Fowzee
Posts: 16 +0
Hi guys,
I've been having these random audio ads play in the background and it's driving me mad - tried running Anti-Malware Bytes, Kaspersky TDSS etc. and the ads still persist. I'm not in the mood to reformat my hard-drive, so I'm hoping someone here can help. Thanks in advance!
Here is my FRST logfile:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Anthony (administrator) on HOMEPC on 11-04-2015 17:50:48
Running from C:\Users\Anthony\Desktop
Loaded Profiles: Anthony (Available profiles: Anthony)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys
() C:\Program Files\pia_manager\pia_manager.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(http://www.ruby-lang.org/) C:\Users\Anthony\AppData\Local\Temp\ocr4394.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Anthony\AppData\Local\Temp\ocr759C.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [CucusoftNetGuard] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [ToolboxFX] => "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /fln /frn /appDatan /tmcpn
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [CucusoftNetGuard] => C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe [868352 2013-06-25] (Cucusoft, Inc.)
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\MountPoints2: {54459c2f-7237-11e2-af1d-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\MountPoints2: {95d9ccee-71be-11e2-9934-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie64.dll [2012-07-12] (WinZip Computing, S.L.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie32.dll [2012-07-12] (WinZip Computing, S.L.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1417133180&from=smt&uid=ST2000DL003-9VT166_5YD215W9XXXX5YD215W9"
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-04]
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-10]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-04]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-04]
CHR Extension: (Okta Secure Web Authentication Plug-in) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glnpjglilkicbckjpbgcfkogebgllemb [2014-07-04]
CHR Extension: (ZenForce) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafdgoaldnankaaddgalfgpijgpdednd [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-02-08] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-08] (Creative Labs) [File not signed]
R2 CS_AutoUpdate; C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe [44696 2012-07-17] (Cucusoft, Inc.)
R2 CS_BandwidthGuard; C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys [223392 2013-06-21] (Cucusoft, Inc.)
R2 CS_BandwidthGuard64; C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys [292000 2013-06-21] (Cucusoft, Inc.)
R2 CS_SysMsgProxy; C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [255136 2013-06-21] (Cucusoft, Inc.)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-05-01] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [793280 2015-01-19] (Samsung Electronics Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-02] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-18] (Logitech Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 17:50 - 2015-04-11 17:50 - 02095616 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2015-04-11 17:50 - 2015-04-11 17:50 - 00020277 _____ () C:\Users\Anthony\Desktop\FRST.txt
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 ____D () C:\FRST
2015-04-11 17:36 - 2015-04-11 17:37 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Anthony\Desktop\tdsskiller.exe
2015-04-11 12:12 - 2015-04-11 12:12 - 00003158 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2015-04-11 12:12 - 2015-04-11 12:12 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Titanium
2015-04-11 12:12 - 2015-04-11 12:12 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2015-04-11 12:11 - 2015-04-11 12:13 - 00000000 ____D () C:\Program Files\pia_manager
2015-04-11 12:11 - 2015-04-11 12:12 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-04-11 12:09 - 2015-04-11 12:11 - 25723531 _____ () C:\Users\Anthony\Desktop\installer_win.exe
2015-04-04 15:04 - 2015-04-04 15:04 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 15:04 - 2015-04-04 15:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-25 14:20 - 2015-03-11 14:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 14:20 - 2015-03-11 14:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 14:20 - 2015-03-11 14:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 14:20 - 2015-03-11 14:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 14:20 - 2015-03-11 14:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 14:20 - 2015-03-11 14:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 14:20 - 2015-03-11 14:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 14:20 - 2015-03-11 14:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-20 11:44 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Anthony\Desktop\Unilever Case Study
2015-03-12 18:51 - 2015-03-12 18:51 - 00000085 _____ () C:\Windows\wininit.ini
2015-03-12 18:42 - 2015-03-12 18:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-12 18:42 - 2015-03-12 18:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-12 18:42 - 2015-03-12 18:42 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-03-12 18:24 - 2015-03-12 18:24 - 00000000 ____D () C:\Users\Anthony\Documents\Cucusoft
