Dock
    Dell Edoc Viewer
    Dell Remote Access
    Dell System Detect
    Dropbox
    EA Download Manager
    ESET Online Scanner v3
    Express Zip
    Facebook Image Zoom and Downloader
    FinddBesstDeal
    Five Nights at Freddy's DEMO
    GIMP 2.6.7
    GIMPshop 2.2.8
    Gizmo Central
    Google Chrome
    Google Drive
    Google Earth
    Google SketchUp 8
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
    Hauppauge WinTV
    Hauppauge WinTV Soft PVR
    Helium
    Horizon v2.7.3.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Deskjet 1050 J410 series Basic Device Software
    HP Deskjet 1050 J410 series Help
    HP Deskjet 1050 J410 series Product Improvement Study
    HP Deskjet 3520 series Basic Device Software
    HP Deskjet 3520 series Help
    HP Deskjet 3520 series Product Improvement Study
    HP Deskjet 3520 series Setup Guide
    HP FWUpdateEDO2
    HP Photo Creations
    HP Update
    HTC Driver Installer
    Intel(R) Network Connections 13.1.33.0
    Intel® Matrix Storage Manager
    InterVideo FilterSDK for Hauppauge
    IPTInstaller
    IrfanView (remove only)
    iSEEK AnswerWorks English Runtime
    Java 7 Update 75
    Java 7 Update 75 (64-bit)
    JavaFX 2.0.3
    Junk Mail filter update
    KeePass Password Safe 1.21
    LG USB Modem driver
    Logitech Harmony Remote Software 7
    Logitech Vid
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Luxor 2 (remove only)
    magicJack
    Malwarebytes Anti-Malware version 2.0.4.1028
    McAfee SecurityCenter
    McAfee SiteAdvisor
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft ASP.NET 2.0 AJAX Extensions 1.0
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2010
    Microsoft redistributable runtime DLLs VS2005 SP1(x86)
    Microsoft redistributable runtime DLLs VS2008 SP1(x86)
    Microsoft redistributable runtime DLLs VS2010 SP1 (x86)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 35.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MPlayer (remove only)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    NetoCoUpon
    Notepad++
    Open Workbench
    OpenOffice.org 3.2
    oPryzeLP MC360 Mod Tool
    Paint.NET v3.5.10
    Presto! PageManager 7.15.14
    PriiceCChop
    Quicken 2009
    Quicken 2012
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Remote Control USB Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    ROBLOX Player for Marie
    RoboSavEEr
    RollerCoaster Tycoon 3 Platinum
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    SAMSUNG USB Driver for Mobile Phones
    SAP GUI for Windows 7.30
    ScanSoft OmniPage SE 4.0
    Secunia PSI (3.0.0.9016)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition
    Segoe UI
    Serif PagePlus SE 1.0
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    ShopaDrop
    Shrew Soft VPN Client
    Shutterfly Express Uploader
    SimCity 4 Deluxe
    Skins
    Skype™ 6.11
    Snagit 11
    SNC Client Encryption
    Spelling Dictionaries Support For Adobe Reader 9
    Star Wars The Old Republic
    Star Wars: The Old Republic
    swMSM
    TeamViewer 10
    The Sims Carnival SnapCity
    The Sims™ 2 Deluxe
    The Sims™ 3
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
    VideoPad Video Editor
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2010 x64 Redistributables
    VLC media player
    WIDCOMM Bluetooth Software 6.0.1.4303
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR 4.20 (32-bit)
    WinZip 17.5
    WModem_Installer
    YTD YouTube Downloader & Converter 3.7
    .
    ==== End Of File ===========================
     
  2. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16609 BrowserJavaVersion: 10.75.2
    Run by Marie at 10:21:18 on 2015-03-07
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.2580 [GMT -7:00]
    .
    AV: McAfee[​IMG] Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender[​IMG] *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall[​IMG] *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files (x86)\Coupons\CouponPrinterService.exe
    C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
    C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Gizmo\gservice.exe
    c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    C:\Program Files\ShrewSoft\VPN Client\iked.exe
    C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\McAfee[​IMG]\SiteAdvisor\McSACore.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    c:\Program Files\Microsoft[​IMG] SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\McAfee[​IMG]\MSC\McAPExe.exe
    C:\Program Files\Common Files\McAfee[​IMG]\AMCore\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Common Files\McAfee[​IMG]\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee[​IMG]\Platform\McSvcHost\McSvHost.exe
    C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Program Files (x86)\TeamViewer\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\tv_x64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\wpcumi.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    mStart Page = www.google.com
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} -
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [cdloader] "C:\Users\Marie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [AmazonMP3DownloaderHelper] C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    uRun: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    dRunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    dRunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    dRunOnce: [{90140000-0016-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    dRunOnce: [{90140000-001B-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    dRunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    dRunOnce: [{90140000-00A1-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    StartupFolder: C:\Users\Marie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\Marie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Marie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:1
    mPolicies-System: EnableSecureUIAPath = dword:1
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
    DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0EB5217B-D408-480B-B834-370FD866A684} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68} : NameServer = 170.65.228.4,170.65.232.77
    Filter: application/octet-stream - <Clsid value has no data>
    Filter: application/x-complus - <Clsid value has no data>
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Filter: application/x-msdownload - <Clsid value has no data>
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
    Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = www.google.com
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
    x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
    x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe
    x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-Explorer: NoDrives = dword:0
    x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    x64-mPolicies-System: ConsentPromptBehaviorUser = dword:3
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-mPolicies-System: HideFastUserSwitching = dword:1
    x64-mPolicies-System: EnableSecureUIAPath = dword:1
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Filter: application/octet-stream - <Clsid value has no data>
    x64-Filter: application/x-complus - <Clsid value has no data>
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Filter: application/x-msdownload - <Clsid value has no data>
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
    x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.look-for-it.info/?pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
    FF - plugin: C:\Users\Marie\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\NPRobloxProxy.dll
    FF - plugin: C:\Users\Marie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-9-24 786296]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-9-24 348552]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-7 53488]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
    R1 GizmoDrv;Gizmo Device Driver;C:\Windows\System32\drivers\gizmodrv.sys [2010-2-14 32840]
    R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2013-4-15 24064]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-5-7 88576]
    R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
    R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 176624]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
    R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-1-5 173296]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2010-2-14 31856]
    R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
    R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
    R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2013-10-20 155368]
    R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-10-20 178528]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
    R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
    R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-10-20 1041192]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-10-20 219752]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-10-20 189912]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
    R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-1-19 5436176]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-9-24 72128]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-5-7 316544]
    R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-7-14 1708800]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-9-24 313544]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-9-24 523792]
    R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-8-20 445512]
    R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 fd8830a9;sayescoupon;C:\Windows\System32\rundll32.exe [2006-11-2 46592]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S2 TracSrvWrapper;Check Point Endpoint Connect;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe --> C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [?]
    S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-12-7 477960]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2015-1-8 95544]
    S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-4 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-22 197704]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-6-10 31744]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
    S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\System32\drivers\htcusbnet.sys [2011-6-5 153600]
    S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-8-20 96592]
    S3 ncplelhp;NCP Secure Client NDIS6 Driver;C:\Windows\System32\drivers\ncplelhp.sys [2009-5-17 146312]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2015-1-8 203320]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;C:\Windows\System32\drivers\tinspusb.sys [2010-3-29 142848]
    S3 VNA;Check Point Virtual Network Adapter;C:\Windows\System32\drivers\vna.sys [2009-4-2 161256]
    S3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\System32\drivers\vnaap.sys [2009-4-2 161256]
    S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2013-4-15 17408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-16 90776]
    S4 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-5-7 31232]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2015-03-07 17:10:44 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-03-06 00:09:32 20 ----a-w- C:\Users\Marie\AppData\Roaming\appdataFr3.bin
    2015-02-13 10:32:34 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2015-02-13 10:32:25 320424 ----a-w- C:\Windows\System32\javaws.exe
    2015-02-13 10:32:25 189352 ----a-w- C:\Windows\System32\javaw.exe
    2015-02-13 10:32:25 189352 ----a-w- C:\Windows\System32\java.exe
    2015-02-13 10:29:35 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-13 10:28:57 272808 ----a-w- C:\Windows\SysWow64\javaws.exe
    2015-02-13 10:28:57 175528 ----a-w- C:\Windows\SysWow64\javaw.exe
    2015-02-13 10:28:57 175528 ----a-w- C:\Windows\SysWow64\java.exe
    2015-02-12 10:02:58 116773704 ----a-w- C:\Windows\System32\mrt.exe
    2015-02-05 13:58:13 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 13:58:13 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-01-23 04:07:11 2339840 ----a-w- C:\Windows\System32\jscript9.dll
    2015-01-23 03:59:28 816640 ----a-w- C:\Windows\System32\jscript.dll
    2015-01-23 03:00:27 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2015-01-23 02:51:23 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2015-01-15 06:53:34 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
    2015-01-15 04:08:29 516536 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2015-01-14 03:08:42 17878016 ----a-w- C:\Windows\System32\mshtml.dll
    2015-01-14 02:59:33 10924032 ----a-w- C:\Windows\System32\ieframe.dll
    2015-01-14 02:59:04 448512 ----a-w- C:\Windows\System32\html.iec
    2015-01-14 02:49:37 1388032 ----a-w- C:\Windows\System32\urlmon.dll
    2015-01-14 02:49:35 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2015-01-14 02:47:51 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
    2015-01-14 02:47:45 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2015-01-14 02:47:14 237056 ----a-w- C:\Windows\System32\url.dll
    2015-01-14 02:47:08 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2015-01-14 02:46:46 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2015-01-14 02:46:01 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2015-01-14 02:45:59 2157056 ----a-w- C:\Windows\System32\iertutil.dll
    2015-01-14 02:45:06 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
    2015-01-14 02:45:00 282112 ----a-w- C:\Windows\System32\dxtrans.dll
    2015-01-14 02:44:55 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
    2015-01-14 02:44:54 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2015-01-14 02:44:49 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
    2015-01-14 02:44:48 248320 ----a-w- C:\Windows\System32\ieui.dll
    2015-01-14 02:44:46 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2015-01-14 02:44:42 12800 ----a-w- C:\Windows\System32\mshta.exe
    2015-01-14 01:51:42 12371456 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2015-01-14 01:49:16 367104 ----a-w- C:\Windows\SysWow64\html.iec
    2015-01-14 01:46:05 9742336 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2015-01-14 01:43:54 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2015-01-14 01:42:51 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2015-01-14 01:42:31 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2015-01-14 01:41:35 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2015-01-14 01:41:34 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2015-01-14 01:41:28 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2015-01-14 01:41:26 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2015-01-14 01:41:09 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2015-01-14 01:41:01 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2015-01-14 01:40:54 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
    2015-01-14 01:40:48 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
    2015-01-14 01:40:45 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
    2015-01-14 01:40:39 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2015-01-14 01:40:38 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
    2015-01-14 01:40:35 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
    2015-01-14 01:40:33 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2015-01-14 01:40:32 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2015-01-13 01:51:40 1209856 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2015-01-13 01:39:22 974848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2015-01-09 00:34:00 2790912 ----a-w- C:\Windows\System32\win32k.sys
    2014-12-19 00:26:53 139776 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
    2014-12-08 01:59:34 306176 ----a-w- C:\Windows\SysWow64\scesrv.dll
    2014-12-08 01:37:22 399360 ----a-w- C:\Windows\System32\scesrv.dll
    .
    ============= FINISH: 10:22:07.17 ===============
     
