Inactive-A Can't remove ADWcleaner findings

changed · Apr 4, 2015

Hi. Adwcleaner found some stuff won't go away. I've also run the following programs/scans to try to clean up and find anything else: CCleaner, Malwarebytes, SuperAntiSpyware, TDSSkiller, Roguekiller, JRT, Hitman Pro, and Emsisoft Anti-malware. Any help would be greatly appreciated. Thanks

Adwcleaner Log:
# AdwCleaner v4.200 - Logfile created 04/04/2015 at 03:35:30
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Machine - MACHINE-PC
# Running from : C:\Users\Machine\Desktop\adwcleaner_4.200.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v41.0.2272.118

[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?client=&qt={searchTerms}&search=%EF%80%A1&charset=utf-8

*************************

AdwCleaner[R0].txt - [913 bytes] - [04/02/2015 07:07:22]
AdwCleaner[R10].txt - [2293 bytes] - [04/04/2015 02:16:33]
AdwCleaner[R11].txt - [2353 bytes] - [04/04/2015 02:27:57]
AdwCleaner[R12].txt - [2413 bytes] - [04/04/2015 02:32:46]
AdwCleaner[R13].txt - [2473 bytes] - [04/04/2015 02:39:02]
AdwCleaner[R14].txt - [1882 bytes] - [04/04/2015 02:49:40]
AdwCleaner[R15].txt - [1942 bytes] - [04/04/2015 03:30:57]
AdwCleaner[R16].txt - [1690 bytes] - [04/04/2015 03:35:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R16].txt - [2573 bytes] ##########

FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Machine (administrator) on MACHINE-PC on 04-04-2015 05:14:20
Running from C:\Users\Machine\Desktop
Loaded Profiles: Machine (Available profiles: Machine & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Realtek) C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtWLan.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-04] (SUPERAntiSpyware)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{497e964d-907c-11e3-88ee-806e6f6e6963}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-12-27] (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-05] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-04]
CHR Extension: (Awesome Screenshot App) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkccfnochoebimhhniekgcegeeiepmi [2015-04-04]
CHR Extension: (File Converter) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2015-04-04]
CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-04]
CHR Extension: (Google Docs) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-04]
CHR Extension: (Google Drive) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-04]
CHR Extension: (WOT) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-04]
CHR Extension: (Stop Extensions from Injecting ads) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjdaconoeojhhkdjndlelgklkmalleon [2015-04-04]
CHR Extension: (YouTube) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-04]
CHR Extension: (Adblock Plus) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-04]
CHR Extension: (TrafficLight) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-04-04]
CHR Extension: (Google Search) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-04]
CHR Extension: (Dark Vibe) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2015-04-04]
CHR Extension: (VTchromizer) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2015-04-04]
CHR Extension: (Google Calendar) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-04-04]
CHR Extension: (Box) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-04]
CHR Extension: (Google Sheets) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-04]
CHR Extension: (Hacker Vision) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2015-04-04]
CHR Extension: (HP Smart Print) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2015-04-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-04]
CHR Extension: (Dropbox) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Black and Red Theme for YouTube™) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgblendkekanjhdamohllnfpcdbgmbj [2015-04-04]
CHR Extension: (Google Maps) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-04-04]
CHR Extension: (Ghostery) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-04]
CHR Extension: (Hangouts) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-04-04]
CHR Extension: (OneDrive) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-04]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-04-04]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-04-04]
CHR Extension: (Gmail) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-11-19] (SUPERAntiSpyware.com)
S3 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-04-04] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-02-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-02-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-07-30] (Creative Technology Ltd)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe [36864 2009-07-10] (Realtek) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27360 2013-07-29] (Samsung Electronics Co., Ltd.)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Machine\AppData\Local\Temp\7zS0465\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2014-02-13] (Windows (R) Codename Longhorn DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001_6f7\BHDrvx64.sys [1622744 2015-03-21] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-07-30] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [25088 2013-11-29] (Creative Technology Ltd)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-04-04] (Emsisoft GmbH)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-27] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [41304 2014-04-10] ()
S4 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150401.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150403.002\ENG64.SYS [129752 2015-03-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150403.002\EX64.SYS [2137304 2015-03-27] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [240864 2013-07-29] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2013-07-29] (Samsung Electronics Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-02-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-02-07] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-02-07] (Acronis International GmbH)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
S3 WnsDrvr; C:\Windows\SysWow64\Drivers\WnsDrvr.sys [25952 2014-04-03] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S4 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S4 catchme; \??\C:\your_name\catchme.sys [X]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X]
U2 TMAgent; No ImagePath
S3 vzandnetadb; System32\Drivers\lgvzandnetadb.sys [X]
S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]
S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]
S3 vzandnetndis; system32\DRIVERS\lgvzandnetndis64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 05:14 - 2015-04-04 05:14 - 00024849 _____ () C:\Users\Machine\Desktop\FRST.txt
2015-04-04 05:14 - 2015-04-04 05:14 - 00000000 ____D () C:\FRST
2015-04-04 05:12 - 2015-04-04 05:12 - 02095616 _____ (Farbar) C:\Users\Machine\Desktop\FRST64.exe
2015-04-04 04:53 - 2015-04-04 04:53 - 00000530 _____ () C:\Windows\PFRO.log
2015-04-04 04:53 - 2015-04-04 04:53 - 00000056 _____ () C:\Windows\setupact.log
2015-04-04 04:53 - 2015-04-04 04:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-04 04:12 - 2015-04-04 04:13 - 502835218 _____ () C:\Users\Machine\Desktop\ALL reg.reg
2015-04-04 04:10 - 2015-04-04 04:10 - 00001000 _____ () C:\Users\Machine\Desktop\tvncontrol.reg
2015-04-04 04:05 - 2015-04-04 04:05 - 00008510 _____ () C:\Users\Machine\Documents\cc_20150404_040503.reg
2015-04-04 04:05 - 2015-04-04 04:05 - 00002084 _____ () C:\Users\Machine\Documents\cc_20150404_040540.reg
2015-04-04 04:04 - 2015-04-04 05:13 - 00002072 _____ () C:\Users\Machine\Desktop\Adw16.txt
2015-04-04 04:00 - 2015-01-22 08:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Machine\Desktop\TDSSKiller.exe