2015-03-12 18:24 - 2015-03-12 18:24 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\NetGuard
2015-03-12 18:24 - 2015-03-12 18:24 - 00000000 ____D () C:\ProgramData\Cucusoft
2015-03-12 18:24 - 2015-03-12 18:24 - 00000000 ____D () C:\Program Files\Cucusoft
2015-03-12 18:24 - 2003-03-18 09:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.DLL
2015-03-12 18:24 - 2003-03-18 08:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\MFC71.DLL
2015-03-12 18:24 - 2003-03-18 08:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP71.DLL
2015-03-12 18:24 - 2003-03-18 07:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.DLL
2015-03-12 18:24 - 2003-02-20 16:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCR71.DLL
2015-03-12 18:24 - 2003-02-20 15:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.DLL
2015-03-12 09:43 - 2015-03-12 09:43 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-03-12 09:37 - 2015-03-12 09:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-12 08:56 - 2015-03-12 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-12 08:18 - 2015-03-12 08:22 - 00007625 _____ () C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 17:41 - 2013-02-09 07:38 - 01783083 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 17:34 - 2009-07-14 14:45 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 17:34 - 2009-07-14 14:45 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 17:32 - 2013-08-14 16:04 - 00748424 _____ () C:\Windows\system32\perfh00A.dat
2015-04-11 17:32 - 2013-08-14 16:04 - 00159442 _____ () C:\Windows\system32\perfc00A.dat
2015-04-11 17:32 - 2009-07-14 15:13 - 01686182 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 17:31 - 2013-02-08 22:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 17:27 - 2014-07-04 21:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 17:27 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 17:27 - 2009-07-14 14:51 - 00072719 _____ () C:\Windows\setupact.log
2015-04-11 17:26 - 2013-02-08 17:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-11 12:10 - 2014-07-04 21:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 09:29 - 2015-02-13 09:55 - 00011647 _____ () C:\Users\Anthony\Desktop\budget2.xlsx
2015-04-03 09:27 - 2014-07-04 21:19 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Deployment
2015-04-03 09:26 - 2013-02-08 15:53 - 00000000 ____D () C:\Users\Anthony\AppData\Local\VirtualStore
2015-03-29 19:56 - 2013-02-08 23:38 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Adobe
2015-03-29 19:55 - 2013-02-08 22:10 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-29 19:55 - 2013-02-08 22:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-29 19:55 - 2013-02-08 22:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-26 11:57 - 2014-12-11 02:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 11:57 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-17 10:51 - 2013-02-08 17:46 - 00247030 _____ () C:\Windows\PFRO.log
2015-03-16 18:25 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-12 12:46 - 2013-02-08 14:49 - 00000000 ____D () C:\Users\Anthony\Desktop\Unsorted pics
2015-03-12 09:20 - 2009-07-14 17:46 - 00000000 ____D () C:\Windows\RemotePackages
2015-03-12 08:19 - 2013-02-08 21:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-12 03:05 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 02:28 - 2009-07-14 14:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 02:27 - 2009-07-14 15:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-12 02:27 - 2009-07-14 14:45 - 00342312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 02:27 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 02:27 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 02:11 - 2013-02-08 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 02:11 - 2009-07-14 12:34 - 00000580 _____ () C:\Windows\win.ini
2015-03-12 02:07 - 2013-03-08 13:27 - 01665262 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-12 02:03 - 2013-08-14 17:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 02:01 - 2013-02-08 17:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-01-09 12:48 - 2014-01-09 12:48 - 0001467 _____ () C:\Users\Anthony\AppData\Roaming\WorksheetSchema.xsd
2015-03-12 08:18 - 2015-03-12 08:22 - 0007625 _____ () C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Anthony\AppData\Local\setup.txt
Some content of TEMP:
====================
C:\Users\Anthony\AppData\Local\Temp\HitmanPro.exe
C:\Users\Anthony\AppData\Local\Temp\lws_lws.exe
C:\Users\Anthony\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Anthony\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Anthony\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Anthony\AppData\Local\Temp\nvStInst.exe
C:\Users\Anthony\AppData\Local\Temp\ose00000.exe
C:\Users\Anthony\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\Anthony\AppData\Local\Temp\shopsave_2.4.3.exe
C:\Users\Anthony\AppData\Local\Temp\SHSetup.exe
C:\Users\Anthony\AppData\Local\Temp\_is1534.exe
C:\Users\Anthony\AppData\Local\Temp\_isEEE.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 12:13
==================== End Of Log ============================
I've been having these random audio ads play in the background and it's driving me mad - tried running Anti-Malware Bytes, Kaspersky TDSS etc. and the ads still persist. I'm not in the mood to reformat my hard-drive, so I'm hoping someone here can help. Thanks in advance!