  3. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  4. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    RogueKiller V10.5.1.0 [Mar 5 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Marie [Administrator]
    Started from : C:\Users\Marie\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 03/07/2015 11:18:23
    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] AmazonMP3DownloaderHelper.exe(4184) -- C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[-] -> Killed [TermProc]
    ¤¤¤ Registry : 47 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Run | cdloader : "C:\Users\Marie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [-][x] -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Run | AmazonMP3DownloaderHelper : C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [-] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Run | cdloader : "C:\Users\Marie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Run | AmazonMP3DownloaderHelper : C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-003D-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0016-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-001B-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-006E-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-00A1-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-003D-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0016-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-001B-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-006E-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-00A1-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-003D-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0016-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-001B-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-006E-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-00A1-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-003D-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0016-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-001B-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-006E-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-00A1-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
    [Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
    [Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68} | NameServer : 170.65.228.4,170.65.232.77 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68} | NameServer : 170.65.228.4,170.65.232.77 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68} | NameServer : 170.65.228.4,170.65.232.77 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    ¤¤¤ Tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 2efaacf05f213086b68ddf504388c021
    [BSP] 581a5605d6dfbfe256b7edfb06b85cd6 : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 145408 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31602688 | Size: 461505 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([57] The parameter is incorrect. )
    +++++ PhysicalDrive1: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive2: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive3: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive4: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    ============================================
    RKreport_SCN_03072015_110936.log
     
  5. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    MBAR No Malware Found!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    After clicking on one of the links to download ComboFix, browser was not responding. I closed browser by doing an "End Task" from task manager. Restarted in a different browser, same results. Nothing is responding now, including Windows. Is it okay if I do a reboot at this point?
     
  8. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    FYI, posting from a different computer ATM
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  10. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    Multiple attempts from the new site and from the other sites is not allowing me to download. It acts like it is downloading but then says "ComboFix.ext might have been moved or deleted."
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Disable your AV program and try again.
     
  12. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    ComboFix 15-03-01.01 - Marie 03/07/2015 16:33:58.1.8 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.3493 [GMT -7:00]
    Running from: c:\users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONNYWR98\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\FinddBesstDeal
    c:\program files (x86)\FinddBesstDeal\mwSGoy9zcHZQwU.dat
    c:\program files (x86)\FinddBesstDeal\mwSGoy9zcHZQwU.tlb
    c:\program files (x86)\PriiceCChop
    c:\program files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.dat
    c:\program files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.tlb
    c:\program files (x86)\RoboSavEEr
    c:\program files (x86)\RoboSavEEr\dTE45Fdi1aTDBY.dat
    c:\program files (x86)\RoboSavEEr\dTE45Fdi1aTDBY.tlb
    c:\program files (x86)\ShopaDrop
    c:\program files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.dat
    c:\program files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.exe
    c:\program files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.tlb
    c:\program files (x86)\SihopDrOp
    c:\program files (x86)\SihopDrOp\YOlAZ9Tr6q8Qb2.dat
    c:\program files (x86)\SihopDrOp\YOlAZ9Tr6q8Qb2.tlb
    c:\programdata\1901603862025610039
    c:\programdata\1901603862025610039\07870b539a388c2b96dc38569efab410.ini
    c:\programdata\1901603862025610039\2544e9905b19ed4896dc38569efab410.ini
    c:\programdata\1901603862025610039\2a0b23fa8d6e74d496dc38569efab410.ini
    c:\programdata\1901603862025610039\465f8e59c1c2d77496dc38569efab410.ini
    c:\programdata\1901603862025610039\48b7d16c1455ab2596dc38569efab410.ini
    c:\programdata\1901603862025610039\4ab07dd0adbafc3696dc38569efab410.ini
    c:\programdata\1901603862025610039\60b6132765a7b0ab96dc38569efab410.ini
    c:\programdata\1901603862025610039\62dd3921369ec2f696dc38569efab410.ini
    c:\programdata\1901603862025610039\8c84dcdc46445dd696dc38569efab410.ini
    c:\programdata\1901603862025610039\c639ec01ae8d99a996dc38569efab410.ini
    c:\programdata\1901603862025610039\cd5b15e575e1c3d096dc38569efab410.ini
    c:\programdata\1901603862025610039\f392fc60cfeefae496dc38569efab410.ini
    c:\programdata\1901603862025610039\f6f6eb7fa6ec985796dc38569efab410.ini
    c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj
    c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\background.html
    c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\content.js
    c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\lsdb.js
    c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\manifest.json
    c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\woisrEIxbT.js
    c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\preferences
    c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj
    c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\background.html
    c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\content.js
    c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\lsdb.js
    c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\manifest.json
    c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\woisrEIxbT.js
    c:\users\John\AppData\Local\Google\Chrome\User Data\Default\preferences
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\background.html
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\content.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\lsdb.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\manifest.json
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\TV.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\background.html
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\content.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\lOxZG1BDI.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\lsdb.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\manifest.json
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\background.html
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\content.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\lsdb.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\manifest.json
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\woisrEIxbT.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\aFwY.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\background.html
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\content.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\lsdb.js
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\manifest.json
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecmipeblhclmbklgalmpgilfonejhlgb
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\000003.log
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\CURRENT
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOCK
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOG
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\MANIFEST-000002
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmebmmnpohfhoknnlpohjaembcipocaa
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpimjanmknifnoiajikmhmhmlihdccbd_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpimjanmknifnoiajikmhmhmlihdccbd_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_calhgleedaaigmhnoklfenlfhlbfdloo_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_calhgleedaaigmhnoklfenlfhlbfdloo_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddkmnnjagobggenpodlgemgpgdhoapnp_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddkmnnjagobggenpodlgemgpgdhoapnp_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecmipeblhclmbklgalmpgilfonejhlgb_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecmipeblhclmbklgalmpgilfonejhlgb_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_edefbbbcggajdncnoingicdckbhngpcj_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_edefbbbcggajdncnoingicdckbhngpcj_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hokidjkfnkghmbhmdjgeooaahehhiomh_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hokidjkfnkghmbhmdjgeooaahehhiomh_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmebmmnpohfhoknnlpohjaembcipocaa_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmebmmnpohfhoknnlpohjaembcipocaa_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plmlpbcjkpppncefeoongifnpinjmegf_0.localstorage-journal
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plmlpbcjkpppncefeoongifnpinjmegf_0.localstorage
    c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org\bootstrap.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org\chrome.manifest
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org\content\bg.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org\install.rdf
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net\bootstrap.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net\chrome.manifest
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net\content\bg.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net\install.rdf
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com\bootstrap.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com\chrome.manifest
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com\content\bg.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com\install.rdf
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net\bootstrap.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net\chrome.manifest
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net\content\bg.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net\install.rdf
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org\bootstrap.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org\chrome.manifest
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org\content\bg.js
    c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org\install.rdf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-08 to 2015-03-08 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\Public\AppData\Local\temp
    2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\Marie\AppData\Local\temp
    2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\hedev\AppData\Local\temp
    2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
    2015-03-07 17:58 . 2015-03-07 17:59 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-03-07 17:58 . 2015-03-07 17:59 -------- d-----w- c:\programdata\RogueKiller
    2015-02-26 08:18 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\SaVeNewwaApppz
    2015-02-26 08:18 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\Jobisjob Alerts
    2015-02-20 10:17 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\DigiSaaver
    2015-02-20 10:17 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\SiteLauncher
    2015-02-20 09:58 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\Omnifinder
    2015-02-20 09:57 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\JoniCoupOin
    2015-02-20 09:57 . 2015-02-20 09:57 -------- d-----w- c:\programdata\hfkenbbeejopejgcaleojmmccjfammga
    2015-02-20 01:37 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\EnnjeoyCOupoenn
    2015-02-18 17:47 . 2015-03-06 00:09 20 ----a-w- c:\users\Marie\AppData\Roaming\appdataFr3.bin
    2015-02-13 10:33 . 2015-02-13 10:32 320424 ----a-w- c:\windows\system32\javaws.exe
    2015-02-13 10:33 . 2015-02-13 10:32 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2015-02-13 10:33 . 2015-02-13 10:32 189352 ----a-w- c:\windows\system32\javaw.exe
    2015-02-13 10:33 . 2015-02-13 10:32 189352 ----a-w- c:\windows\system32\java.exe
    2015-02-13 10:32 . 2015-02-13 10:32 -------- d-----w- c:\program files\Java
    2015-02-13 10:30 . 2015-02-13 10:29 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-13 10:28 . 2015-02-13 10:28 -------- d-----w- c:\program files (x86)\Java
    2015-02-12 23:40 . 2015-03-07 17:02 -------- d-----w- c:\program files (x86)\sayescoupon
    2015-02-12 23:40 . 2015-02-12 23:40 -------- d-----w- c:\program files (x86)\Facebook Image Zoom and Downloader
    2015-02-12 23:39 . 2015-02-12 23:39 -------- d-----w- c:\program files (x86)\PriceChoop
    2015-02-12 23:38 . 2015-02-12 23:38 -------- d-----w- c:\programdata\ihcpkcjfihddglhjfoelilgaahgpecfd
    2015-02-12 23:38 . 2015-02-19 03:04 -------- d-----w- c:\programdata\{c4b73411-ea95-7132-c4b7-73411ea9d047}
    2015-02-12 21:45 . 2015-02-13 00:19 -------- d-----w- c:\users\Marie\AppData\Roaming\.evanMCLauncher
    2015-02-12 11:07 . 2015-01-23 04:07 2339840 ----a-w- c:\windows\system32\jscript9.dll
    2015-02-12 11:07 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\SysWow64\jscript9.dll
    2015-02-12 11:07 . 2015-01-23 03:59 816640 ----a-w- c:\windows\system32\jscript.dll
    2015-02-12 10:29 . 2014-12-08 01:59 306176 ----a-w- c:\windows\SysWow64\scesrv.dll
    2015-02-12 10:29 . 2014-12-08 01:37 399360 ----a-w- c:\windows\system32\scesrv.dll
    2015-02-12 10:29 . 2015-01-09 00:34 2790912 ----a-w- c:\windows\system32\win32k.sys
    2015-02-12 10:29 . 2014-11-26 01:42 847360 ----a-w- c:\windows\system32\oleaut32.dll
    2015-02-12 10:29 . 2014-11-26 02:05 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2015-02-12 10:18 . 2015-01-13 01:51 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-02-12 10:18 . 2015-01-13 01:39 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2015-02-12 10:13 . 2015-01-15 06:53 77312 ----a-w- c:\windows\SysWow64\secur32.dll
    2015-02-12 10:13 . 2015-01-15 04:08 516536 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-02-11 11:16 . 2015-01-14 02:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-03-07 18:42 . 2014-05-15 02:33 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-03-07 18:42 . 2014-05-15 02:32 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-02-12 10:02 . 2006-11-02 12:35 116773704 ----a-w- c:\windows\system32\mrt.exe
    2015-02-05 13:58 . 2012-04-11 14:02 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-05 13:58 . 2011-06-08 16:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-19 00:26 . 2015-01-14 10:10 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "GizmoDriveDelegate"="c:\progra~2\GIZMO\GDRIVE.DLL" [2010-02-15 390752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-13 304568]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-20 295072]
    "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-26 537992]
    .
    c:\users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    .
    c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    .
    c:\users\Lancee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    .
    c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
    .
    c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
    .
    c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    Dropbox.lnk - c:\users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-10 42555824]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-15 981544]
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 1 (0x1)
    "EnableSecureUIAPath"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-02-20 04:21 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 13:58]
    .
    2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 16:04]
    .
    2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf6a8bbdc58d56.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 16:04]
    .
    2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 16:04]
    .
    2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 16:04]
    .
    2015-03-08 c:\windows\Tasks\User_Feed_Synchronization-{3D20B27D-5952-4385-9DD3-9C5235C92FFE}.job
    - c:\windows\system32\msfeedssync.exe [2015-02-11 01:40]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-24 6975520]
    "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68}: NameServer = 170.65.228.4,170.65.232.77
    FF - ProfilePath - c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.look-for-it.info/?pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
    AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
    AddRemove-Mirillis Action! - c:\users\Marie\Desktop\Minecraft\Action!\uninstall.exe
    AddRemove-{317D8BB4-16C3-CFBD-3777-AED69667DA46} - c:\program files (x86)\NetoCoUpon\30TtggZq7DQrLp.exe
    AddRemove-{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} - c:\program files (x86)\Facebook Image Zoom and Downloader\Facebook Image Zoom and Downloader.exe
    AddRemove-{B5DB572D-EA87-D3B0-08F6-4D153EA6A783} - c:\program files (x86)\FinddBesstDeal\mwSGoy9zcHZQwU.exe
    AddRemove-{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6} - c:\program files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.exe
    AddRemove-{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} - c:\program files (x86)\RoboSavEEr\dTE45Fdi1aTDBY.exe
    AddRemove-{D8A9D3D9-F414-952D-AC93-E5F96D47B5BD} - c:\program files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{61539ECD-CC67-4437-A03C-9AACCBD14326}"=hex:51,66,7a,6c,4c,1d,38,12,a3,9d,40,
    65,55,82,59,01,df,2a,d9,ec,ce,8f,07,32
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,
    f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{B0CDA128-B425-4EEF-A174-61A11AC5DBF8}"=hex:51,66,7a,6c,4c,1d,38,12,46,a2,de,
    b4,17,fa,81,0b,de,62,22,e1,1f,9b,9f,ec
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a0,1a,ff,a4,55,1d,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @DACL=(02 0011)
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    @DACL=(02 0011)
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @DACL=(02 0011)
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @DACL=(02 0011)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2015-03-07 17:06:11
    ComboFix-quarantined-files.txt 2015-03-08 00:06
    .
    Pre-Run: 6,529,343,488 bytes free
    Post-Run: 7,999,696,896 bytes free
    .
    - - End Of File - - 0F966B898B3B0216D487061C8C09F43A
    5C616939100B85E558DA92B899A0FC36
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  14. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    # AdwCleaner v3.211 - Report created 25/05/2014 at 19:38:10
    # Updated 26/05/2014 by Xplode
    # Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # Username : Marie - ADMIN-PC
    # Running from : C:\Users\Marie\Desktop\adwcleaner_3.211.exe
    # Option : Clean
    ***** [ Services ] *****
    [#] Service Deleted : vToolbarUpdater15.2.0
    ***** [ Files / Folders ] *****
    [!] Folder Deleted : C:\ProgramData\apn
    [!] Folder Deleted : C:\ProgramData\eSafe
    [!] Folder Deleted : C:\Program Files (x86)\BrowseFox
    [!] Folder Deleted : C:\Program Files (x86)\File Type Helper
    [!] Folder Deleted : C:\Program Files (x86)\lucky leap
    [!] Folder Deleted : C:\Program Files (x86)\PC TEKNIX
    [!] Folder Deleted : C:\Program Files (x86)\SearchProtect
    [!] Folder Deleted : C:\Windows\SysWOW64\WNLT
    [!] Folder Deleted : C:\Program Files\Uninstaller
    [!] Folder Deleted : C:\Users\Admin`\AppData\LocalLow\Fast Free Converter
    [!] Folder Deleted : C:\Users\Gilbert\AppData\LocalLow\Fast Free Converter
    [!] Folder Deleted : C:\Users\John\AppData\Local\SearchProtect
    [!] Folder Deleted : C:\Users\John\AppData\LocalLow\Fast Free Converter
    [!] Folder Deleted : C:\Users\John\AppData\LocalLow\Search Settings
    [!] Folder Deleted : C:\Users\Lancee\AppData\LocalLow\Fast Free Converter
    [!] Folder Deleted : C:\Users\Lancee\AppData\LocalLow\Search Settings
    [!] Folder Deleted : C:\Users\Marie\AppData\Local\Oxy
    [!] Folder Deleted : C:\Users\Marie\AppData\Local\SearchProtect
    [!] Folder Deleted : C:\Users\Marie\AppData\Local\WordLayers
    [!] Folder Deleted : C:\Users\Marie\AppData\LocalLow\AVG SafeGuard toolbar
    [!] Folder Deleted : C:\Users\Marie\AppData\LocalLow\Mysearchdial
    [!] Folder Deleted : C:\Users\Marie\AppData\LocalLow\SweetPacks_A8
    [!] Folder Deleted : C:\Users\Marie\AppData\Roaming\Oxy
    [!] Folder Deleted : C:\Users\Mcx1\AppData\LocalLow\Fast Free Converter
    [!] Folder Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
    File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zzgh3ra2.default\user.js
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
    File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0051-B4B6-006094B9D64F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0054-B4B6-006094B9D64F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0057-B4B6-006094B9D64F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B90F32AD-859E-4EDD-BFAE-C9216849520C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C08AB035-3820-4FA7-9420-B0259A4DA2B8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DAADF07B-7D06-4AF4-B3CA-6144830077EC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\WEDLMNGR
    Key Deleted : HKCU\Software\AppDataLow\Software
    Key Deleted : HKLM\Software\AVG SafeGuard toolbar
    Key Deleted : HKLM\Software\hdcode
    Key Deleted : HKLM\Software\InstallCore
    Key Deleted : HKLM\Software\mysearchdial
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DMUninstaller
    Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
    ***** [ Browsers ] *****
    -\\ Internet Explorer v9.0.8112.16545