2015-04-04 03:17 - 2015-04-04 03:17 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-04 03:03 - 2015-04-04 03:08 - 00000554 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bf2fbd6-a454-4dec-ab8d-669aa096419f.job
2015-04-04 03:03 - 2015-04-04 03:08 - 00000554 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30cf6489-fb57-4e0e-a228-7ff5702d02cd.job
2015-04-04 03:03 - 2015-04-04 03:05 - 00003566 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 5bf2fbd6-a454-4dec-ab8d-669aa096419f
2015-04-04 03:03 - 2015-04-04 03:04 - 00003642 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 30cf6489-fb57-4e0e-a228-7ff5702d02cd
2015-04-04 02:55 - 2015-04-04 02:54 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-04-04 02:48 - 2015-04-04 02:48 - 00000692 _____ () C:\Users\Machine\Desktop\JRT.txt
2015-04-04 02:42 - 2015-04-04 02:42 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MACHINE-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 02:32 - 2015-04-04 02:32 - 02690981 _____ (Thisisu) C:\Users\Machine\Desktop\JRT.exe
2015-04-04 01:56 - 2015-04-04 01:56 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-04 01:56 - 2015-04-04 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-04 01:55 - 2015-04-04 01:51 - 00880208 _____ (Google Inc.) C:\Users\Machine\Desktop\ChromeSetup (2).exe
2015-04-04 01:34 - 2015-04-04 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
2015-04-04 01:34 - 2015-04-04 01:34 - 00000000 ____D () C:\Program Files\File Shredder
2015-04-04 01:23 - 2015-04-04 01:24 - 00001830 _____ () C:\blitzblank.log
2015-04-04 01:17 - 2015-04-04 01:17 - 01153912 _____ (Emsi Software GmbH) C:\Users\Machine\Desktop\BlitzBlank.exe
2015-04-04 00:31 - 2015-04-04 00:31 - 00011368 _____ () C:\Users\Machine\Documents\cc_20150404_003139.reg
2015-04-04 00:24 - 2015-04-04 00:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-04 00:24 - 2015-04-04 00:24 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-04 00:24 - 2015-04-04 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-04 00:14 - 2015-04-04 00:14 - 02208768 _____ () C:\Users\Machine\Desktop\adwcleaner_4.200.exe
2015-03-28 05:50 - 2015-03-28 05:50 - 00005270 _____ () C:\Users\Machine\Desktop\Rkill.txt
2015-03-28 05:07 - 2015-03-28 05:07 - 00050132 _____ () C:\Users\Machine\Desktop\1st gmer scan.log
2015-03-28 04:30 - 2015-03-28 04:30 - 00006220 _____ () C:\Users\Machine\Desktop\HitmanPro_20150328_0430.log
2015-03-27 21:41 - 2015-03-28 05:42 - 00000000 ____D () C:\Users\Machine\Desktop\mbar
2015-03-12 04:03 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 04:03 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 04:03 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 04:03 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 04:03 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 04:03 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 04:03 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 04:03 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 04:03 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 04:03 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 04:03 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 04:03 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 04:03 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 04:03 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 04:03 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 04:03 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 04:03 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 04:03 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 04:03 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 04:03 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 04:03 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 04:03 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 04:03 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 04:03 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 04:03 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 04:03 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 04:03 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 04:03 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 04:03 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 04:03 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 04:03 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-12 04:03 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 04:03 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 04:03 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 04:03 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 04:03 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 04:03 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-12 04:03 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-12 04:03 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 04:03 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 04:03 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 04:03 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 04:03 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 04:03 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 04:03 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 04:03 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 04:03 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 04:03 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 04:03 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 04:03 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 04:03 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-12 04:03 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 04:03 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 04:03 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 04:03 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 04:03 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 04:02 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 04:02 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 04:02 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 04:02 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 04:02 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 04:02 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 04:02 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-06 02:03 - 2015-03-06 02:03 - 00000000 ____D () C:\Users\Machine\AppData\Local\AbleWord
2015-03-06 02:00 - 2015-03-06 02:00 - 00000000 ____D () C:\Users\Machine\AppData\Roaming\AbleWord
2015-03-06 02:00 - 2015-03-06 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbleWord V2
2015-03-06 02:00 - 2015-03-06 02:00 - 00000000 ____D () C:\Program Files (x86)\AbleWord

