Hi. Adwcleaner found some stuff won't go away. I've also run the following programs/scans to try to clean up and find anything else: CCleaner, Malwarebytes, SuperAntiSpyware, TDSSkiller, Roguekiller, JRT, Hitman Pro, and Emsisoft Anti-malware. Any help would be greatly appreciated. Thanks
Adwcleaner Log:
# AdwCleaner v4.200 - Logfile created 04/04/2015 at 03:35:30
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Machine - MACHINE-PC
# Running from : C:\Users\Machine\Desktop\adwcleaner_4.200.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Google Chrome v41.0.2272.118
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?client=&qt={searchTerms}&search=%EF%80%A1&charset=utf-8
*************************
AdwCleaner[R0].txt - [913 bytes] - [04/02/2015 07:07:22]
AdwCleaner[R10].txt - [2293 bytes] - [04/04/2015 02:16:33]
AdwCleaner[R11].txt - [2353 bytes] - [04/04/2015 02:27:57]
AdwCleaner[R12].txt - [2413 bytes] - [04/04/2015 02:32:46]
AdwCleaner[R13].txt - [2473 bytes] - [04/04/2015 02:39:02]
AdwCleaner[R14].txt - [1882 bytes] - [04/04/2015 02:49:40]
AdwCleaner[R15].txt - [1942 bytes] - [04/04/2015 03:30:57]
AdwCleaner[R16].txt - [1690 bytes] - [04/04/2015 03:35:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R16].txt - [2573 bytes] ##########
FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Machine (administrator) on MACHINE-PC on 04-04-2015 05:14:20
Running from C:\Users\Machine\Desktop
Loaded Profiles: Machine (Available profiles: Machine & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Realtek) C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtWLan.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-04] (SUPERAntiSpyware)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{497e964d-907c-11e3-88ee-806e6f6e6963}\bootwiz\asrm.bin
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-12-27] (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-05] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-04]
CHR Extension: (Awesome Screenshot App) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkccfnochoebimhhniekgcegeeiepmi [2015-04-04]
CHR Extension: (File Converter) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2015-04-04]
CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-04]
CHR Extension: (Google Docs) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-04]
CHR Extension: (Google Drive) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-04]
CHR Extension: (WOT) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-04]
CHR Extension: (Stop Extensions from Injecting ads) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjdaconoeojhhkdjndlelgklkmalleon [2015-04-04]
CHR Extension: (YouTube) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-04]
CHR Extension: (Adblock Plus) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-04]
CHR Extension: (TrafficLight) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-04-04]
CHR Extension: (Google Search) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-04]
CHR Extension: (Dark Vibe) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2015-04-04]
CHR Extension: (VTchromizer) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2015-04-04]
CHR Extension: (Google Calendar) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-04-04]
CHR Extension: (Box) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-04]
CHR Extension: (Google Sheets) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-04]
CHR Extension: (Hacker Vision) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2015-04-04]
CHR Extension: (HP Smart Print) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2015-04-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-04]
CHR Extension: (Dropbox) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Black and Red Theme for YouTube™) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgblendkekanjhdamohllnfpcdbgmbj [2015-04-04]
CHR Extension: (Google Maps) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-04-04]
CHR Extension: (Ghostery) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-04]
CHR Extension: (Hangouts) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-04-04]
CHR Extension: (OneDrive) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-04]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-04-04]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-04-04]
CHR Extension: (Gmail) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-11-19] (SUPERAntiSpyware.com)
S3 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-04-04] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-02-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-02-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-07-30] (Creative Technology Ltd)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe [36864 2009-07-10] (Realtek) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27360 2013-07-29] (Samsung Electronics Co., Ltd.)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Machine\AppData\Local\Temp\7zS0465\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2014-02-13] (Windows (R) Codename Longhorn DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001_6f7\BHDrvx64.sys [1622744 2015-03-21] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-07-30] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [25088 2013-11-29] (Creative Technology Ltd)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-04-04] (Emsisoft GmbH)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-27] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [41304 2014-04-10] ()