    -\\ Mozilla Firefox v29.0.1 (en-US)
    [ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zzgh3ra2.default\prefs.js ]
    Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
    Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
    [ File : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\prefs.js ]

    -\\ Google Chrome v35.0.1916.114
    [ File : C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtByE0EzztDtA0AtDyByByDyEtAtAtN0D0Tzu0CyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=517001664&ir=
    Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
    [ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtByE0EzztDtA0AtDyByByDyEtAtAtN0D0Tzu0CyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=517001664&ir=
    Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
    Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
    [ File : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322521&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SPA9132157-AF9C-4335-B96B-26587B82A809&q={searchTerms}&SSPV=
    Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
    Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Deleted [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
    Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
    Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
    Deleted [Extension] : mocblcnaofikinigmceddfghppkkjbog
    *************************
    AdwCleaner[R0].txt - [8899 octets] - [25/05/2014 19:37:12]
    AdwCleaner[S0].txt - [8478 octets] - [25/05/2014 19:38:10]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8538 octets] ##########
    # AdwCleaner v4.111 - Logfile created 07/03/2015 at 18:04:22
    # Updated 18/02/2015 by Xplode
    # Database : 2015-03-05.1 [Server]
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
    # Username : Marie - ADMIN-PC
    # Running from : C:\Users\Marie\Desktop\adwcleaner_4.111.exe
    # Option : Cleaning
    ***** [ Services ] *****
    Service Deleted : CouponPrinterService
    ***** [ Files / Folders ] *****
    [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [!] Folder Deleted : C:\Program Files (x86)\Coupons
    [!] Folder Deleted : C:\Program Files (x86)\Coupons
    [!] Folder Deleted : C:\Program Files (x86)\DigiSaaver
    [!] Folder Deleted : C:\Program Files (x86)\EnnjeoyCOupoenn
    [!] Folder Deleted : C:\Program Files (x86)\JoniCoupOin
    [!] Folder Deleted : C:\Program Files (x86)\PriceChoop
    [!] Folder Deleted : C:\Program Files (x86)\SaVeNewwaApppz
    [!] Folder Deleted : C:\Program Files (x86)\sayescoupon
    [!] Folder Deleted : C:\Users\Marie\AppData\Roaming\RHEng
    [!] Folder Deleted : C:\ProgramData\hfkenbbeejopejgcaleojmmccjfammga
    [!] Folder Deleted : C:\ProgramData\ihcpkcjfihddglhjfoelilgaahgpecfd
    [!] Folder Deleted : C:\ProgramData\hfkenbbeejopejgcaleojmmccjfammga
    [!] Folder Deleted : C:\ProgramData\ihcpkcjfihddglhjfoelilgaahgpecfd
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.babylon.com_0.localstorage-journal
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
    File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
    ***** [ Scheduled tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\P1dcfd84c_0196_4c0a_b4f9_fc54b8948868_.P1dcfd84c_0196_4c0a_b4f9_fc54b8948868_
    Key Deleted : HKLM\SOFTWARE\Classes\P1dcfd84c_0196_4c0a_b4f9_fc54b8948868_.P1dcfd84c_0196_4c0a_b4f9_fc54b8948868_.9
    Key Deleted : HKLM\SOFTWARE\Classes\P4695f5da_b2a8_4937_af7a_e4430ce1e8e8_.P4695f5da_b2a8_4937_af7a_e4430ce1e8e8_
    Key Deleted : HKLM\SOFTWARE\Classes\P4695f5da_b2a8_4937_af7a_e4430ce1e8e8_.P4695f5da_b2a8_4937_af7a_e4430ce1e8e8_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pc4b7da38_93c9_4654_ae3f_84f74c1819d5_.Pc4b7da38_93c9_4654_ae3f_84f74c1819d5_
    Key Deleted : HKLM\SOFTWARE\Classes\Pc4b7da38_93c9_4654_ae3f_84f74c1819d5_.Pc4b7da38_93c9_4654_ae3f_84f74c1819d5_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pfaa52574_26de_44e0_a0b1_3f1f1bf9613c_.Pfaa52574_26de_44e0_a0b1_3f1f1bf9613c_
    Key Deleted : HKLM\SOFTWARE\Classes\Pfaa52574_26de_44e0_a0b1_3f1f1bf9613c_.Pfaa52574_26de_44e0_a0b1_3f1f1bf9613c_.9
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1dcfd84c-0196-4c0a-b4f9-fc54b8948868}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4695f5da-b2a8-4937-af7a-e4430ce1e8e8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c4b7da38-93c9-4654-ae3f-84f74c1819d5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{faa52574-26de-44e0-a0b1-3f1f1bf9613c}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1dcfd84c-0196-4c0a-b4f9-fc54b8948868}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4695f5da-b2a8-4937-af7a-e4430ce1e8e8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c4b7da38-93c9-4654-ae3f-84f74c1819d5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{faa52574-26de-44e0-a0b1-3f1f1bf9613c}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1dcfd84c-0196-4c0a-b4f9-fc54b8948868}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4695f5da-b2a8-4937-af7a-e4430ce1e8e8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c4b7da38-93c9-4654-ae3f-84f74c1819d5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{faa52574-26de-44e0-a0b1-3f1f1bf9613c}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1dcfd84c-0196-4c0a-b4f9-fc54b8948868}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4695f5da-b2a8-4937-af7a-e4430ce1e8e8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c4b7da38-93c9-4654-ae3f-84f74c1819d5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{faa52574-26de-44e0-a0b1-3f1f1bf9613c}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.7
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{317D8BB4-16C3-CFBD-3777-AED69667DA46}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D8A9D3D9-F414-952D-AC93-E5F96D47B5BD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Start Savin
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.7
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
    ***** [ Web browsers ] *****
    -\\ Internet Explorer v9.0.8112.16609