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 05:08 - 2014-03-17 15:57 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-04-04 05:01 - 2014-03-19 18:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 05:01 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 05:01 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 04:58 - 2009-07-14 00:13 - 00006186 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 04:57 - 2014-03-06 11:40 - 01079294 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 04:56 - 2014-08-11 15:54 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-04 04:54 - 2014-09-13 11:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 04:54 - 2014-04-13 15:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 04:54 - 2014-02-13 09:24 - 00000031 _____ () C:\Windows\system32\bbcap.err
2015-04-04 04:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 04:17 - 2014-02-21 23:08 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-04 04:15 - 2014-10-23 09:21 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-04 04:08 - 2014-02-13 09:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-04 03:36 - 2015-02-04 07:07 - 00000000 ____D () C:\AdwCleaner
2015-04-04 03:06 - 2014-03-03 14:27 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-04 03:03 - 2014-04-05 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-04 02:27 - 2015-02-17 12:28 - 00010870 _____ () C:\Users\Machine\Desktop\Staples info.txt
2015-04-04 01:56 - 2014-02-13 09:07 - 00000000 ____D () C:\Users\Machine\AppData\Local\Google
2015-04-04 00:29 - 2014-09-16 10:47 - 00009326 _____ () C:\Users\Machine\Desktop\New Text Document (3).txt
2015-04-04 00:21 - 2014-08-11 15:57 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-04 00:21 - 2014-02-07 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-04 00:03 - 2014-03-04 23:24 - 00000941 _____ () C:\Users\Machine\Desktop\New Text Document.txt
2015-04-04 00:00 - 2015-02-27 13:34 - 20436568 _____ () C:\Users\Machine\Desktop\RogueKillerX64.exe
2015-04-03 23:26 - 2014-03-05 14:49 - 00048876 _____ () C:\Users\Machine\dsp_stereo_tool.ini
2015-04-03 23:26 - 2014-02-07 16:42 - 00000000 ____D () C:\Users\Machine
2015-04-03 18:01 - 2014-04-13 15:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-02 10:07 - 2015-02-15 00:25 - 00000000 ____D () C:\Users\Machine\AppData\Local\IPVanish
2015-03-30 21:23 - 2015-02-15 00:24 - 00000000 ____D () C:\Program Files (x86)\IPVanish
2015-03-30 12:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-29 04:43 - 2014-12-04 23:49 - 00000000 ____D () C:\Users\Machine\Desktop\Staples orders
2015-03-28 21:47 - 2014-02-13 09:05 - 00000000 ____D () C:\Users\Machine\AppData\Roaming\vlc
2015-03-28 07:32 - 2014-02-13 06:30 - 00000000 ____D () C:\Users\Machine\AppData\Local\Adobe
2015-03-28 07:31 - 2014-03-19 18:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-28 07:31 - 2014-02-13 06:30 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-28 07:31 - 2014-02-13 06:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-28 05:42 - 2014-12-03 19:18 - 00000000 ____D () C:\Users\Administrator
2015-03-28 05:42 - 2014-08-11 15:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-28 05:42 - 2014-04-15 08:21 - 00000000 ____D () C:\ProgramData\VSO
2015-03-28 05:42 - 2014-04-13 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 05:42 - 2014-03-06 10:39 - 00000000 ____D () C:\ProgramData\Norton
2015-03-28 05:42 - 2014-02-19 23:34 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-28 05:42 - 2014-02-08 01:01 - 00000000 ____D () C:\Users\Machine\AppData\Roaming\Winamp
2015-03-28 05:42 - 2011-04-12 03:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-28 04:44 - 2014-03-04 22:20 - 00000000 ____D () C:\SUPERDelete
2015-03-27 23:34 - 2014-12-03 19:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-03-27 21:47 - 2014-02-17 21:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-24 20:32 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-24 17:06 - 2014-04-15 08:21 - 00000000 ____D () C:\Users\Machine\Documents\VSO Downloader
2015-03-12 04:47 - 2009-07-13 23:45 - 00279312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 04:05 - 2014-02-07 19:26 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 04:05 - 2014-02-07 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 15:50 - 2009-07-14 00:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-10 08:44 - 2014-12-08 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-03-05 07:49 - 2014-03-05 07:49 - 0000138 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFXVwer.log
2014-12-13 19:51 - 2014-12-13 19:51 - 0099384 _____ () C:\Users\Machine\AppData\Roaming\inst.exe
2014-12-13 19:51 - 2014-12-13 19:51 - 0007859 _____ () C:\Users\Machine\AppData\Roaming\pcouffin.cat
2014-12-13 19:51 - 2014-12-13 19:51 - 0001167 _____ () C:\Users\Machine\AppData\Roaming\pcouffin.inf
2014-12-13 19:51 - 2014-12-13 19:51 - 0000055 _____ () C:\Users\Machine\AppData\Roaming\pcouffin.log
2014-12-13 19:51 - 2014-12-13 19:51 - 0082816 _____ (VSO Software) C:\Users\Machine\AppData\Roaming\pcouffin.sys
2015-02-16 03:39 - 2015-02-16 03:39 - 0003584 _____ () C:\Users\Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-13 03:24 - 2014-02-13 04:25 - 0007600 _____ () C:\Users\Machine\AppData\Local\Resmon.ResmonCfg
2014-02-13 09:02 - 2014-02-13 09:02 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Machine\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-25 00:05