S4 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150401.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150403.002\ENG64.SYS [129752 2015-03-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150403.002\EX64.SYS [2137304 2015-03-27] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [240864 2013-07-29] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2013-07-29] (Samsung Electronics Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-02-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-02-07] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-02-07] (Acronis International GmbH)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
S3 WnsDrvr; C:\Windows\SysWow64\Drivers\WnsDrvr.sys [25952 2014-04-03] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S4 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S4 catchme; \??\C:\your_name\catchme.sys [X]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X]
U2 TMAgent; No ImagePath
S3 vzandnetadb; System32\Drivers\lgvzandnetadb.sys [X]
S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]
S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]
S3 vzandnetndis; system32\DRIVERS\lgvzandnetndis64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-04 05:14 - 2015-04-04 05:14 - 00024849 _____ () C:\Users\Machine\Desktop\FRST.txt
2015-04-04 05:14 - 2015-04-04 05:14 - 00000000 ____D () C:\FRST
2015-04-04 05:12 - 2015-04-04 05:12 - 02095616 _____ (Farbar) C:\Users\Machine\Desktop\FRST64.exe
2015-04-04 04:53 - 2015-04-04 04:53 - 00000530 _____ () C:\Windows\PFRO.log
2015-04-04 04:53 - 2015-04-04 04:53 - 00000056 _____ () C:\Windows\setupact.log
2015-04-04 04:53 - 2015-04-04 04:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-04 04:12 - 2015-04-04 04:13 - 502835218 _____ () C:\Users\Machine\Desktop\ALL reg.reg
2015-04-04 04:10 - 2015-04-04 04:10 - 00001000 _____ () C:\Users\Machine\Desktop\tvncontrol.reg
2015-04-04 04:05 - 2015-04-04 04:05 - 00008510 _____ () C:\Users\Machine\Documents\cc_20150404_040503.reg
2015-04-04 04:05 - 2015-04-04 04:05 - 00002084 _____ () C:\Users\Machine\Documents\cc_20150404_040540.reg
2015-04-04 04:04 - 2015-04-04 05:13 - 00002072 _____ () C:\Users\Machine\Desktop\Adw16.txt
2015-04-04 04:00 - 2015-01-22 08:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Machine\Desktop\TDSSKiller.exe
2015-04-04 03:17 - 2015-04-04 03:17 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-04 03:03 - 2015-04-04 03:08 - 00000554 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bf2fbd6-a454-4dec-ab8d-669aa096419f.job
2015-04-04 03:03 - 2015-04-04 03:08 - 00000554 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30cf6489-fb57-4e0e-a228-7ff5702d02cd.job
2015-04-04 03:03 - 2015-04-04 03:05 - 00003566 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 5bf2fbd6-a454-4dec-ab8d-669aa096419f
2015-04-04 03:03 - 2015-04-04 03:04 - 00003642 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 30cf6489-fb57-4e0e-a228-7ff5702d02cd
2015-04-04 02:55 - 2015-04-04 02:54 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-04-04 02:48 - 2015-04-04 02:48 - 00000692 _____ () C:\Users\Machine\Desktop\JRT.txt
2015-04-04 02:42 - 2015-04-04 02:42 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MACHINE-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 02:32 - 2015-04-04 02:32 - 02690981 _____ (Thisisu) C:\Users\Machine\Desktop\JRT.exe
2015-04-04 01:56 - 2015-04-04 01:56 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-04 01:56 - 2015-04-04 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-04 01:55 - 2015-04-04 01:51 - 00880208 _____ (Google Inc.) C:\Users\Machine\Desktop\ChromeSetup (2).exe
2015-04-04 01:34 - 2015-04-04 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
2015-04-04 01:34 - 2015-04-04 01:34 - 00000000 ____D () C:\Program Files\File Shredder
2015-04-04 01:23 - 2015-04-04 01:24 - 00001830 _____ () C:\blitzblank.log
2015-04-04 01:17 - 2015-04-04 01:17 - 01153912 _____ (Emsi Software GmbH) C:\Users\Machine\Desktop\BlitzBlank.exe
2015-04-04 00:31 - 2015-04-04 00:31 - 00011368 _____ () C:\Users\Machine\Documents\cc_20150404_003139.reg
2015-04-04 00:24 - 2015-04-04 00:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-04 00:24 - 2015-04-04 00:24 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-04 00:24 - 2015-04-04 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-04 00:14 - 2015-04-04 00:14 - 02208768 _____ () C:\Users\Machine\Desktop\adwcleaner_4.200.exe
2015-03-28 05:50 - 2015-03-28 05:50 - 00005270 _____ () C:\Users\Machine\Desktop\Rkill.txt