Here is my FRST logfile:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Anthony (administrator) on HOMEPC on 11-04-2015 17:50:48
Running from C:\Users\Anthony\Desktop
Loaded Profiles: Anthony (Available profiles: Anthony)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys
() C:\Program Files\pia_manager\pia_manager.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(http://www.ruby-lang.org/) C:\Users\Anthony\AppData\Local\Temp\ocr4394.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Anthony\AppData\Local\Temp\ocr759C.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [CucusoftNetGuard] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [ToolboxFX] => "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /fln /frn /appDatan /tmcpn
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [CucusoftNetGuard] => C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe [868352 2013-06-25] (Cucusoft, Inc.)
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\MountPoints2: {54459c2f-7237-11e2-af1d-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\...\MountPoints2: {95d9ccee-71be-11e2-9934-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-3965459442-2878038994-3301500739-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie64.dll [2012-07-12] (WinZip Computing, S.L.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie32.dll [2012-07-12] (WinZip Computing, S.L.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1417133180&from=smt&uid=ST2000DL003-9VT166_5YD215W9XXXX5YD215W9"
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-04]
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-10]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-04]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-04]
CHR Extension: (Okta Secure Web Authentication Plug-in) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\glnpjglilkicbckjpbgcfkogebgllemb [2014-07-04]
CHR Extension: (ZenForce) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafdgoaldnankaaddgalfgpijgpdednd [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-02-08] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-08] (Creative Labs) [File not signed]
R2 CS_AutoUpdate; C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe [44696 2012-07-17] (Cucusoft, Inc.)
R2 CS_BandwidthGuard; C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys [223392 2013-06-21] (Cucusoft, Inc.)
R2 CS_BandwidthGuard64; C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys [292000 2013-06-21] (Cucusoft, Inc.)
R2 CS_SysMsgProxy; C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [255136 2013-06-21] (Cucusoft, Inc.)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-05-01] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [793280 2015-01-19] (Samsung Electronics Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-02] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-18] (Logitech Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 17:50 - 2015-04-11 17:50 - 02095616 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2015-04-11 17:50 - 2015-04-11 17:50 - 00020277 _____ () C:\Users\Anthony\Desktop\FRST.txt
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 ____D () C:\FRST
2015-04-11 17:36 - 2015-04-11 17:37 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Anthony\Desktop\tdsskiller.exe
2015-04-11 12:12 - 2015-04-11 12:12 - 00003158 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2015-04-11 12:12 - 2015-04-11 12:12 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Titanium
2015-04-11 12:12 - 2015-04-11 12:12 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2015-04-11 12:11 - 2015-04-11 12:13 - 00000000 ____D () C:\Program Files\pia_manager
2015-04-11 12:11 - 2015-04-11 12:12 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-04-11 12:09 - 2015-04-11 12:11 - 25723531 _____ () C:\Users\Anthony\Desktop\installer_win.exe
2015-04-04 15:04 - 2015-04-04 15:04 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 15:04 - 2015-04-04 15:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-25 14:20 - 2015-03-11 14:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 14:20 - 2015-03-11 14:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 14:20 - 2015-03-11 14:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 14:20 - 2015-03-11 14:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 14:20 - 2015-03-11 14:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 14:20 - 2015-03-11 14:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 14:20 - 2015-03-11 14:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 14:20 - 2015-03-11 14:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-20 11:44 - 2015-03-20 17:16 - 00000000 ____D () C:\Users\Anthony\Desktop\Unilever Case Study
2015-03-12 18:51 - 2015-03-12 18:51 - 00000085 _____ () C:\Windows\wininit.ini
2015-03-12 18:42 - 2015-03-12 18:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-12 18:42 - 2015-03-12 18:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-12 18:42 - 2015-03-12 18:42 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-03-12 18:24 - 2015-03-12 18:24 - 00000000 ____D () C:\Users\Anthony\Documents\Cucusoft