==================== End Of Log ============================

changed · Apr 4, 2015

FRST Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Machine at 2015-04-04 05:14:43
Running from C:\Users\Machine\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v2.1 (HKLM-x32\...\AbleWord_is1) (Version: - )
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Acronis True Image 2014 Media Add-on (HKLM-x32\...\{209C0F83-534D-4AEF-BBC3-0C1B0A52C5FD}) (Version: 17.0.6614 - Acronis)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anime Studio Debut 9.5 (HKLM-x32\...\ASD95_is1) (Version: 9.5 - Smith Micro Software, Inc.)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.185 - AVG Technologies) Hidden
BB FlashBack Express (HKLM-x32\...\BB FlashBack Express) (Version: 4.1.7.2810 - Blueberry)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comodo TrustConnect™ v.1.7.3 (HKLM-x32\...\Comodo TrustConnect™_is1) (Version: - COMODO)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
FLV to AVI (HKLM-x32\...\{64678DB1-3475-4674-80AD-4C07C4295A9B}_is1) (Version: - www.flvtoavi.com)
GeekBuddy (HKLM\...\{C36B3AE4-FCFE-4A0A-AA3D-71E1A51C1F16}) (Version: 4.11.91 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.16432 - HP)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
IPVanish (x32 Version: 2.0.5507.29332 - IPVanish.com) Hidden
IPVanish VPN (HKLM-x32\...\{072f0988-e40d-45d9-b85b-9c68bb7c31fe}) (Version: 2.0.5507.29332 - IPVanish.com)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version: - )
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1029.0 - Passmark Software)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
RAPID Mode (Version: 1.0.1.42 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rosewill Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0132 - Rosewill Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Sound Blaster Recon3D PCIe (HKLM-x32\...\{344F2565-8724-473A-9A4E-62A780AAE396}) (Version: 1.01.19 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.9 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VSO Downloader 3.2.0.6 (HKLM-x32\...\{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1) (Version: 3.2.0.6 - VSO Software)
VSO Downloader 4.2.5.1 (HKLM-x32\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.2.5.1 - VSO Software)
VSO EVE Network Driver version 1.0.0.27 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.27 - VSO Software)
VSO Video Converter 1 (HKLM-x32\...\{{5289246A-D537-4823-88C2-38C17840E45A}_is1) (Version: 1.5.0.10 - VSO Software)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

05-01-2015 04:18:14 Removed COMODO Unite
06-01-2015 17:24:13 Removed HP Photosmart 5520 series Basic Device Software
15-02-2015 00:24:28 IPVanish VPN
15-02-2015 00:25:36 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
20-02-2015 15:45:19 Installed Turbo Lister 2.
03-03-2015 16:25:48 Windows Update
10-03-2015 23:16:34 Installed AVG PC TuneUp 2015
10-03-2015 23:16:54 Removed AVG PC TuneUp 2015 (en-US)
12-03-2015 04:04:06 Windows Update
12-03-2015 04:53:18 Windows Update
28-03-2015 04:23:25 Checkpoint by HitmanPro
04-04-2015 03:30:27 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-03 23:06 - 00000768 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1086AF2A-BF06-4EDF-9EE6-A3A15C10D9EC} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {21C75F60-F08C-44EB-924D-30FD421374AB} - System32\Tasks\HP AR Program Upload - bc1b43b28d334ed79db40d42b1d05118111c122b5bb84b5b8a10d4c1de3f4bde => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {2B3892F0-7601-4131-803F-7EB64EBE8DEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {2B66FBA7-22C9-4C93-AFF7-8CBFEBA63BF4} - \SUPERAntiSpyware Scheduled Task a4af3e02-f44f-4e93-b3d7-fd3bf6b5348b No Task File <==== ATTENTION
Task: {39973B04-8F9E-4142-9948-8FE69850DAF0} - System32\Tasks\Open Hardware Monitor\Startup => G:\Internet Downloads\openhardwaremonitor-v0.6.0\OpenHardwareMonitor\OpenHardwareMonitor.exe
Task: {4A84E785-8211-445D-B41D-F47855F6A057} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2015-02-04] ()
Task: {6D0C2C5C-2158-4DE2-B6DD-57A005A0972A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {705C0D2D-7025-47FD-BB8B-1C9FEE936A16} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {9797B4A5-B035-48B2-BCFB-CE3994AD3E1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {98809626-3DE6-4DE4-A5D4-86E6B65B8669} - System32\Tasks\SUPERAntiSpyware Scheduled Task 5bf2fbd6-a454-4dec-ab8d-669aa096419f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9FE91184-58CC-4213-8D71-3CEFEC6D4D4F} - \HPCustParticipation HP Photosmart 5520 series No Task File <==== ATTENTION
Task: {BFD29F87-7B44-4D9F-AE17-2B8ED6601ED3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-28] (Adobe Systems Incorporated)
Task: {E50C16F4-27A3-4C0F-8D57-37272C6DD2DD} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EA22E678-4B4D-4C41-B97B-BCF7FD75B86B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {F9038531-9773-4234-BDA5-A6FB796C8A0C} - System32\Tasks\SUPERAntiSpyware Scheduled Task 30cf6489-fb57-4e0e-a228-7ff5702d02cd => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30cf6489-fb57-4e0e-a228-7ff5702d02cd.job => C:\Program Files\SUPERAntiSpyware\SASTask.exexC:\Program Files\SUPERAntiSpyware\b7fb2fd1-4df5-4173-bfa4-b4c1204dfe26.com
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bf2fbd6-a454-4dec-ab8d-669aa096419f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exexC:\Program Files\SUPERAntiSpyware\b7fb2fd1-4df5-4173-bfa4-b4c1204dfe26.com