    -\\ Mozilla Firefox v35.0.1 (x86 en-US)
    [a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
    [a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82&l=1&q=");
    [a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "WebSearch");
    [a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
    [a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
    [a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
    [a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
    [a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("extensions.x1xZBGJcsv87G6Cp.url", "hxxp://getjpit.info/sync2/?q=hfZ9oeZNATCMCyVUojw8rHUMg708BNmGWj8lkGhGheDUojw8rdsGrdaFrTaGqchIC7n0rjkErTsErdwHpdsHtNhVCT94tMVKhd9Gqdw8rTY8qTU6qHw9qTs7rHa8t[...]
    [a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("extensions.yJWECB9gPE4XqgzJ.url", "hxxp://jobfirstnet.info/sync2/?q=hfZ9ofbEBM0ZtNbPhd9Fqjr4tMqLDe49CNU0llrMCMlNhd9FqjaGrjsGrHr4rHgMBzqUojw8rdsFrTsHqdCGrch7hfs0pihPBMn0rTnFqjs5qjg4qHCFqdgGq[...]
    -\\ Google Chrome v40.0.2214.115
    [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search;_ylt=AwrTca0YrtxSGX8AirsPxQt.;_ylc=X1MDMjExNDcwMDU1OQRfcgMyBGJjawNhNHByYjJwOHVnYWlwJTI2YiUzRDQlMjZkJTNEcUVMbE1oaHBZRUtXRXVzNTU5NjNoQlBKVXBUYV9CSl95MVR0ZGctLSUyNnMlM0Q4biUyNmklM0R2X3I1MU5rMVc0b3pibFlfc0tPdwRmcgN5aHMtaXJvbnNvdXJjZS1mdWxseWhvc3RlZF8wMDMEbXRlc3RpZANudWxsBG5fcnNsdAMxMARuX3N1Z2cDMgRvcmlnaW4DdXMueWhzNC5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzM2BHF1ZXJ5A3doYXQgbGFuZ3VhZ2UgaXMgc3Bva2VuIGluIGhvbmcga29uZwR0X3N0bXADMTM5MDE5NDIxNDY4NAR2dGVzdGlkA251bGw-?gprid=2R0kAWPkSGSbp8Sj8.zLQA&pvid=aZkBrjIwNi6iZ2sWUegqWQ7iNzAuMVLcrhj_u.XI&p={searchTerms}&fr2=sb-top&hspart=ironsource&hsimp=yhs-fullyhosted_003&type=irmsd1103
    [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82
    -\\ Chromium v
    [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search;_ylt=AwrTca0YrtxSGX8AirsPxQt.;_ylc=X1MDMjExNDcwMDU1OQRfcgMyBGJjawNhNHByYjJwOHVnYWlwJTI2YiUzRDQlMjZkJTNEcUVMbE1oaHBZRUtXRXVzNTU5NjNoQlBKVXBUYV9CSl95MVR0ZGctLSUyNnMlM0Q4biUyNmklM0R2X3I1MU5rMVc0b3pibFlfc0tPdwRmcgN5aHMtaXJvbnNvdXJjZS1mdWxseWhvc3RlZF8wMDMEbXRlc3RpZANudWxsBG5fcnNsdAMxMARuX3N1Z2cDMgRvcmlnaW4DdXMueWhzNC5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzM2BHF1ZXJ5A3doYXQgbGFuZ3VhZ2UgaXMgc3Bva2VuIGluIGhvbmcga29uZwR0X3N0bXADMTM5MDE5NDIxNDY4NAR2dGVzdGlkA251bGw-?gprid=2R0kAWPkSGSbp8Sj8.zLQA&pvid=aZkBrjIwNi6iZ2sWUegqWQ7iNzAuMVLcrhj_u.XI&p={searchTerms}&fr2=sb-top&hspart=ironsource&hsimp=yhs-fullyhosted_003&type=irmsd1103
    [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82
    *************************
    AdwCleaner[R0].txt - [21386 bytes] - [25/05/2014 19:37:12]
    AdwCleaner[S0].txt - [22221 bytes] - [25/05/2014 19:38:10]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22281 bytes] ##########
     
  15. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.3 (03.01.2015:1)
    OS: Windows (TM) Vista Home Premium x64
    Ran by Marie on Sat 03/07/2015 at 18:53:46.97
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211671166}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211671166}
    ~~~ Files
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
    ~~~ Folders
    Successfully deleted: [Folder] "C:\Users\Marie\AppData\Roaming\getrighttogo"
    Successfully deleted: [Folder] "C:\Users\Marie\appdata\local\cre"
    Successfully deleted: [Empty Folder] C:\Users\Marie\appdata\local\{798F39E1-FA29-41E4-A7B0-3CDADE92E0D9}
    Successfully deleted: [Empty Folder] C:\Users\Marie\appdata\local\{9BA9D08B-EFCB-4B10-A3EA-601803B06D8E}
    Successfully deleted: [Empty Folder] C:\Users\Marie\appdata\local\{AC3FE87A-DBAB-4292-945F-72B6551A9817}
    ~~~ FireFox
    Successfully deleted the following from C:\Users\Marie\AppData\Roaming\mozilla\firefox\profiles\a00sgbe4.default-1396488589006\prefs.js
    user_pref("extensions.1wepBhT1IRPbiwDj.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
    user_pref("extensions.1wepBhT1IRPbiwDj.url", "hxxp://styleuniit.com/sync2/?q=hfZ9ofV9CShEAen0rjkHpihTB6lKDzt4olljtNtVh7n0rjkErTwGrTr9rdrEtMFHhd9FqjaGrjsGrHn6rTaMDMlGojUMAe4Uoj
    user_pref("extensions.IeCOtYqvqczmEKaF.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
    user_pref("extensions.VJLYs3EJBSMhreWM.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
    user_pref("extensions.x1xZBGJcsv87G6Cp.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
    user_pref("extensions.yJWECB9gPE4XqgzJ.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
    Emptied folder: C:\Users\Marie\AppData\Roaming\mozilla\firefox\profiles\a00sgbe4.default-1396488589006\minidumps [13 files]
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 03/07/2015 at 19:05:53.29
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  16. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
    Ran by Marie (administrator) on ADMIN-PC on 07-03-2015 19:26:00
    Running from C:\Users\Marie\Desktop
    Loaded Profiles: RA Media Server & Marie (Available profiles: RA Media Server & Marie & Gilbert & John & Lancee & Mcx1)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    (Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
    () C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
    (SingleClick Systems) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
    (Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
    () C:\Program Files\ShrewSoft\VPN Client\iked.exe
    () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
    (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Microsoft Corporation) C:\Windows\System32\wpcumi.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
    () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Dropbox, Inc.) C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    (Microsoft Corporation) C:\Windows\ehome\ehsched.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6975520 2009-02-24] (Realtek Semiconductor)
    HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
    HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
    HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
    HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2012-12-20] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [3634024 2009-10-01] (AOL LLC)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [GizmoDriveDelegate] => RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {01191ed9-0ab2-11e1-9ec3-001e4ce6a070} - M:\TL-Bootstrap.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {1efcc887-cadc-11e0-ae91-001e4ce6a070} - L:\TL_Bootstrap.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {672e82eb-8e03-11e0-9279-f2ded128ae64} - G:\TL-Bootstrap.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {77bf3be5-4b57-11e2-a3fa-001e4ce6a070} - L:\MotoCastSetup.exe -a
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {8c727fea-674b-11e0-9b57-001e4ce6a070} - K:\TL_Bootstrap.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {c16adad5-3b30-11de-af16-806e6f6e6963} - E:\RunGame.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {c16adad6-3b30-11de-af16-806e6f6e6963} - F:\Autorun.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {d776dd1a-b0ef-11e1-8676-001e4ce6a070} - G:\TL_Bootstrap.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [GizmoDriveDelegate] => RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\Users\Admin`\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Lancee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1004\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1003\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {1B977252-65EC-DFCB-E752-794A37822658} URL = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {B06422FF-7A69-44E1-BFE5-E991BFEC709C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL =
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {f629d4d6-d9d2-4d72-b61c-34223be78085} URL = http://slirsredirect.search.aol.com...}&invocationType=tb50-ie-aim-chromesbox-en-us
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> DefaultScope {C2386BB2-AE84-4C26-8C1D-6DF90F2198A9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US636D20131020&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> {C2386BB2-AE84-4C26-8C1D-6DF90F2198A9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US636D20131020&p={searchTerms}
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
    Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
    Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
    DPF: HKLM-x32 {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-04-15] (SAP, Walldorf)
    Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-04-15] (SAP, Walldorf)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
    Filter: application/octet-stream - No CLSID Value
    Filter: application/x-complus - No CLSID Value
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
    Filter: application/x-msdownload - No CLSID Value
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68}: [NameServer] 170.65.228.4,170.65.232.77
    FireFox:
    ========
    FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
    FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-12-20] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-12-20] (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @nsroblox.roblox.com/launcher -> C:\Users\Marie\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll [2012-12-18] ( Roblox Corporation)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-06-13] (Google)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @talk.google.com/O1DPlugin -> C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-06-13] (Google)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @talk.google.com/O3DPlugin -> C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-13] ()
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-12-20] (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-11-17] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-12-20] (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Marie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-06-13] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Marie\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-13] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Marie\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-06-13] (Google)
    FF Extension: WOT - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-29]
    FF Extension: Pin It button - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\Extensions\pinterest@robertnyman.com.xpi [2014-06-20]
    FF Extension: Word Layers - C:\Program Files (x86)\Mozilla Firefox\extensions\ugnraew@jqhljqmpngx.net [2015-01-28]
    FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-28]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-16]
    FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-20]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-20]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-20]
    FF HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Firefox\Extensions: [{02A3ACBC-F3DA-11E1-8270-B8AC6F996F26}] - C:\Users\Marie\AppData\Local\{02A3ACBC-F3DA-11E1-8270-B8AC6F996F26}
    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-07]
    CHR Extension: (Google Drive) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-07]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
    CHR Extension: (YouTube) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07]
    CHR Extension: (Google Search) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07]
    CHR Extension: (SiteAdvisor) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-10-20]
    CHR Extension: (RealDownloader) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-07]
    CHR Extension: (Google Wallet) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-10-20]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-10-20]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 Apache2.2; C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-12-07] (BitRaider, LLC)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
    R2 dsl-db; C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
    R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [31856 2010-02-14] (Arainia Solutions) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127224 2013-04-23] ()
    R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-04-23] ()
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
    S2 fd8830a9; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\sayescoupon\sayescoupon.dll",serv
    S2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [X]
     