2015-03-28 05:07 - 2015-03-28 05:07 - 00050132 _____ () C:\Users\Machine\Desktop\1st gmer scan.log
2015-03-28 04:30 - 2015-03-28 04:30 - 00006220 _____ () C:\Users\Machine\Desktop\HitmanPro_20150328_0430.log
2015-03-27 21:41 - 2015-03-28 05:42 - 00000000 ____D () C:\Users\Machine\Desktop\mbar
2015-03-12 04:03 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 04:03 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 04:03 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 04:03 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 04:03 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 04:03 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 04:03 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 04:03 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 04:03 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 04:03 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 04:03 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 04:03 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 04:03 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 04:03 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 04:03 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 04:03 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 04:03 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 04:03 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 04:03 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 04:03 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 04:03 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 04:03 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 04:03 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 04:03 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 04:03 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 04:03 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 04:03 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 04:03 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 04:03 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 04:03 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 04:03 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-12 04:03 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 04:03 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 04:03 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 04:03 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 04:03 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 04:03 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-12 04:03 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-12 04:03 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 04:03 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 04:03 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 04:03 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 04:03 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 04:03 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 04:03 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 04:03 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 04:03 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 04:03 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 04:03 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 04:03 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 04:03 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-12 04:03 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 04:03 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 04:03 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 04:03 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 04:03 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 04:02 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 04:02 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 04:02 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 04:02 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 04:02 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 04:02 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 04:02 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-06 02:03 - 2015-03-06 02:03 - 00000000 ____D () C:\Users\Machine\AppData\Local\AbleWord
2015-03-06 02:00 - 2015-03-06 02:00 - 00000000 ____D () C:\Users\Machine\AppData\Roaming\AbleWord
2015-03-06 02:00 - 2015-03-06 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbleWord V2
2015-03-06 02:00 - 2015-03-06 02:00 - 00000000 ____D () C:\Program Files (x86)\AbleWord
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-04 05:08 - 2014-03-17 15:57 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-04-04 05:01 - 2014-03-19 18:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 05:01 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 05:01 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 04:58 - 2009-07-14 00:13 - 00006186 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 04:57 - 2014-03-06 11:40 - 01079294 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 04:56 - 2014-08-11 15:54 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-04 04:54 - 2014-09-13 11:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 04:54 - 2014-04-13 15:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 04:54 - 2014-02-13 09:24 - 00000031 _____ () C:\Windows\system32\bbcap.err