==================== Loaded Modules (whitelisted) ==============

2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2013-10-01 11:26 - 2013-10-01 11:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2015-04-04 01:34 - 2012-04-01 00:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2015-01-06 08:18 - 2015-01-06 08:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-07 17:03 - 2009-08-28 18:38 - 00131072 _____ () C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\EnumDevLib.dll
2014-02-04 19:25 - 2014-02-04 19:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-02-04 19:28 - 2014-02-04 19:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-10-01 12:00 - 2013-10-01 12:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Machine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: *CA => "C:\Program Files\COMODO\GeekBuddy\launcher.exe" "unit_manager.exe" "lps-ca"
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CTRegRun => C:\Windows\CTRegRun.EXE
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sound Blaster Recon3D PCIe Control Panel => "C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" /r
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

==================== Accounts: =============================

Administrator (S-1-5-21-1276146581-1508146875-3188578267-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1276146581-1508146875-3188578267-501 - Limited - Disabled)
Machine (S-1-5-21-1276146581-1508146875-3188578267-1000 - Administrator - Enabled) => C:\Users\Machine

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2015 04:58:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/04/2015 04:58:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/04/2015 04:56:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/04/2015 04:56:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/04/2015 04:54:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 03:13:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/04/2015 03:13:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/04/2015 03:08:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/04/2015 04:56:30 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (04/04/2015 04:56:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (04/04/2015 04:54:55 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on cannot be read.

Error: (04/04/2015 04:53:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hardlock service failed to start due to the following error:
%%2

Error: (04/04/2015 04:53:29 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/04/2015 03:10:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (04/04/2015 03:09:47 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (04/04/2015 03:08:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hardlock service failed to start due to the following error:
%%2

Error: (04/04/2015 03:07:53 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/04/2015 02:49:35 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Microsoft Office Sessions:
=========================
Error: (04/04/2015 04:58:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/04/2015 04:58:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (04/04/2015 04:56:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/04/2015 04:56:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (04/04/2015 04:54:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 03:13:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/04/2015 03:13:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (04/04/2015 03:08:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 16348.63 MB
Available physical RAM: 12629.94 MB
Total Pagefile: 16346.81 MB
Available Pagefile: 13143.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (840 EVO) (Fixed) (Total:111.69 GB) (Free:38.29 GB) NTFS
Drive e: (Vertex 450) (Fixed) (Total:119.24 GB) (Free:101.76 GB) NTFS
Drive g: (M 1) (Fixed) (Total:465.76 GB) (Free:138.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 37CFF78F)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: D64E5857)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 2D0EB3FD)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · Apr 4, 2015

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

changed · Apr 5, 2015

OK. Thank you for your reply. I will run the scans you recommended and post the logs tomorrow when I have some free time.