  17. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    S1 Beep; No ImagePath
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
    R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [32840 2010-02-14] (Arainia Solutions LLC)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [153600 2010-12-15] (HTC Corporation)
    R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
    S3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [146312 2009-02-13] (NCP Engineering GmbH)
    R1 omci; C:\Windows\System32\DRIVERS\omci.sys [26112 2008-08-21] (Dell Inc.)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-07] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2007-04-19] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2007-04-19] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2007-04-19] (LG Electronics Inc.)
    S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
    S3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-04-02] (Check Point Software Technologies)
    S3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2009-04-02] (Check Point Software Technologies)
    S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
    S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz132; \??\C:\Users\Marie\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
    U2 CP_OMDRV; No ImagePath
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    U2 VNASC; No ImagePath
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-03-07 19:26 - 2015-03-07 19:29 - 00042585 _____ () C:\Users\Marie\Desktop\FRST.txt
    2015-03-07 19:25 - 2015-03-07 19:27 - 00000000 ____D () C:\FRST
    2015-03-07 19:09 - 2015-03-07 19:09 - 02094592 _____ (Farbar) C:\Users\Marie\Desktop\FRST64.exe
    2015-03-07 19:05 - 2015-03-07 19:05 - 00004089 _____ () C:\Users\Marie\Desktop\JRT.txt
    2015-03-07 18:50 - 2015-03-07 18:50 - 01388333 _____ (Thisisu) C:\Users\Marie\Desktop\JRT.exe
    2015-03-07 18:50 - 2015-03-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2015-03-07 17:55 - 2015-03-07 17:55 - 02126848 _____ () C:\Users\Marie\Desktop\adwcleaner_4.111.exe
    2015-03-07 17:06 - 2015-03-07 17:06 - 00042664 _____ () C:\ComboFix.txt
    2015-03-07 16:23 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-03-07 16:23 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-03-07 16:23 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-03-07 16:23 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-03-07 16:23 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-03-07 16:23 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-03-07 16:23 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-03-07 16:23 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-03-07 11:42 - 2015-03-07 12:15 - 00000000 ____D () C:\Users\Marie\Desktop\mbar
    2015-03-07 11:41 - 2015-03-07 11:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marie\Desktop\mbar-1.09.1.1004.exe
    2015-03-07 10:58 - 2015-03-07 10:59 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-03-07 10:58 - 2015-03-07 10:59 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-03-07 10:57 - 2015-03-07 10:58 - 15568472 _____ () C:\Users\Marie\Desktop\RogueKiller.exe
    2015-03-07 10:22 - 2015-03-07 10:22 - 00030231 _____ () C:\Users\Marie\Desktop\dds.txt
    2015-03-07 10:22 - 2015-03-07 10:22 - 00016234 _____ () C:\Users\Marie\Desktop\attach.txt
    2015-03-07 10:20 - 2015-03-07 10:20 - 00688992 ____R (Swearware) C:\Users\Marie\Desktop\dds.com
    2015-03-07 10:13 - 2015-03-07 10:13 - 00012768 _____ () C:\mbam.txt
    2015-02-26 01:18 - 2015-03-07 09:59 - 00000000 ____D () C:\Program Files (x86)\Jobisjob Alerts
    2015-02-25 18:30 - 2015-02-25 18:30 - 00583921 _____ () C:\Users\Marie\Desktop\Aether Mod Installer.zip
    2015-02-25 18:29 - 2015-02-25 18:29 - 01169408 _____ () C:\Users\Marie\Desktop\Aether Mod Installer.exe
    2015-02-20 03:17 - 2015-03-07 09:59 - 00000000 ____D () C:\Program Files (x86)\SiteLauncher
    2015-02-20 02:58 - 2015-03-07 09:59 - 00000000 ____D () C:\Program Files (x86)\Omnifinder
    2015-02-18 20:04 - 2015-02-18 20:04 - 00001061 _____ () C:\Users\Marie\Desktop\mbam.txt
    2015-02-18 20:00 - 2015-02-18 20:01 - 00000000 ____D () C:\Users\Marie\Desktop\Corolla
    2015-02-18 11:05 - 2015-02-18 11:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Marie\Desktop\mbam-setup-2.0.4.1028.exe
    2015-02-18 10:47 - 2015-03-05 17:09 - 00000020 _____ () C:\Users\Marie\AppData\Roaming\appdataFr3.bin
    2015-02-13 03:33 - 2015-02-13 03:32 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-02-13 03:33 - 2015-02-13 03:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-02-13 03:33 - 2015-02-13 03:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-02-13 03:33 - 2015-02-13 03:32 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2015-02-13 03:32 - 2015-02-13 03:32 - 00000000 ____D () C:\Program Files\Java
    2015-02-13 03:30 - 2015-02-13 03:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-02-13 03:30 - 2015-02-13 03:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-02-13 03:30 - 2015-02-13 03:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2015-02-13 03:30 - 2015-02-13 03:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2015-02-13 03:28 - 2015-02-13 03:28 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-02-12 16:40 - 2015-02-12 16:40 - 00000000 ____D () C:\Program Files (x86)\Facebook Image Zoom and Downloader
    2015-02-12 16:38 - 2015-02-18 20:04 - 00000000 ____D () C:\ProgramData\{c4b73411-ea95-7132-c4b7-73411ea9d047}
    2015-02-12 14:45 - 2015-02-12 17:19 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\.evanMCLauncher
    2015-02-12 04:07 - 2015-01-22 21:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-12 04:07 - 2015-01-22 20:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-12 04:07 - 2015-01-22 20:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-12 04:07 - 2015-01-22 19:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-02-12 03:29 - 2015-01-08 17:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-12 03:29 - 2014-12-07 18:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-12 03:29 - 2014-12-07 18:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-12 03:29 - 2014-11-25 19:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-12 03:29 - 2014-11-25 18:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-12 03:18 - 2015-01-12 18:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-12 03:18 - 2015-01-12 18:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-12 03:13 - 2015-02-12 03:14 - 01373310 _____ () C:\Windows\dd_vstor40_x64MSI0966.txt
    2015-02-12 03:13 - 2015-02-12 03:14 - 00020366 _____ () C:\Windows\dd_vstor40_x64UI0966.txt
    2015-02-12 03:13 - 2015-01-14 23:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-12 03:13 - 2015-01-14 21:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 04:16 - 2015-01-13 19:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 04:16 - 2015-01-13 18:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-11 04:16 - 2015-01-13 18:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-11 04:15 - 2015-01-13 20:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 04:15 - 2015-01-13 19:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 04:15 - 2015-01-13 19:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-02-11 04:15 - 2015-01-13 19:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 04:15 - 2015-01-13 19:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 04:15 - 2015-01-13 19:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 04:15 - 2015-01-13 19:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 04:15 - 2015-01-13 19:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-02-11 04:15 - 2015-01-13 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 04:15 - 2015-01-13 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 04:15 - 2015-01-13 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 04:15 - 2015-01-13 19:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 04:15 - 2015-01-13 19:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 04:15 - 2015-01-13 19:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 04:15 - 2015-01-13 19:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 04:15 - 2015-01-13 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 04:15 - 2015-01-13 19:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-02-11 04:15 - 2015-01-13 19:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-02-11 04:15 - 2015-01-13 19:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-02-11 04:15 - 2015-01-13 18:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-11 04:15 - 2015-01-13 18:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-02-11 04:15 - 2015-01-13 18:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-11 04:15 - 2015-01-13 18:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-11 04:15 - 2015-01-13 18:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-11 04:15 - 2015-01-13 18:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-11 04:15 - 2015-01-13 18:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-11 04:15 - 2015-01-13 18:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-11 04:15 - 2015-01-13 18:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-11 04:15 - 2015-01-13 18:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-02-11 04:15 - 2015-01-13 18:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-11 04:15 - 2015-01-13 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-11 04:15 - 2015-01-13 18:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-11 04:15 - 2015-01-13 18:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-11 04:15 - 2015-01-13 18:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-11 04:15 - 2015-01-13 18:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-02-11 04:15 - 2015-01-13 18:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-02-11 04:15 - 2015-01-13 18:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-02-05 06:16 - 2015-03-07 19:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0.job
    2015-02-05 06:16 - 2015-02-05 06:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-03-07 19:27 - 2009-05-19 20:06 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3D20B27D-5952-4385-9DD3-9C5235C92FFE}.job
    2015-03-07 19:21 - 2014-11-14 01:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2.job
    2015-03-07 19:16 - 2014-05-08 00:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a8bbdc58d56.job
    2015-03-07 19:05 - 2009-05-07 11:02 - 01365469 _____ () C:\Windows\WindowsUpdate.log
    2015-03-07 18:58 - 2012-04-11 07:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-07 18:50 - 2013-10-20 13:48 - 00001753 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
    2015-03-07 18:48 - 2011-04-21 15:29 - 00000000 ___RD () C:\Users\Marie\Dropbox
    2015-03-07 18:48 - 2011-04-21 15:10 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\Dropbox
    2015-03-07 18:46 - 2014-06-13 03:22 - 00036680 _____ () C:\Windows\SecuniaPackage.log
    2015-03-07 18:46 - 2014-05-27 18:41 - 00000863 _____ () C:\Users\Public\Desktop\VLC media player.lnk
    2015-03-07 18:46 - 2006-11-02 08:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2015-03-07 18:42 - 2014-12-18 21:48 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002
    2015-03-07 18:42 - 2014-12-18 21:48 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002
    2015-03-07 18:42 - 2009-05-16 20:41 - 00000000 ____D () C:\ProgramData\TEMP
    2015-03-07 18:41 - 2014-06-21 09:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500.job
    2015-03-07 18:40 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-07 18:17 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-07 18:17 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-07 18:12 - 2013-04-27 21:39 - 00756144 _____ () C:\Windows\PFRO.log
    2015-03-07 18:08 - 2009-05-07 11:02 - 00002140 _____ () C:\Windows\bthservsdp.dat
    2015-03-07 18:08 - 2006-11-02 08:42 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-03-07 18:04 - 2014-05-25 19:37 - 00000000 ____D () C:\AdwCleaner
    2015-03-07 17:06 - 2014-05-25 19:01 - 00000000 ____D () C:\Qoobox
    2015-03-07 17:06 - 2014-01-18 19:15 - 00000000 ____D () C:\Users\Marie\AppData\Local\Apps\2.0
    2015-03-07 17:02 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
    2015-03-07 15:09 - 2011-06-03 11:32 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E20016A9-FAB2-47E1-AB21-0D7A8DF34D7A}
    2015-03-07 14:40 - 2009-05-16 20:42 - 00000000 ____D () C:\Users\RA Media Server
    2015-03-07 12:15 - 2013-06-21 17:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-03-07 11:42 - 2014-05-14 19:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-07 11:42 - 2014-05-14 19:32 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-07 10:03 - 2013-10-20 13:47 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2015-03-03 17:34 - 2014-03-11 13:43 - 00000000 ____D () C:\Users\Marie\AppData\Local\CrashDumps
    2015-03-02 15:26 - 2010-02-13 20:41 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2015-03-02 14:39 - 2012-02-13 22:03 - 00000000 ____D () C:\Users\Marie\Documents\Rentals
    2015-02-21 20:34 - 2015-01-22 17:58 - 00000070 _____ () C:\Users\Marie\.atl.properties
    2015-02-20 12:58 - 2014-09-22 19:46 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002
    2015-02-20 12:58 - 2014-09-22 19:46 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002
    2015-02-19 23:22 - 2015-01-19 15:52 - 00000844 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-02-19 18:13 - 2013-10-12 00:18 - 00000000 ____D () C:\Users\Marie\Desktop\Minecraft
    2015-02-18 20:05 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\tracing
    2015-02-18 20:04 - 2014-03-21 00:26 - 00000000 ____D () C:\Users\RA Media Server\AppData\Local\CrashDumps
    2015-02-18 20:04 - 2013-11-27 19:32 - 00000000 ____D () C:\Program Files\CamStudio 2.7
    2015-02-18 11:07 - 2014-05-14 19:33 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-18 11:07 - 2014-05-14 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-17 15:53 - 2009-05-26 09:36 - 00000000 ____D () C:\Users\Marie\Documents\Quicken
    2015-02-15 22:51 - 2013-09-04 17:35 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\.aether
    2015-02-15 12:41 - 2006-11-02 05:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-15 12:38 - 2013-05-09 17:51 - 00037113 _____ () C:\Windows\setupact.log
    2015-02-13 13:01 - 2012-09-27 08:02 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-02-12 21:40 - 2011-10-01 20:41 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\.minecraft
    2015-02-12 21:30 - 2013-09-02 09:16 - 00000000 ____D () C:\Minecraft_Backup
    2015-02-12 16:58 - 2013-09-14 22:19 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\.technic
    2015-02-12 03:49 - 2006-11-02 08:21 - 00482280 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-12 03:48 - 2014-04-02 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-12 03:29 - 2009-06-01 16:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-12 03:29 - 2006-11-02 05:34 - 00000262 _____ () C:\Windows\win.ini
    2015-02-12 03:13 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-12 03:02 - 2006-11-02 05:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-02-05 07:58 - 2012-04-11 07:02 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-05 06:58 - 2012-04-11 07:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 06:58 - 2011-06-08 09:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 06:16 - 2014-11-14 01:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2
    2015-02-05 06:16 - 2014-06-21 09:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500
    ==================== Files in the root of some directories =======
    2011-08-22 21:00 - 2011-08-22 21:00 - 0000272 _____ () C:\Users\Marie\AppData\Roaming\.backup.dm
    2015-02-18 10:47 - 2015-03-05 17:09 - 0000020 _____ () C:\Users\Marie\AppData\Roaming\appdataFr3.bin
    2013-11-27 19:44 - 2013-11-27 19:44 - 0000125 _____ () C:\Users\Marie\AppData\Roaming\Camdata.ini
    2013-11-27 19:44 - 2013-11-27 19:44 - 0000408 _____ () C:\Users\Marie\AppData\Roaming\CamLayout.ini
    2013-11-27 19:44 - 2013-11-27 19:44 - 0000408 _____ () C:\Users\Marie\AppData\Roaming\CamShapes.ini
    2013-11-27 19:44 - 2013-11-27 19:44 - 0004536 _____ () C:\Users\Marie\AppData\Roaming\CamStudio.cfg
    2009-08-09 19:16 - 2012-12-31 14:48 - 0007859 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.cat
    2009-08-09 19:16 - 2012-12-31 14:48 - 0001167 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.inf
    2009-08-09 19:16 - 2012-12-31 14:48 - 0000033 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.log
    2009-08-09 19:16 - 2012-12-31 14:48 - 0082816 _____ (VSO Software) C:\Users\Marie\AppData\Roaming\pcouffin.sys
    2010-01-26 22:32 - 2010-01-26 22:32 - 0017043 _____ () C:\Users\Marie\AppData\Roaming\UserTile.png
    2013-11-27 19:33 - 2013-11-27 19:33 - 0000096 _____ () C:\Users\Marie\AppData\Roaming\version2.xml
    2013-12-22 08:13 - 2014-03-30 00:33 - 0000154 _____ () C:\Users\Marie\AppData\Roaming\WB.CFG
    2009-06-01 16:04 - 2014-05-15 17:40 - 0009322 _____ () C:\Users\Marie\AppData\Roaming\wklnhst.dat
    2013-11-17 10:52 - 2014-07-18 23:08 - 0001460 _____ () C:\Users\Marie\AppData\Local\d3d9caps64.dat
    2013-07-14 15:14 - 2015-01-18 10:40 - 0018944 _____ () C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-10-18 17:44 - 2013-10-18 17:44 - 0156520 _____ () C:\Users\Marie\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
    2013-10-18 17:44 - 2013-10-18 17:44 - 0000002 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35error.txt
    2013-10-18 17:44 - 2013-10-18 17:45 - 0465968 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35install.txt
    2013-10-18 17:45 - 2013-10-18 17:45 - 2823280 _____ () C:\Users\Marie\AppData\Local\dd_NET_Framework35_x64_MSI0834.txt
    2013-07-07 21:22 - 2013-07-07 21:22 - 0392148 _____ () C:\Users\Marie\AppData\Local\dd_vcredistMSI3EDC.txt
    2013-07-07 21:22 - 2013-07-07 21:22 - 0013534 _____ () C:\Users\Marie\AppData\Local\dd_vcredistUI3EDC.txt
    2013-03-09 18:52 - 2013-10-18 17:45 - 0029644 _____ () C:\Users\Marie\AppData\Local\uxeventlog.txt
    2012-12-31 14:14 - 2012-12-31 14:14 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-11-25 18:56 - 2010-11-25 18:56 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    Files to move or delete:
    ====================
    C:\Users\Marie\jagex_runescape_preferences.dat
    C:\Users\Marie\jagex_runescape_preferences2.dat
    C:\Users\Public\WLC_011296735611.dat

    Some content of TEMP:
    ====================
    C:\Users\Marie\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmperbae7.dll
    C:\Users\Marie\AppData\Local\temp\Quarantine.exe
    C:\Users\Marie\AppData\Local\temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-03-07 18:52
    ==================== End Of Log ============================
     
  18. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
    Ran by Marie at 2015-03-07 19:29:56
    Running from C:\Users\Marie\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    64 bit Windows Card Reader Driver (HKLM-x32\...\{58192647-B4DD-45E1-9C3C-1614B4A03897}) (Version: 1.1.0.0 - TEAC)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.16.3 - Mirillis)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
    AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
    Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
    AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - )
    AOL Toolbar (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\AOL Toolbar) (Version: - )
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0917.0336 - )
    Avidemux 2.6 (HKLM-x32\...\Avidemux 2.6 (64-bit)) (Version: 2.6.1.8321 - )
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CamStudio (HKLM-x32\...\CamStudio) (Version: - )
    CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
    Canon MP Navigator 2.2 (HKLM-x32\...\MP Navigator 2.2) (Version: - )
    Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )
    ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
    Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Consumer Input Chrome Extension (remove only) (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Consumer Input Chrome Extension) (Version: 3.1.0.84 - Compete Inc.) <==== ATTENTION
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
    Dell Client Configuration Utility - Powered by Altiris (HKLM-x32\...\{5CDEC102-451E-4D1D-A091-9D93F41532F5}) (Version: 3.0.1213.0 - Altiris)
    Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
    Dell System Detect (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
    Dropbox (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Dropbox) (Version: 1.6.11 - Dropbox, Inc.)
    Dropbox (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
    EA Download Manager (HKLM-x32\...\EADM) (Version: 7.2.0.32 - Electronic Arts, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
    Facebook Image Zoom and Downloader (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
    Five Nights at Freddy's DEMO (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Five Nights at Freddy's DEMO) (Version: - )
    GCalc 3 (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\GCalc 3) (Version: - gcalc.net)
    GIMP 2.6.7 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
    GIMPshop 2.2.8 (HKLM-x32\...\GIMPshop) (Version: 2.2.8 - The GIMP team (hack by Scott Moschella))
    Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google SketchUp 8 (HKLM-x32\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}) (Version: 4.1.3.13728 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
    Hauppauge MCE XP/Vista Software Encoder (2.0.26057) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.26057 - Hauppauge Computer Works, Inc.)
    Hauppauge WinTV (HKLM-x32\...\Hauppauge WinTV) (Version: - )
    Hauppauge WinTV Soft PVR (HKLM-x32\...\Hauppauge WinTV Soft PVR) (Version: - )
    Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
    Horizon v2.7.3.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.3.0 - Daring Development Inc.)
    HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5848A26C-E4BC-4A13-AA8D-810BA344475A}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
    HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
    Intel(R) Network Connections 13.1.33.0 (HKLM\...\PROSetDX) (Version: 13.1.33.0 - Intel)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    InterVideo FilterSDK for Hauppauge (HKLM-x32\...\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}) (Version: - InterVideo Inc.)
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
    Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
    JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KeePass Password Safe 1.21 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.21 - Dominik Reichl)
    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.7 - LG Electronics)
    Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.6.0.8 - Logitech)
    Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
    Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
    Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
    Luxor 2 (remove only) (HKLM-x32\...\Luxor2) (Version: - )
    magicJack (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft ASP.NET 2.0 AJAX Extensions 1.0 (HKLM-x32\...\{082BDF7B-4810-4599-BF0D-E3AC44EC8524}) (Version: 1.0.61025 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
    Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
    Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Move Media Player (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Move Media Player) (Version: - Move Networks)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MPlayer (remove only) (HKLM-x32\...\MPlayer) (Version: - )
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.2 - Notepad++ Team)
    Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )
    Open Workbench (HKLM-x32\...\{1E9A9E08-0366-45EE-9B66-51852F8D9812}) (Version: 1.1.6 - CA)
    OpenOffice.org 3.2 (HKLM-x32\...\{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}) (Version: 3.2.9502 - OpenOffice.org)
    oPryzeLP MC360 Mod Tool (HKLM-x32\...\oPryzeLP MC360 Mod Tool) (Version: - )
    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
    Presto! PageManager 7.15.14 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
    Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.4.14 - Intuit)
    Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
    RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5783 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
    ROBLOX Player for Marie (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    ROBLOX Player for Marie (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
    Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
    SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 2 - SAP)
    ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
    Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Serif PagePlus SE 1.0 (HKLM-x32\...\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}) (Version: 1.00 - Serif)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
    Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
    Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
    SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
    Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Snagit 11 (HKLM-x32\...\{E724600B-5568-47C7-ACDF-490D366719E2}) (Version: 11.4.0 - TechSmith Corporation)
    SNC Client Encryption (HKLM-x32\...\SAP Channel Encryption) (Version: - SAP AG)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.25 - Bioware/EA)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
    The Sims Carnival SnapCity (HKLM-x32\...\{DF0B1D6F-DEC5-4831-00B7-FC2ACB464C31}) (Version: - Electronic Arts)
    The Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version: - )
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.15.34 - Electronic Arts)
    Unity Web Player (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WIDCOMM Bluetooth Software 6.0.1.4303 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4303 - Dell)
    WinDirStat 1.1.2 (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\WinDirStat) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
    WModem_Installer (HKLM-x32\...\{4AFCAB25-A7BB-4C07-9EBD-291B0FC0E69D}) (Version: 2.19.0.0 - HTC)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RA Media Server\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\RA Media Server\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevat (the data entry has 14 more characters).
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{FE0D8F60-5A07-40a1-85EC-4FFB7E0F2306}\localserver32 -> C:\Users\RA Media Server\AppData\Local\Roblox\Versions\version-037c042a4c1b49fd\RobloxApp.exe No Fil (the data entry has 1 more characters).
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Marie\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FE0D8F60-5A07-40a1-85EC-4FFB7E0F2306}\localserver32 -> C:\Users\Marie\AppData\Local\Roblox\Versions\version-037c042a4c1b49fd\RobloxApp.exe (ROBLOX Corporation)
    ==================== Restore Points =========================
    20-02-2015 00:00:01 Scheduled Checkpoint
    21-02-2015 00:00:01 Scheduled Checkpoint
    22-02-2015 00:00:03 Scheduled Checkpoint
    28-02-2015 06:51:55 Scheduled Checkpoint
    01-03-2015 00:00:01 Scheduled Checkpoint
    07-03-2015 11:21:45 After Rogue Killer, Before MBAR, 20150307 112100
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2006-11-02 05:34 - 2015-03-07 17:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
     