2015-04-04 04:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 04:17 - 2014-02-21 23:08 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-04 04:15 - 2014-10-23 09:21 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-04 04:08 - 2014-02-13 09:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-04 03:36 - 2015-02-04 07:07 - 00000000 ____D () C:\AdwCleaner
2015-04-04 03:06 - 2014-03-03 14:27 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-04 03:03 - 2014-04-05 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-04 02:27 - 2015-02-17 12:28 - 00010870 _____ () C:\Users\Machine\Desktop\Staples info.txt
2015-04-04 01:56 - 2014-02-13 09:07 - 00000000 ____D () C:\Users\Machine\AppData\Local\Google
2015-04-04 00:29 - 2014-09-16 10:47 - 00009326 _____ () C:\Users\Machine\Desktop\New Text Document (3).txt
2015-04-04 00:21 - 2014-08-11 15:57 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-04 00:21 - 2014-02-07 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-04 00:03 - 2014-03-04 23:24 - 00000941 _____ () C:\Users\Machine\Desktop\New Text Document.txt
2015-04-04 00:00 - 2015-02-27 13:34 - 20436568 _____ () C:\Users\Machine\Desktop\RogueKillerX64.exe
2015-04-03 23:26 - 2014-03-05 14:49 - 00048876 _____ () C:\Users\Machine\dsp_stereo_tool.ini
2015-04-03 23:26 - 2014-02-07 16:42 - 00000000 ____D () C:\Users\Machine
2015-04-03 18:01 - 2014-04-13 15:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-02 10:07 - 2015-02-15 00:25 - 00000000 ____D () C:\Users\Machine\AppData\Local\IPVanish
2015-03-30 21:23 - 2015-02-15 00:24 - 00000000 ____D () C:\Program Files (x86)\IPVanish
2015-03-30 12:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-29 04:43 - 2014-12-04 23:49 - 00000000 ____D () C:\Users\Machine\Desktop\Staples orders
2015-03-28 21:47 - 2014-02-13 09:05 - 00000000 ____D () C:\Users\Machine\AppData\Roaming\vlc
2015-03-28 07:32 - 2014-02-13 06:30 - 00000000 ____D () C:\Users\Machine\AppData\Local\Adobe
2015-03-28 07:31 - 2014-03-19 18:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-28 07:31 - 2014-02-13 06:30 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-28 07:31 - 2014-02-13 06:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-28 05:42 - 2014-12-03 19:18 - 00000000 ____D () C:\Users\Administrator
2015-03-28 05:42 - 2014-08-11 15:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-28 05:42 - 2014-04-15 08:21 - 00000000 ____D () C:\ProgramData\VSO
2015-03-28 05:42 - 2014-04-13 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 05:42 - 2014-03-06 10:39 - 00000000 ____D () C:\ProgramData\Norton
2015-03-28 05:42 - 2014-02-19 23:34 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-28 05:42 - 2014-02-08 01:01 - 00000000 ____D () C:\Users\Machine\AppData\Roaming\Winamp
2015-03-28 05:42 - 2011-04-12 03:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-28 04:44 - 2014-03-04 22:20 - 00000000 ____D () C:\SUPERDelete
2015-03-27 23:34 - 2014-12-03 19:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-03-27 21:47 - 2014-02-17 21:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-24 20:32 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-24 17:06 - 2014-04-15 08:21 - 00000000 ____D () C:\Users\Machine\Documents\VSO Downloader
2015-03-12 04:47 - 2009-07-13 23:45 - 00279312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 04:05 - 2014-02-07 19:26 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 04:05 - 2014-02-07 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 15:50 - 2009-07-14 00:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-10 08:44 - 2014-12-08 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Files in the root of some directories =======
2014-03-05 07:49 - 2014-03-05 07:49 - 0000138 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFXVwer.log
2014-12-13 19:51 - 2014-12-13 19:51 - 0099384 _____ () C:\Users\Machine\AppData\Roaming\inst.exe
2014-12-13 19:51 - 2014-12-13 19:51 - 0007859 _____ () C:\Users\Machine\AppData\Roaming\pcouffin.cat
2014-12-13 19:51 - 2014-12-13 19:51 - 0001167 _____ () C:\Users\Machine\AppData\Roaming\pcouffin.inf
2014-12-13 19:51 - 2014-12-13 19:51 - 0000055 _____ () C:\Users\Machine\AppData\Roaming\pcouffin.log
2014-12-13 19:51 - 2014-12-13 19:51 - 0082816 _____ (VSO Software) C:\Users\Machine\AppData\Roaming\pcouffin.sys
2015-02-16 03:39 - 2015-02-16 03:39 - 0003584 _____ () C:\Users\Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-13 03:24 - 2014-02-13 04:25 - 0007600 _____ () C:\Users\Machine\AppData\Local\Resmon.ResmonCfg
2014-02-13 09:02 - 2014-02-13 09:02 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Machine\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-25 00:05
==================== End Of Log ============================