2015-03-12 18:24 - 2015-03-12 18:24 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\NetGuard
2015-03-12 18:24 - 2015-03-12 18:24 - 00000000 ____D () C:\ProgramData\Cucusoft
2015-03-12 18:24 - 2015-03-12 18:24 - 00000000 ____D () C:\Program Files\Cucusoft
2015-03-12 18:24 - 2003-03-18 09:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.DLL
2015-03-12 18:24 - 2003-03-18 08:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\MFC71.DLL
2015-03-12 18:24 - 2003-03-18 08:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP71.DLL
2015-03-12 18:24 - 2003-03-18 07:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.DLL
2015-03-12 18:24 - 2003-02-20 16:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCR71.DLL
2015-03-12 18:24 - 2003-02-20 15:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.DLL
2015-03-12 09:43 - 2015-03-12 09:43 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-03-12 09:37 - 2015-03-12 09:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-12 08:56 - 2015-03-12 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-12 08:18 - 2015-03-12 08:22 - 00007625 _____ () C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 17:41 - 2013-02-09 07:38 - 01783083 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 17:34 - 2009-07-14 14:45 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 17:34 - 2009-07-14 14:45 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 17:32 - 2013-08-14 16:04 - 00748424 _____ () C:\Windows\system32\perfh00A.dat
2015-04-11 17:32 - 2013-08-14 16:04 - 00159442 _____ () C:\Windows\system32\perfc00A.dat
2015-04-11 17:32 - 2009-07-14 15:13 - 01686182 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 17:31 - 2013-02-08 22:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 17:27 - 2014-07-04 21:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 17:27 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 17:27 - 2009-07-14 14:51 - 00072719 _____ () C:\Windows\setupact.log
2015-04-11 17:26 - 2013-02-08 17:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-11 12:10 - 2014-07-04 21:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 09:29 - 2015-02-13 09:55 - 00011647 _____ () C:\Users\Anthony\Desktop\budget2.xlsx
2015-04-03 09:27 - 2014-07-04 21:19 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Deployment
2015-04-03 09:26 - 2013-02-08 15:53 - 00000000 ____D () C:\Users\Anthony\AppData\Local\VirtualStore
2015-03-29 19:56 - 2013-02-08 23:38 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Adobe
2015-03-29 19:55 - 2013-02-08 22:10 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-29 19:55 - 2013-02-08 22:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-29 19:55 - 2013-02-08 22:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-26 11:57 - 2014-12-11 02:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 11:57 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-17 10:51 - 2013-02-08 17:46 - 00247030 _____ () C:\Windows\PFRO.log
2015-03-16 18:25 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-12 12:46 - 2013-02-08 14:49 - 00000000 ____D () C:\Users\Anthony\Desktop\Unsorted pics
2015-03-12 09:20 - 2009-07-14 17:46 - 00000000 ____D () C:\Windows\RemotePackages
2015-03-12 08:19 - 2013-02-08 21:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-12 03:05 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 02:28 - 2009-07-14 14:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 02:27 - 2009-07-14 15:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-12 02:27 - 2009-07-14 14:45 - 00342312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 02:27 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 02:27 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 02:11 - 2013-02-08 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 02:11 - 2009-07-14 12:34 - 00000580 _____ () C:\Windows\win.ini
2015-03-12 02:07 - 2013-03-08 13:27 - 01665262 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-12 02:03 - 2013-08-14 17:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 02:01 - 2013-02-08 17:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-01-09 12:48 - 2014-01-09 12:48 - 0001467 _____ () C:\Users\Anthony\AppData\Roaming\WorksheetSchema.xsd
2015-03-12 08:18 - 2015-03-12 08:22 - 0007625 _____ () C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Anthony\AppData\Local\setup.txt
Some content of TEMP:
====================
C:\Users\Anthony\AppData\Local\Temp\HitmanPro.exe
C:\Users\Anthony\AppData\Local\Temp\lws_lws.exe
C:\Users\Anthony\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Anthony\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Anthony\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Anthony\AppData\Local\Temp\nvStInst.exe
C:\Users\Anthony\AppData\Local\Temp\ose00000.exe
C:\Users\Anthony\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\Anthony\AppData\Local\Temp\shopsave_2.4.3.exe
C:\Users\Anthony\AppData\Local\Temp\SHSetup.exe
C:\Users\Anthony\AppData\Local\Temp\_is1534.exe
C:\Users\Anthony\AppData\Local\Temp\_isEEE.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 12:13
==================== End Of Log ============================