  19. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {13E5A490-7A17-4438-81ED-3A165EFA8BDC} - System32\Tasks\{A882F562-992F-42F7-A7FE-232AC52C78B4} => pcalua.exe -a "C:\Remote Programs\Cradle of Rome\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=554750;name=Cradle of Rome;dir=C:\Remote Programs\Cradle of Rome\;prvid=143;cmdid=1;prvdir=Default
    Task: {271E0AE3-70F5-4100-AB4F-85FC4181BC30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {29FCA22B-A48B-40A6-A3DE-A593578875B4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
    Task: {311CA17E-8B32-4464-8858-CE00765D2FAA} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2010-02-14] (Arainia Solutions)
    Task: {364769BA-4B96-423E-854A-FB9D3CA79A68} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
    Task: {37B6C963-155C-4216-8373-3FFCDC07FB17} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
    Task: {383866BB-D42A-454A-BB88-B2F23F2EB7CB} - System32\Tasks\{C967AFD9-DD7B-4567-BDF6-24FAB0298C02} => pcalua.exe -a C:\Users\Marie\Downloads\BATKUSETUP.EXE -d C:\Users\Marie\Downloads
    Task: {3A8743B6-D1D7-4A89-A9A9-293374589848} - System32\Tasks\Total Domination => chrome.exe
    Task: {69EA1084-F492-432D-ABB8-B3B3E3BA9A0D} - System32\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {729EAEC5-C513-4458-A74D-0733507878AE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
    Task: {787746BC-E92A-4616-9AD0-E7B9FF20133F} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
    Task: {864932AB-EFB9-4612-9DB8-7495C9000C2C} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {8719A7DC-B4DB-4880-867D-137694D0357E} - System32\Tasks\Total Domination t => chrome.exe
    Task: {8979E046-11EA-428A-9957-D6B6C3B66DC1} - System32\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {8D5CC6E7-3A95-4AA7-946E-C04DB98D1C6D} - System32\Tasks\{07CBC3BD-CA72-46DE-BCB2-E391316454A6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {A1619FFD-D3F7-40FA-83DD-514B145D022E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
    Task: {A76A2175-48BF-458F-933C-257634DF1254} - System32\Tasks\{E0CAEB8C-F9D7-4F55-9D29-204D8AF61223} => pcalua.exe -a C:\Users\Marie\Downloads\DCCU_3.0_A01.exe -d C:\Users\Marie\Downloads
    Task: {AD5997DE-1123-4FFD-9E9C-25BCC0F8E534} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {BBE1556A-F372-4C50-A309-D14B12E34E64} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Marie => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
    Task: {BDD1000B-4236-4D5B-AAF4-F5D3DC5384A0} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {BF9B3EB5-318D-4960-B46D-60F3CE897746} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
    Task: {C2421DD2-2D5E-4164-B668-B758336221DA} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {D0E8DDA6-AE36-451E-B16B-8794545E80CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {DA76FBD0-B8B3-4D46-8460-9A0ECFC5617C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {F732E6F6-40B4-4FFC-8746-5EAA4CFC09F6} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a8bbdc58d56 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {F75A28C2-0B9F-45D0-BF88-3D3EC60D6577} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
    Task: {FA00FEE3-35B2-4E74-9F76-28A734E3755F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {FD836EDE-E64F-4629-B47E-F5C806160648} - System32\Tasks\{9BBF7C36-045C-460E-82BE-24B692D85163} => pcalua.exe -a C:\Users\Marie\Downloads\mpnmp530win222ea13.exe -d C:\Windows\system32
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a8bbdc58d56.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\User_Feed_Synchronization-{3D20B27D-5952-4385-9DD3-9C5235C92FFE}.job => C:\Windows\system32\msfeedssync.exe
    ==================== Loaded Modules (whitelisted) ==============
    2009-05-07 18:26 - 2008-10-17 03:24 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
    2007-09-14 11:35 - 2007-09-14 11:35 - 05730304 _____ () C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
    2013-04-23 18:55 - 2013-04-23 18:55 - 01127224 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
    2013-04-15 20:06 - 2013-04-15 20:06 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
    2013-04-15 20:06 - 2013-04-15 20:06 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
    2013-04-15 20:06 - 2013-04-15 20:06 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
    2013-04-15 20:06 - 2013-04-15 20:06 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
    2013-04-23 16:40 - 2013-04-23 16:40 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
    2013-04-15 20:07 - 2013-04-15 20:07 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
    2013-04-15 20:07 - 2013-04-15 20:07 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
    2013-04-23 16:40 - 2013-04-23 16:40 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
    2013-04-15 20:06 - 2013-04-15 20:06 - 00639488 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
    2013-04-23 18:55 - 2013-04-23 18:55 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
    2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2010-09-20 18:23 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    2008-07-15 16:46 - 2008-07-15 16:46 - 00476160 _____ () C:\Windows\system32\btwhidcs.DLL
    2008-07-15 16:57 - 2008-07-15 16:57 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
    2014-10-15 03:46 - 2014-10-15 03:46 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\fb06a0d5c2df42cca4a5c8ef48ff1ca7\VistaBridgeLibrary.ni.dll
    2010-09-20 18:23 - 2006-09-19 16:05 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    2009-05-07 16:19 - 2009-05-07 16:19 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    2008-09-10 08:46 - 2008-09-10 08:46 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2013-09-25 12:32 - 2013-09-25 12:32 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
    2008-05-19 14:47 - 2008-05-19 14:47 - 00450560 _____ () C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll
    2007-09-21 11:32 - 2007-09-21 11:32 - 02035712 _____ () C:\Program Files (x86)\Common Files\Dell\apache\LIBMYSQL.dll
    2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2007-09-24 05:27 - 2007-09-24 05:27 - 02035712 _____ () C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\LIBMYSQL.dll
    2015-02-10 14:00 - 2015-02-10 14:00 - 00750080 _____ () C:\Users\Marie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-03-07 18:46 - 2015-03-07 18:46 - 00043008 _____ () c:\users\marie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmperbae7.dll
    2015-02-10 14:00 - 2015-02-10 14:00 - 00047616 _____ () C:\Users\Marie\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-02-10 14:00 - 2015-02-10 14:00 - 00865280 _____ () C:\Users\Marie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-02-10 14:00 - 2015-02-10 14:00 - 00200704 _____ () C:\Users\Marie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    ==================== EXE Association (whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img35.jpg
    DNS Servers: 192.168.1.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gizmo.lnk => C:\Windows\pss\Gizmo.lnk.CommonStartup
    MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
    MSCONFIG\startupreg: GizmoDriveDelegate => RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
    MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
    MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    ==================== Accounts: =============================
    Administrator (S-1-5-21-2355649138-3362126530-1860452381-500 - Administrator - Disabled)
    Gilbert (S-1-5-21-2355649138-3362126530-1860452381-1003 - Limited - Enabled) => C:\Users\Gilbert
    Guest (S-1-5-21-2355649138-3362126530-1860452381-501 - Limited - Enabled)
    John (S-1-5-21-2355649138-3362126530-1860452381-1004 - Limited - Enabled) => C:\Users\John
    Lancee (S-1-5-21-2355649138-3362126530-1860452381-1005 - Limited - Enabled) => C:\Users\Lancee
    Marie (S-1-5-21-2355649138-3362126530-1860452381-1002 - Administrator - Enabled) => C:\Users\Marie
    Mcx1 (S-1-5-21-2355649138-3362126530-1860452381-1009 - Administrator - Enabled) => C:\Users\Mcx1
    RA Media Server (S-1-5-21-2355649138-3362126530-1860452381-1001 - Administrator - Enabled) => C:\Users\RA Media Server
    ==================== Faulty Device Manager Devices =============
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Tun Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunmp
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: Shrew Soft Virtual Adapter
    Description: Shrew Soft Virtual Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Shrew Soft
    Service: vnet
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-07 19:29:38.236
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-03-07 19:29:37.921
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-03-07 19:29:37.694
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-03-07 19:29:37.423
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-03-07 18:40:32.223
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vnaap.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-03-07 18:40:31.989
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vnaap.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-03-07 17:00:06.194
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-03-07 17:00:05.967
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-03-07 17:00:05.748
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-03-07 17:00:05.525
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
    Percentage of memory in use: 45%
    Total physical RAM: 6134.26 MB
    Available physical RAM: 3318.97 MB
    Total Pagefile: 12381.98 MB
    Available Pagefile: 9300.71 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:450.69 GB) (Free:4.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:6.94 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: EFAA31F4)
    Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Uninstall:

    Consumer Input Chrome Extension
    Facebook Image Zoom and Downloader


    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  21. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
    Ran by Marie at 2015-03-08 09:07:47 Run:1
    Running from C:\Users\Marie\Desktop
    Loaded Profiles: RA Media Server & Marie (Available profiles: RA Media Server & Marie & Gilbert & John & Lancee & Mcx1)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {01191ed9-0ab2-11e1-9ec3-001e4ce6a070} - M:\TL-Bootstrap.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {1efcc887-cadc-11e0-ae91-001e4ce6a070} - L:\TL_Bootstrap.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {672e82eb-8e03-11e0-9279-f2ded128ae64} - G:\TL-Bootstrap.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {77bf3be5-4b57-11e2-a3fa-001e4ce6a070} - L:\MotoCastSetup.exe -a
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {8c727fea-674b-11e0-9b57-001e4ce6a070} - K:\TL_Bootstrap.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {c16adad5-3b30-11de-af16-806e6f6e6963} - E:\RunGame.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {c16adad6-3b30-11de-af16-806e6f6e6963} - F:\Autorun.exe
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {d776dd1a-b0ef-11e1-8676-001e4ce6a070} - G:\TL_Bootstrap.exe
    GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1004\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1003\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
    Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    Filter: application/octet-stream - No CLSID Value
    Filter: application/x-complus - No CLSID Value
    Filter: application/x-msdownload - No CLSID Value
    S2 fd8830a9; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\sayescoupon\sayescoupon.dll",serv
    S2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [X]
    c:\Program Files (x86)\sayescoupon
    S1 Beep; No ImagePath
    S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
    S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz132; \??\C:\Users\Marie\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
    U2 CP_OMDRV; No ImagePath
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    U2 VNASC; No ImagePath
    2011-08-22 21:00 - 2011-08-22 21:00 - 0000272 _____ () C:\Users\Marie\AppData\Roaming\.backup.dm
    2015-02-18 10:47 - 2015-03-05 17:09 - 0000020 _____ () C:\Users\Marie\AppData\Roaming\appdataFr3.bin
    2013-11-27 19:44 - 2013-11-27 19:44 - 0000125 _____ () C:\Users\Marie\AppData\Roaming\Camdata.ini
    2013-11-27 19:44 - 2013-11-27 19:44 - 0000408 _____ () C:\Users\Marie\AppData\Roaming\CamLayout.ini
    2013-11-27 19:44 - 2013-11-27 19:44 - 0000408 _____ () C:\Users\Marie\AppData\Roaming\CamShapes.ini
    2013-11-27 19:44 - 2013-11-27 19:44 - 0004536 _____ () C:\Users\Marie\AppData\Roaming\CamStudio.cfg
    2009-08-09 19:16 - 2012-12-31 14:48 - 0007859 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.cat
    2009-08-09 19:16 - 2012-12-31 14:48 - 0001167 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.inf
    2009-08-09 19:16 - 2012-12-31 14:48 - 0000033 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.log
    2009-08-09 19:16 - 2012-12-31 14:48 - 0082816 _____ (VSO Software) C:\Users\Marie\AppData\Roaming\pcouffin.sys
    2010-01-26 22:32 - 2010-01-26 22:32 - 0017043 _____ () C:\Users\Marie\AppData\Roaming\UserTile.png
    2013-11-27 19:33 - 2013-11-27 19:33 - 0000096 _____ () C:\Users\Marie\AppData\Roaming\version2.xml
    2013-12-22 08:13 - 2014-03-30 00:33 - 0000154 _____ () C:\Users\Marie\AppData\Roaming\WB.CFG
    2009-06-01 16:04 - 2014-05-15 17:40 - 0009322 _____ () C:\Users\Marie\AppData\Roaming\wklnhst.dat
    2013-11-17 10:52 - 2014-07-18 23:08 - 0001460 _____ () C:\Users\Marie\AppData\Local\d3d9caps64.dat
    2013-07-14 15:14 - 2015-01-18 10:40 - 0018944 _____ () C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-10-18 17:44 - 2013-10-18 17:44 - 0156520 _____ () C:\Users\Marie\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
    2013-10-18 17:44 - 2013-10-18 17:44 - 0000002 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35error.txt
    2013-10-18 17:44 - 2013-10-18 17:45 - 0465968 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35install.txt
    2013-10-18 17:45 - 2013-10-18 17:45 - 2823280 _____ () C:\Users\Marie\AppData\Local\dd_NET_Framework35_x64_MSI0834.txt
    2013-07-07 21:22 - 2013-07-07 21:22 - 0392148 _____ () C:\Users\Marie\AppData\Local\dd_vcredistMSI3EDC.txt
    2013-07-07 21:22 - 2013-07-07 21:22 - 0013534 _____ () C:\Users\Marie\AppData\Local\dd_vcredistUI3EDC.txt
    2013-03-09 18:52 - 2013-10-18 17:45 - 0029644 _____ () C:\Users\Marie\AppData\Local\uxeventlog.txt
    2012-12-31 14:14 - 2012-12-31 14:14 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-11-25 18:56 - 2010-11-25 18:56 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    C:\Users\Marie\jagex_runescape_preferences.dat
    C:\Users\Marie\jagex_runescape_preferences2.dat
    C:\Users\Public\WLC_011296735611.dat
    C:\Users\Marie\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmperbae7.dll
    C:\Users\Marie\AppData\Local\temp\Quarantine.exe
    C:\Users\Marie\AppData\Local\temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RA Media Server\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
    Task: {364769BA-4B96-423E-854A-FB9D3CA79A68} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
    Task: {C2421DD2-2D5E-4164-B668-B758336221DA} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

    *****************
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01191ed9-0ab2-11e1-9ec3-001e4ce6a070}" => Key deleted successfully.
    HKCR\CLSID\{01191ed9-0ab2-11e1-9ec3-001e4ce6a070} => Key not found.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1efcc887-cadc-11e0-ae91-001e4ce6a070}" => Key deleted successfully.
    HKCR\CLSID\{1efcc887-cadc-11e0-ae91-001e4ce6a070} => Key not found.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672e82eb-8e03-11e0-9279-f2ded128ae64}" => Key deleted successfully.
    HKCR\CLSID\{672e82eb-8e03-11e0-9279-f2ded128ae64} => Key not found.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77bf3be5-4b57-11e2-a3fa-001e4ce6a070}" => Key deleted successfully.
    HKCR\CLSID\{77bf3be5-4b57-11e2-a3fa-001e4ce6a070} => Key not found.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c727fea-674b-11e0-9b57-001e4ce6a070}" => Key deleted successfully.
    HKCR\CLSID\{8c727fea-674b-11e0-9b57-001e4ce6a070} => Key not found.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c16adad5-3b30-11de-af16-806e6f6e6963}" => Key deleted successfully.
    HKCR\CLSID\{c16adad5-3b30-11de-af16-806e6f6e6963} => Key not found.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c16adad6-3b30-11de-af16-806e6f6e6963}" => Key deleted successfully.
    HKCR\CLSID\{c16adad6-3b30-11de-af16-806e6f6e6963} => Key not found.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d776dd1a-b0ef-11e1-8676-001e4ce6a070}" => Key deleted successfully.
    HKCR\CLSID\{d776dd1a-b0ef-11e1-8676-001e4ce6a070} => Key not found.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1005\User => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1004\User => Moved successfully.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1003\User => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => Key deleted successfully.
    HKCR\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} => Key not found.
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} => value deleted successfully.
    HKCR\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326} => Key not found.
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} => value deleted successfully.
    HKCR\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326} => Key not found.
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
    HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
    HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
    HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Key not found.
    HKCR\PROTOCOLS\Filter\Filter: application/octet-stream - No CLSID Value => Key not found.
    HKCR\PROTOCOLS\Filter\Filter: application/x-complus - No CLSID Value => Key not found.
    HKCR\PROTOCOLS\Filter\Filter: application/x-msdownload - No CLSID Value => Key not found.
    fd8830a9 => Service deleted successfully.
    TracSrvWrapper => Service deleted successfully.
    "c:\Program Files (x86)\sayescoupon" => File/Directory not found.
    Beep => Service deleted successfully.
    AVGIDSHA => Service deleted successfully.
    BRDriver64 => Service deleted successfully.
    catchme => Service deleted successfully.
    cpuz132 => Service deleted successfully.
    CP_OMDRV => Service deleted successfully.
    IpInIp => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    VNASC => Service deleted successfully.
    C:\Users\Marie\AppData\Roaming\.backup.dm => Moved successfully.
    C:\Users\Marie\AppData\Roaming\appdataFr3.bin => Moved successfully.
    C:\Users\Marie\AppData\Roaming\Camdata.ini => Moved successfully.
    C:\Users\Marie\AppData\Roaming\CamLayout.ini => Moved successfully.
    C:\Users\Marie\AppData\Roaming\CamShapes.ini => Moved successfully.
    C:\Users\Marie\AppData\Roaming\CamStudio.cfg => Moved successfully.
    C:\Users\Marie\AppData\Roaming\pcouffin.cat => Moved successfully.
    C:\Users\Marie\AppData\Roaming\pcouffin.inf => Moved successfully.
    C:\Users\Marie\AppData\Roaming\pcouffin.log => Moved successfully.
    C:\Users\Marie\AppData\Roaming\pcouffin.sys => Moved successfully.
    C:\Users\Marie\AppData\Roaming\UserTile.png => Moved successfully.
    C:\Users\Marie\AppData\Roaming\version2.xml => Moved successfully.
    C:\Users\Marie\AppData\Roaming\WB.CFG => Moved successfully.
    C:\Users\Marie\AppData\Roaming\wklnhst.dat => Moved successfully.
    C:\Users\Marie\AppData\Local\d3d9caps64.dat => Moved successfully.
    C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
    C:\Users\Marie\AppData\Local\dd_depcheck_NETFX_EXP_35.txt => Moved successfully.
    C:\Users\Marie\AppData\Local\dd_dotnetfx35error.txt => Moved successfully.
    C:\Users\Marie\AppData\Local\dd_dotnetfx35install.txt => Moved successfully.
    C:\Users\Marie\AppData\Local\dd_NET_Framework35_x64_MSI0834.txt => Moved successfully.
    C:\Users\Marie\AppData\Local\dd_vcredistMSI3EDC.txt => Moved successfully.
    C:\Users\Marie\AppData\Local\dd_vcredistUI3EDC.txt => Moved successfully.
    C:\Users\Marie\AppData\Local\uxeventlog.txt => Moved successfully.
    C:\ProgramData\Ament.ini => Moved successfully.
    C:\ProgramData\ezsidmv.dat => Moved successfully.
    C:\Users\Marie\jagex_runescape_preferences.dat => Moved successfully.
    C:\Users\Marie\jagex_runescape_preferences2.dat => Moved successfully.
    C:\Users\Public\WLC_011296735611.dat => Moved successfully.
    C:\Users\Marie\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmperbae7.dll => Moved successfully.
    C:\Users\Marie\AppData\Local\temp\Quarantine.exe => Moved successfully.
    C:\Users\Marie\AppData\Local\temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
    "HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{364769BA-4B96-423E-854A-FB9D3CA79A68}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{364769BA-4B96-423E-854A-FB9D3CA79A68}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2421DD2-2D5E-4164-B668-B758336221DA}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2421DD2-2D5E-4164-B668-B758336221DA}" => Key deleted successfully.
    C:\Windows\System32\Tasks\0 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
    C:\ProgramData\TEMP => ":5D432CE3" ADS removed successfully.

    The system needed a reboot.
    ==== End of Fixlog 09:07:48 ====
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  23. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    Results of screen317's Security Check version 0.99.97
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 9
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    McAfee SiteAdvisor
    Secunia PSI (3.0.0.9016)
    JavaFX 2.0.3
    Java 7 Update 75
    Java version 32-bit out of Date!
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Adobe Reader 9
    Adobe Reader XI
    Mozilla Firefox 35.0.1 Firefox out of Date!
    Google Chrome (40.0.2214.111)
    Google Chrome (40.0.2214.115)
    Google Chrome (GoogleUpdate.dll..)
    Google Chrome (plugins...)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1 %
    ````````````````````End of Log``````````````````````
     
  24. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    Farbar Service Scanner Version: 17-01-2015
    Ran by Marie (administrator) on 08-03-2015 at 13:38:28
    Running from "C:\Users\Marie\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Policy:
    ========================

    Security Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed

    **** End of log ****
     
  25. Marie Olgin

    Marie Olgin TS Enthusiast Topic Starter Posts: 135

    Sophos: 0 Threats Found
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...