Adwcleaner Log:
# AdwCleaner v4.200 - Logfile created 04/04/2015 at 03:35:30
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Machine - MACHINE-PC
# Running from : C:\Users\Machine\Desktop\adwcleaner_4.200.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Google Chrome v41.0.2272.118
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?client=&qt={searchTerms}&search=%EF%80%A1&charset=utf-8
*************************
AdwCleaner[R0].txt - [913 bytes] - [04/02/2015 07:07:22]
AdwCleaner[R10].txt - [2293 bytes] - [04/04/2015 02:16:33]
AdwCleaner[R11].txt - [2353 bytes] - [04/04/2015 02:27:57]
AdwCleaner[R12].txt - [2413 bytes] - [04/04/2015 02:32:46]
AdwCleaner[R13].txt - [2473 bytes] - [04/04/2015 02:39:02]
AdwCleaner[R14].txt - [1882 bytes] - [04/04/2015 02:49:40]
AdwCleaner[R15].txt - [1942 bytes] - [04/04/2015 03:30:57]
AdwCleaner[R16].txt - [1690 bytes] - [04/04/2015 03:35:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R16].txt - [2573 bytes] ##########
FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Machine (administrator) on MACHINE-PC on 04-04-2015 05:14:20
Running from C:\Users\Machine\Desktop
Loaded Profiles: Machine (Available profiles: Machine & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Realtek) C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtWLan.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-04] (SUPERAntiSpyware)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{497e964d-907c-11e3-88ee-806e6f6e6963}\bootwiz\asrm.bin
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: AutorunsDisabled - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-12-27] (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-05] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-04]
CHR Extension: (Awesome Screenshot App) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkccfnochoebimhhniekgcegeeiepmi [2015-04-04]
CHR Extension: (File Converter) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2015-04-04]
CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-04]
CHR Extension: (Google Docs) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-04]
CHR Extension: (Google Drive) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-04]
CHR Extension: (WOT) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-04]
CHR Extension: (Stop Extensions from Injecting ads) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjdaconoeojhhkdjndlelgklkmalleon [2015-04-04]
CHR Extension: (YouTube) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-04]
CHR Extension: (Adblock Plus) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-04]
CHR Extension: (TrafficLight) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-04-04]
CHR Extension: (Google Search) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-04]
CHR Extension: (Dark Vibe) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2015-04-04]
CHR Extension: (VTchromizer) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2015-04-04]
CHR Extension: (Google Calendar) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-04-04]
CHR Extension: (Box) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-04]
CHR Extension: (Google Sheets) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-04]
CHR Extension: (Hacker Vision) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2015-04-04]
CHR Extension: (HP Smart Print) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2015-04-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-04]
CHR Extension: (Dropbox) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Black and Red Theme for YouTube™) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgblendkekanjhdamohllnfpcdbgmbj [2015-04-04]
CHR Extension: (Google Maps) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-04-04]
CHR Extension: (Ghostery) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-04]
CHR Extension: (Hangouts) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-04-04]
CHR Extension: (OneDrive) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-04]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-04-04]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-04-04]
CHR Extension: (Gmail) - C:\Users\Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKU\S-1-5-21-1276146581-1508146875-3188578267-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-11-19] (SUPERAntiSpyware.com)
S3 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-04-04] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-02-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-02-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-07-30] (Creative Technology Ltd)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe [36864 2009-07-10] (Realtek) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27360 2013-07-29] (Samsung Electronics Co., Ltd.)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Machine\AppData\Local\Temp\7zS0465\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2014-02-13] (Windows (R) Codename Longhorn DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001_6f7\BHDrvx64.sys [1622744 2015-03-21] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-07-30] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [25088 2013-11-29] (Creative Technology Ltd)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-04-04] (Emsisoft GmbH)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-27] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [41304 2014-04-10] ()
S4 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150401.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150403.002\ENG64.SYS [129752 2015-03-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150403.002\EX64.SYS [2137304 2015-03-27] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [240864 2013-07-29] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2013-07-29] (Samsung Electronics Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-02-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-02-07] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-02-07] (Acronis International GmbH)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
S3 WnsDrvr; C:\Windows\SysWow64\Drivers\WnsDrvr.sys [25952 2014-04-03] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S4 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S4 catchme; \??\C:\your_name\catchme.sys [X]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X]
U2 TMAgent; No ImagePath
S3 vzandnetadb; System32\Drivers\lgvzandnetadb.sys [X]
S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]
S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]
S3 vzandnetndis; system32\DRIVERS\lgvzandnetndis64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-04 05:14 - 2015-04-04 05:14 - 00024849 _____ () C:\Users\Machine\Desktop\FRST.txt
2015-04-04 05:14 - 2015-04-04 05:14 - 00000000 ____D () C:\FRST
2015-04-04 05:12 - 2015-04-04 05:12 - 02095616 _____ (Farbar) C:\Users\Machine\Desktop\FRST64.exe
2015-04-04 04:53 - 2015-04-04 04:53 - 00000530 _____ () C:\Windows\PFRO.log
2015-04-04 04:53 - 2015-04-04 04:53 - 00000056 _____ () C:\Windows\setupact.log
2015-04-04 04:53 - 2015-04-04 04:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-04 04:12 - 2015-04-04 04:13 - 502835218 _____ () C:\Users\Machine\Desktop\ALL reg.reg
2015-04-04 04:10 - 2015-04-04 04:10 - 00001000 _____ () C:\Users\Machine\Desktop\tvncontrol.reg
2015-04-04 04:05 - 2015-04-04 04:05 - 00008510 _____ () C:\Users\Machine\Documents\cc_20150404_040503.reg
2015-04-04 04:05 - 2015-04-04 04:05 - 00002084 _____ () C:\Users\Machine\Documents\cc_20150404_040540.reg
2015-04-04 04:04 - 2015-04-04 05:13 - 00002072 _____ () C:\Users\Machine\Desktop\Adw16.txt
2015-04-04 04:00 - 2015-01-22 08:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Machine\Desktop\TDSSKiller.exe
2015-04-04 03:17 - 2015-04-04 03:17 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-04 03:03 - 2015-04-04 03:08 - 00000554 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bf2fbd6-a454-4dec-ab8d-669aa096419f.job
2015-04-04 03:03 - 2015-04-04 03:08 - 00000554 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30cf6489-fb57-4e0e-a228-7ff5702d02cd.job
2015-04-04 03:03 - 2015-04-04 03:05 - 00003566 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 5bf2fbd6-a454-4dec-ab8d-669aa096419f
2015-04-04 03:03 - 2015-04-04 03:04 - 00003642 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 30cf6489-fb57-4e0e-a228-7ff5702d02cd
2015-04-04 02:55 - 2015-04-04 02:54 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-04-04 02:48 - 2015-04-04 02:48 - 00000692 _____ () C:\Users\Machine\Desktop\JRT.txt
2015-04-04 02:42 - 2015-04-04 02:42 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MACHINE-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 02:32 - 2015-04-04 02:32 - 02690981 _____ (Thisisu) C:\Users\Machine\Desktop\JRT.exe
2015-04-04 01:56 - 2015-04-04 01:56 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-04 01:56 - 2015-04-04 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-04 01:55 - 2015-04-04 01:51 - 00880208 _____ (Google Inc.) C:\Users\Machine\Desktop\ChromeSetup (2).exe
2015-04-04 01:34 - 2015-04-04 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
2015-04-04 01:34 - 2015-04-04 01:34 - 00000000 ____D () C:\Program Files\File Shredder
2015-04-04 01:23 - 2015-04-04 01:24 - 00001830 _____ () C:\blitzblank.log
2015-04-04 01:17 - 2015-04-04 01:17 - 01153912 _____ (Emsi Software GmbH) C:\Users\Machine\Desktop\BlitzBlank.exe
2015-04-04 00:31 - 2015-04-04 00:31 - 00011368 _____ () C:\Users\Machine\Documents\cc_20150404_003139.reg
2015-04-04 00:24 - 2015-04-04 00:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-04 00:24 - 2015-04-04 00:24 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-04 00:24 - 2015-04-04 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-04 00:14 - 2015-04-04 00:14 - 02208768 _____ () C:\Users\Machine\Desktop\adwcleaner_4.200.exe
2015-03-28 05:50 - 2015-03-28 05:50 - 00005270 _____ () C:\Users\Machine\Desktop\Rkill.txt