Broni · Apr 5, 2015

changed · Apr 5, 2015

RogueKiller V10.5.8.0 (x64) [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Machine [Administrator]
Started from : C:\Users\Machine\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 04/05/2015 15:37:05

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{091634B7-1DB5-4B04-B869-CD9B08D4B388} | DhcpNameServer : 198.18.0.1 198.18.0.2 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{091634B7-1DB5-4B04-B869-CD9B08D4B388} | DhcpNameServer : 198.18.0.1 198.18.0.2 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{091634B7-1DB5-4B04-B869-CD9B08D4B388} | DhcpNameServer : 198.18.0.1 198.18.0.2 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: OCZ-VERTEX450 ATA Device +++++
--- User ---
[MBR] 36ec26bed67e782e6897316c5770d1bf
[BSP] 2e58157ac89ddfe257479115d7721ac5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 122102 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung SSD 840 EVO 120GB ATA Device +++++
--- User ---
[MBR] f150d8dc328fd6dfde186c5590171f10
[BSP] fa3fde69ae1230642d2ef9045529dfc3 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Unknown Bootstrap | Unknown Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210944 | Size: 114370 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Innostor Ext. HDD USB Device +++++
--- User ---
[MBR] 209db8755b9c282a81705d0344e845ac
[BSP] 8af94ea496f6ec2fb24fb19b78052907 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_03282015_052857.log - RKreport_DEL_08112014_155909.log

____________________________________________________________
____________________________________________________________

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/5/2015
Scan Time: 3:38:24 PM
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.05.03
Rootkit Database: v2015.03.31.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Machine

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388848
Time Elapsed: 4 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

_______________________________________________________________
_______________________________________________________________

# AdwCleaner v4.200 - Logfile created 05/04/2015 at 15:45:45
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Machine - MACHINE-PC
# Running from : C:\Users\Machine\Desktop\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v41.0.2272.118

[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?client=&qt={searchTerms}&search=%EF%80%A1&charset=utf-8

*************************

AdwCleaner[S1].txt - [2281 bytes] - [15/02/2015 04:52:19]
AdwCleaner[S2].txt - [5681 bytes] - [27/03/2015 21:33:34]
AdwCleaner[S3].txt - [4407 bytes] - [28/03/2015 04:43:08]
AdwCleaner[S4].txt - [5261 bytes] - [28/03/2015 05:34:45]
AdwCleaner[S5].txt - [2705 bytes] - [05/04/2015 15:45:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2764 bytes] ##########

changed · Apr 5, 2015

I just realized that I didn't shut down my Norton completely for JRT. I just disabled it. I hope that doesn't matter.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Machine on Sun 04/05/2015 at 15:49:41.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/05/2015 at 15:56:01.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Apr 6, 2015