2015-03-28 05:07 - 2015-03-28 05:07 - 00050132 _____ () C:\Users\Machine\Desktop\1st gmer scan.log
2015-03-28 04:30 - 2015-03-28 04:30 - 00006220 _____ () C:\Users\Machine\Desktop\HitmanPro_20150328_0430.log
2015-03-27 21:41 - 2015-03-28 05:42 - 00000000 ____D () C:\Users\Machine\Desktop\mbar
2015-03-12 04:03 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 04:03 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 04:03 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 04:03 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 04:03 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 04:03 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 04:03 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 04:03 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 04:03 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 04:03 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 04:03 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 04:03 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 04:03 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 04:03 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 04:03 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 04:03 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 04:03 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 04:03 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 04:03 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 04:03 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 04:03 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 04:03 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 04:03 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 04:03 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 04:03 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 04:03 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 04:03 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 04:03 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 04:03 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 04:03 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 04:03 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-12 04:03 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 04:03 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 04:03 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 04:03 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 04:03 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 04:03 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-12 04:03 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-12 04:03 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 04:03 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 04:03 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 04:03 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 04:03 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 04:03 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 04:03 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 04:03 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 04:03 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 04:03 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 04:03 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 04:03 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 04:03 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-12 04:03 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 04:03 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 04:03 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 04:03 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 04:03 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 04:02 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 04:02 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 04:02 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 04:02 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 04:02 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 04:02 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 04:02 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-06 02:03 - 2015-03-06 02:03 - 00000000 ____D () C:\Users\Machine\AppData\Local\AbleWord
2015-03-06 02:00 - 2015-03-06 02:00 - 00000000 ____D () C:\Users\Machine\AppData\Roaming\AbleWord
2015-03-06 02:00 - 2015-03-06 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbleWord V2
2015-03-06 02:00 - 2015-03-06 02:00 - 00000000 ____D () C:\Program Files (x86)\AbleWord
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-04 05:08 - 2014-03-17 15:57 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-04-04 05:01 - 2014-03-19 18:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 05:01 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 05:01 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 04:58 - 2009-07-14 00:13 - 00006186 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 04:57 - 2014-03-06 11:40 - 01079294 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 04:56 - 2014-08-11 15:54 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-04 04:54 - 2014-09-13 11:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 04:54 - 2014-04-13 15:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 04:54 - 2014-02-13 09:24 - 00000031 _____ () C:\Windows\system32\bbcap.err
2015-04-04 04:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 04:17 - 2014-02-21 23:08 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-04 04:15 - 2014-10-23 09:21 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-04 04:08 - 2014-02-13 09:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-04 03:36 - 2015-02-04 07:07 - 00000000 ____D () C:\AdwCleaner
2015-04-04 03:06 - 2014-03-03 14:27 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-04 03:03 - 2014-04-05 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-04 02:27 - 2015-02-17 12:28 - 00010870 _____ () C:\Users\Machine\Desktop\Staples info.txt
2015-04-04 01:56 - 2014-02-13 09:07 - 00000000 ____D () C:\Users\Machine\AppData\Local\Google
2015-04-04 00:29 - 2014-09-16 10:47 - 00009326 _____ () C:\Users\Machine\Desktop\New Text Document (3).txt
2015-04-04 00:21 - 2014-08-11 15:57 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-04 00:21 - 2014-02-07 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-04 00:03 - 2014-03-04 23:24 - 00000941 _____ () C:\Users\Machine\Desktop\New Text Document.txt
2015-04-04 00:00 - 2015-02-27 13:34 - 20436568 _____ () C:\Users\Machine\Desktop\RogueKillerX64.exe
2015-04-03 23:26 - 2014-03-05 14:49 - 00048876 _____ () C:\Users\Machine\dsp_stereo_tool.ini
2015-04-03 23:26 - 2014-02-07 16:42 - 00000000 ____D () C:\Users\Machine
2015-04-03 18:01 - 2014-04-13 15:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-02 10:07 - 2015-02-15 00:25 - 00000000 ____D () C:\Users\Machine\AppData\Local\IPVanish
2015-03-30 21:23 - 2015-02-15 00:24 - 00000000 ____D () C:\Program Files (x86)\IPVanish
2015-03-30 12:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-29 04:43 - 2014-12-04 23:49 - 00000000 ____D () C:\Users\Machine\Desktop\Staples orders
2015-03-28 21:47 - 2014-02-13 09:05 - 00000000 ____D () C:\Users\Machine\AppData\Roaming\vlc
2015-03-28 07:32 - 2014-02-13 06:30 - 00000000 ____D () C:\Users\Machine\AppData\Local\Adobe
2015-03-28 07:31 - 2014-03-19 18:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-28 07:31 - 2014-02-13 06:30 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-28 07:31 - 2014-02-13 06:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-28 05:42 - 2014-12-03 19:18 - 00000000 ____D () C:\Users\Administrator
2015-03-28 05:42 - 2014-08-11 15:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-28 05:42 - 2014-04-15 08:21 - 00000000 ____D () C:\ProgramData\VSO
2015-03-28 05:42 - 2014-04-13 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 05:42 - 2014-03-06 10:39 - 00000000 ____D () C:\ProgramData\Norton
2015-03-28 05:42 - 2014-02-19 23:34 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-28 05:42 - 2014-02-08 01:01 - 00000000 ____D () C:\Users\Machine\AppData\Roaming\Winamp
2015-03-28 05:42 - 2011-04-12 03:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-03-28 05:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-28 04:44 - 2014-03-04 22:20 - 00000000 ____D () C:\SUPERDelete
2015-03-27 23:34 - 2014-12-03 19:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-03-27 21:47 - 2014-02-17 21:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-24 20:32 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-24 17:06 - 2014-04-15 08:21 - 00000000 ____D () C:\Users\Machine\Documents\VSO Downloader
2015-03-12 04:47 - 2009-07-13 23:45 - 00279312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 04:05 - 2014-02-07 19:26 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 04:05 - 2014-02-07 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 15:50 - 2009-07-14 00:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-10 08:44 - 2014-12-08 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Files in the root of some directories =======
2014-03-05 07:49 - 2014-03-05 07:49 - 0000138 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFXVwer.log
2014-12-13 19:51 - 2014-12-13 19:51 - 0099384 _____ () C:\Users\Machine\AppData\Roaming\inst.exe
2014-12-13 19:51 - 2014-12-13 19:51 - 0007859 _____ () C:\Users\Machine\AppData\Roaming\pcouffin.cat
2014-12-13 19:51 - 2014-12-13 19:51 - 0001167 _____ () C:\Users\Machine\AppData\Roaming\pcouffin.inf
2014-12-13 19:51 - 2014-12-13 19:51 - 0000055 _____ () C:\Users\Machine\AppData\Roaming\pcouffin.log
2014-12-13 19:51 - 2014-12-13 19:51 - 0082816 _____ (VSO Software) C:\Users\Machine\AppData\Roaming\pcouffin.sys
2015-02-16 03:39 - 2015-02-16 03:39 - 0003584 _____ () C:\Users\Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-13 03:24 - 2014-02-13 04:25 - 0007600 _____ () C:\Users\Machine\AppData\Local\Resmon.ResmonCfg
2014-02-13 09:02 - 2014-02-13 09:02 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Machine\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-25 00:05
==================== End Of Log ============================