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

changed · Apr 7, 2015

ComboFix 15-04-01.01 - Machine 04/07/2015 9:25.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16349.14099 [GMT -5:00]
Running from: c:\users\Machine\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Machine\AppData\Roaming\inst.exe
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2015-03-07 to 2015-04-07 )))))))))))))))))))))))))))))))
.
.
2015-04-07 14:34 . 2015-04-07 14:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-07 14:34 . 2015-04-07 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-07 14:34 . 2015-04-07 14:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-04-06 08:55 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-04-06 01:54 . 2015-04-06 01:54 -------- d-----w- c:\programdata\{365C1C9F-0E26-4EC6-ACFD-F9BF88B767BF}
2015-04-06 01:54 . 2015-04-06 01:54 -------- d-----w- c:\program files (x86)\Stamps.com Web Postage Plug-in
2015-04-04 10:14 . 2015-04-04 10:15 -------- d-----w- C:\FRST
2015-04-04 08:17 . 2015-04-04 08:17 -------- d-----w- c:\programdata\Emsisoft
2015-04-04 07:55 . 2015-04-04 07:54 135800 ----a-w- c:\windows\system32\drivers\epp64.sys
2015-04-04 06:34 . 2015-04-04 06:34 -------- d-----w- c:\program files\File Shredder
2015-04-04 05:24 . 2015-04-04 05:25 -------- d-----w- c:\program files\CCleaner
2015-03-12 09:02 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll
2015-03-12 09:02 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2015-03-12 09:02 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-12 09:02 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-12 09:02 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-12 09:02 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-03-12 09:02 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-07 14:35 . 2014-04-13 20:52 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-05 20:32 . 2014-08-11 20:54 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-28 12:31 . 2014-02-13 11:30 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-28 12:31 . 2014-02-13 11:30 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-12 09:05 . 2014-02-08 00:26 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-01-20 20:41 . 2015-01-20 20:41 49152 ----a-w- c:\windows\SysWow64\inetwh32.dll
2015-01-20 20:41 . 2015-01-20 20:41 1044480 ----a-w- c:\windows\SysWow64\roboex32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-04-04 7806232]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-12-10 2561848]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-21 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{497e964d-907c-11e3-88ee-806e6f6e6963}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"googletalk"=c:\program files (x86)\Google\Google Talk\googletalk.exe /autostart
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdatp.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\Drivers\lgvzandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgvzandnetadb.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WnsDrvr;WnsDrvr; [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R4 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001_6f7\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001_6f7\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
S1 epp64;epp64;c:\windows\system32\DRIVERS\epp64.sys;c:\windows\SYSNATIVE\DRIVERS\epp64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150406.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150406.001\IDSvia64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 CtHdaSvc;Sound Blaster Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]
S3 cthda;Sound Blaster HDAudio;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 CTHDB;Sound Blaster Audio Controller Driver;c:\windows\system32\DRIVERS\CtHDb.sys;c:\windows\SYSNATIVE\DRIVERS\CtHDb.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-04 06:56 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-13 12:31]
.
2015-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 16:51]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 16:51]
.
2015-04-06 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2015-02-05 00:06]
.
2015-04-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 30cf6489-fb57-4e0e-a228-7ff5702d02cd.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-04-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5bf2fbd6-a454-4dec-ab8d-669aa096419f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-10-01 16:26 2810968 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-10-01 16:26 2810968 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-10-01 16:26 2810968 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-10-01 16:26 2810968 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-10-01 16:26 2810968 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-10-01 16:26 2810968 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} -
Trusted Zone: hola.org
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact\1701335922\ll\v1.0\Modules\*PUBLIC=c:\users\Public*SESSIONNAME=Console*SystemDrive=C:*SystemRoot=c:\windows*temp=c:\Users\Machine\AppData\Local\Temp*TMP=c:\users\Machine\AppData\Local\Temp*USERDOMAIN=Machine-PC*USERNAME=Machine*USERPROFILE=c:\users\Machine*windir=C:]
"JoinUserExperience"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Rosewill 11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2015-04-07 09:50:36 - machine was rebooted
ComboFix-quarantined-files.txt 2015-04-07 14:50
.
Pre-Run: 39,361,118,208 bytes free
Post-Run: 39,066,177,536 bytes free
.
- - End Of File - - BB8FB93CA69E90DCCFC5C43AB00ABC9B
A36C5E4F47E84449FF07ED3517B43A31

Broni · Apr 7, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Broni · Apr 12, 2015

Still with me?

changed · Apr 15, 2015

Yes I'm still here. Sorry. I got stuck in the hospital for a short stay after being really sick for awhile.

When I download Farbar Recovery Scan Tool (FRST/FRST64) Norton deletes it and says it's not safe. I'm assuming that's normal and I should disable Norton? And what about other security software?

Broni · Apr 15, 2015

Yes, disable Norton.

I hope you're well by now

Broni · Apr 20, 2015

Still with me?

Broni · Apr 25, 2015

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.

Inactive-A Can't remove ADWcleaner findings

changed

Posts: 27 +0

changed

Posts: 27 +0

Broni

Posts: 56,041 +516

changed

Posts: 27 +0

Broni

Posts: 56,041 +516

changed

Posts: 27 +0

changed

Posts: 27 +0

Broni

Posts: 56,041 +516

changed

Posts: 27 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

changed

Posts: 27 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts