WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't remove Crypted.Gen virus

Started by Whiteloba , Jan 08 2015 05:39 PM

Crypted.Gen Virus Removal

This topic is locked

13 replies to this topic

#1 Whiteloba

New Member

Authentic Member
7 posts

Posted 08 January 2015 - 05:39 PM

Hi,

My daughter got a virus after installing a required driver that was in a zip file for a Huion Graphic Drawing Tablet that she received for Christmas.

We have ran Microsoft Virus and Malware removal scan and Avira and nothing works. Avira keeps popping up on IE and Chrome stating that it has detected the virus and it acts like it quarantines it but then it's still there. Both Chrome and IE webpages have been over taken with words that contain hyperlinks, pop up ads, and websites offering to help you fix your computer.

Here are the specs on her computer. Sony VAIO laptop, 64-bit, Intel Core i5-3210M CPU @ 2.50GHz, 6GB RAM, WIndows 7 Home Premium w/service pack 1.

TIA for your assistance!

Here is the aswMBR Log and following are the other two logs from FRST64:

Run date: 2015-01-08 13:24:30

-----------------------------

13:24:30.400 OS Version: Windows x64 6.1.7601 Service Pack 1

13:24:30.400 Number of processors: 4 586 0x3A09

13:24:30.400 ComputerName: MSCLAPTOP UserName: GrayBush

13:24:34.415 Initialize success

13:24:34.425 VM: initialized successfully

13:24:34.425 VM: Intel CPU BiosDisabled

13:25:33.920 AVAST engine defs: 15010800

13:26:03.688 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:26:03.698 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3

13:26:03.878 Disk 0 MBR read successfully

13:26:03.878 Disk 0 MBR scan

13:26:03.888 Disk 0 Windows 7 default MBR code

13:26:03.908 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18940 MB offset 2048

13:26:04.188 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 38791168

13:26:04.188 Disk 0 default boot code

13:26:04.208 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 696112 MB offset 39507968

13:26:04.408 Disk 0 scanning C:\Windows\system32\drivers

13:26:36.468 Service scanning

13:27:15.729 Modules scanning

13:27:15.729 Disk 0 trace - called modules:

13:27:15.819 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

13:27:15.819 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ab0060]

13:27:15.829 3 CLASSPNP.SYS[fffff88001cb043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80065f5050]

13:27:19.759 AVAST engine scan C:\Windows

13:27:26.399 AVAST engine scan C:\Windows\system32

13:33:43.709 AVAST engine scan C:\Windows\system32\drivers

13:34:05.924 AVAST engine scan C:\Users\GrayBush

13:38:21.117 File: C:\Users\GrayBush\AppData\Local\Obrona Block Ads\ExternalUninstaller.exe **INFECTED** Win32:Trojan-gen

13:43:33.791 AVAST engine scan C:\ProgramData

13:47:16.435 Disk 0 statistics 4175964/0/0 @ 2.36 MB/s

13:47:16.435 Scan finished successfully

13:49:30.408 Disk 0 MBR has been saved successfully to "C:\Users\GrayBush\Desktop\MBR.dat"

13:49:30.424 The log file has been saved successfully to "C:\Users\GrayBush\Desktop\aswMBR_Whiteloba_Logfile.txt"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by GrayBush (administrator) on MSCLAPTOP on 08-01-2015 13:54:42

Running from C:\Users\GrayBush\Desktop

Loaded Profiles: GrayBush & Mcx1-FACEPALMCOMICS (Available profiles: GrayBush & Mcx1-FACEPALMCOMICS)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

() C:\Program Files (x86)\CE\CovenantEyesCommService.exe

(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe

(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe

(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

() C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

() C:\Program Files (x86)\IocingRuwl\IocingRuwlHelper.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

() C:\Windows\SysWOW64\authServer.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Graphic Tablet Company Shenzhen) C:\Program Files\TabletDriver\TabletDriver.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Dropbox, Inc.) C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

() C:\Program Files (x86)\CE\CovenantEyes.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

() C:\Program Files (x86)\CE\CovenantEyesHelper.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020576 2012-02-23] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-23] (Atheros Commnucations)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-03-13] (Synaptics Incorporated)

HKLM\...\Run: [TabletDriver] => C:\Program Files\TabletDriver\TabletDriver.exe [1099864 2014-12-19] (Graphic Tablet Company Shenzhen)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-22] (Intel Corporation)

HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)

HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-02-19] (cyberlink)

HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)

HKLM-x32\...\Run: [Covenant Eyes] => C:\Program Files (x86)\CE\CovenantEyes.exe [7065104 2013-12-05] ()

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2753690234-888831857-2254222751-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-2753690234-888831857-2254222751-1000\...\Run: [Google Update] => C:\Users\GrayBush\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-01] (Google Inc.)

HKU\S-1-5-21-2753690234-888831857-2254222751-1000\...\Run: [Obrona Block Ads] => "C:\Users\GrayBush\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" --hidden

HKU\S-1-5-21-2753690234-888831857-2254222751-1000\...\RunOnce: [Uninstall C:\Users\GrayBush\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GrayBush\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk

ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)

Startup: C:\Users\GrayBush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\GrayBush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2753690234-888831857-2254222751-1000] => Internet Explorer proxy is enabled.

ProxyServer: [S-1-5-21-2753690234-888831857-2254222751-1000] => http=127.0.0.1:9880

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2753690234-888831857-2254222751-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKU\S-1-5-21-2753690234-888831857-2254222751-1000 -> DefaultScope {3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} URL = http://search.condui...8451549382&UM=2

SearchScopes: HKU\S-1-5-21-2753690234-888831857-2254222751-1000 -> {3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} URL = http://search.condui...8451549382&UM=2

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files (x86)\CE\extensions\ie\x64\ceie-0.7.0.dll (Covenant Eyes)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files (x86)\CE\extensions\ie\x86\ceie-0.7.0.dll (Covenant Eyes)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Winsock: Catalog9 01 C:\Windows\SysWOW64\CovenantEyesProxy.dll [322584] (CovenantEyes)

Winsock: Catalog9 02 C:\Windows\SysWOW64\CovenantEyesProxy.dll [322584] (CovenantEyes)

Winsock: Catalog9 03 C:\Windows\SysWOW64\CovenantEyesProxy.dll [322584] (CovenantEyes)

Winsock: Catalog9 04 C:\Windows\SysWOW64\CovenantEyesProxy.dll [322584] (CovenantEyes)

Winsock: Catalog9 16 C:\Windows\SysWOW64\CovenantEyesProxy.dll [322584] (CovenantEyes)

Winsock: Catalog9-x64 01 C:\Windows\system32\CovenantEyesProxy64.dll [391704] (CovenantEyes)

Winsock: Catalog9-x64 02 C:\Windows\system32\CovenantEyesProxy64.dll [391704] (CovenantEyes)

Winsock: Catalog9-x64 03 C:\Windows\system32\CovenantEyesProxy64.dll [391704] (CovenantEyes)

Winsock: Catalog9-x64 04 C:\Windows\system32\CovenantEyesProxy64.dll [391704] (CovenantEyes)

Winsock: Catalog9-x64 16 C:\Windows\system32\CovenantEyesProxy64.dll [391704] (CovenantEyes)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF Plugin HKU\S-1-5-21-2753690234-888831857-2254222751-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\GrayBush\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-2753690234-888831857-2254222751-1000: @talk.google.com/O1DPlugin -> C:\Users\GrayBush\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-2753690234-888831857-2254222751-1000: @tools.google.com/Google Update;version=3 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-2753690234-888831857-2254222751-1000: @tools.google.com/Google Update;version=9 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\GrayBush\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\GrayBush\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-02-12]

FF HKLM-x32\...\Firefox\Extensions: [firefox-integrated-extension@covenanteyes.com] - C:\Program Files (x86)\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com

FF Extension: Covenant Eyes for Firefox - C:\Program Files (x86)\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com [2014-01-20]

Chrome:

=======

CHR HomePage: Default ->

CHR StartupUrls: Default -> "https://www.google.com/"

CHR Profile: C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-12]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]

CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2014-01-20]

CHR Extension: (YouTube) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]

CHR Extension: (Adblock Plus) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-19]

CHR Extension: (Google Search) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-12]

CHR Extension: (Avira Browser Safety) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-15]

CHR Extension: (AdBlock) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-19]

CHR Extension: (Pin It Button) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-30]

CHR Extension: (Google Wallet) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]

CHR Extension: (Gmail) - C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]

CHR HKU\S-1-5-21-2753690234-888831857-2254222751-1000\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\GrayBush\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-05-22]

CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - C:\Program Files (x86)\CE\extensions\chrome\cechrome-0.7.1.crx [2014-01-20]

CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\GrayBush\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-05-22]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-02-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed]

R2 Auth Service; C:\Windows\SysWOW64\authServer.exe [4367880 2013-12-05] ()

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2012-01-19] (CyberLink)

R2 CovenantEyesCommService; C:\Program Files (x86)\CE\CovenantEyesCommService.exe [4510240 2013-12-05] ()

R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5329944 2013-10-04] (CovenantEyes)

R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-06-26] (Code 42 Software) [File not signed]

S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)

R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-01-31] (Freemake) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()

R2 IocingRuwl; C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe [4316160 2015-01-07] () [File not signed] <==== ATTENTION

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)

R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)

R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]

R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)

S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)

R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)

R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)

R1 cewd64f; C:\Windows\system32\Drivers\cewd64f.sys [31944 2013-12-05] () [File not signed]

R1 cewd64r; C:\Windows\system32\Drivers\cewd64r.sys [45256 2013-12-05] () [File not signed]

R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-06] ()

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]

R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [10752 2014-09-16] (Windows ® Win 7 DDK provider)

U3 aswMBR; \??\C:\Users\GrayBush\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\GrayBush\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 13:54 - 2015-01-08 13:55 - 00027929 _____ () C:\Users\GrayBush\Desktop\FRST.txt

2015-01-08 13:53 - 2015-01-08 13:54 - 00000000 ____D () C:\FRST

2015-01-08 13:52 - 2015-01-08 13:52 - 02124288 _____ (Farbar) C:\Users\GrayBush\Desktop\FRST64.exe

2015-01-08 13:49 - 2015-01-08 13:49 - 00000512 _____ () C:\Users\GrayBush\Desktop\MBR.dat

2015-01-08 13:24 - 2015-01-08 13:24 - 05198336 _____ (AVAST Software) C:\Users\GrayBush\Desktop\aswMBR.exe

2015-01-08 07:25 - 2015-01-08 07:25 - 00000000 ___RD () C:\Users\GrayBush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2015-01-07 21:27 - 2015-01-07 21:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\GrayBush\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-07 21:22 - 2015-01-07 21:20 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-01-07 21:21 - 2015-01-07 21:21 - 00000000 ____D () C:\Users\GrayBush\AppData\Roaming\Avira

2015-01-07 21:18 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-01-07 21:18 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-01-07 21:18 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2015-01-07 21:10 - 2015-01-07 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-01-07 21:10 - 2015-01-07 21:18 - 00000000 ____D () C:\ProgramData\Avira

2015-01-07 21:10 - 2015-01-07 21:10 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-01-07 21:01 - 2015-01-07 21:02 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\GrayBush\Downloads\avira_en_av_5768062864__ws.exe

2015-01-07 14:29 - 2015-01-07 14:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf

2015-01-07 14:13 - 2015-01-07 14:13 - 00000000 _____ () C:\Windows\SysWOW64\shoEE64.tmp

2015-01-07 14:09 - 2015-01-07 23:01 - 00000000 __SHD () C:\Users\GrayBush\AppData\Local\EmieBrowserModeList

2015-01-07 14:09 - 2015-01-07 14:09 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_62

2015-01-07 14:08 - 2015-01-07 21:13 - 00000000 ____D () C:\Program Files (x86)\Consumer Input

2015-01-07 14:08 - 2015-01-07 14:09 - 00000000 __SHD () C:\Program Files (x86)\IocingRuwl

2015-01-07 14:08 - 2015-01-07 14:08 - 00003120 _____ () C:\Windows\System32\Tasks\RPC

2015-01-07 14:02 - 2015-01-07 14:06 - 00000860 _____ () C:\Users\Public\Desktop\TabletDriver.lnk

2015-01-07 14:02 - 2015-01-07 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TabletDriver

2015-01-07 14:02 - 2015-01-07 14:06 - 00000000 ____D () C:\Program Files\TabletDriver

2015-01-07 14:02 - 2015-01-07 14:02 - 00000000 ____D () C:\Program Files\DIFX

2015-01-07 14:02 - 2014-09-16 18:47 - 00010752 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\vmulti.sys

2015-01-07 14:02 - 2014-09-16 18:47 - 00007680 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys

2015-01-07 14:02 - 2014-07-28 08:39 - 00043048 _____ (Graphics Tablet) C:\Windows\system32\wintab32.dll

2015-01-07 14:02 - 2014-07-28 08:39 - 00037928 _____ (Graphics Tablet) C:\Windows\SysWOW64\wintab32.dll

2015-01-07 14:02 - 2012-06-01 15:35 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUsbCoInstaller2.dll

2015-01-07 14:01 - 2015-01-07 14:01 - 00000000 ____D () C:\Users\GrayBush\Downloads\HUION 1060pro+

2015-01-07 13:59 - 2015-01-07 14:08 - 00000000 ____D () C:\Users\GrayBush\AppData\Local\Obrona Block Ads

2015-01-07 13:59 - 2015-01-07 13:59 - 00000000 ____D () C:\Users\GrayBush\AppData\Roaming\Philipp Winterberg

2015-01-07 13:59 - 2015-01-07 13:59 - 00000000 ____D () C:\Users\GrayBush\AppData\Roaming\OpenCandy

2015-01-07 13:57 - 2015-01-07 13:57 - 00372576 _____ () C:\Users\GrayBush\Downloads\SoftonicDownloader_for_rar-file-open-knife.exe

2015-01-07 13:46 - 2015-01-07 13:46 - 06625110 _____ () C:\Users\GrayBush\Downloads\HUION 1060pro+.rar

2015-01-07 11:43 - 2015-01-07 11:44 - 00000000 ____D () C:\Users\GrayBush\Downloads\pick- a-day

2015-01-06 19:51 - 2015-01-06 19:51 - 00000000 ____D () C:\Users\GrayBush\Downloads\audio book

2015-01-06 19:43 - 2015-01-06 19:55 - 00000000 ____D () C:\Users\GrayBush\Downloads\speech

2015-01-06 19:40 - 2015-01-06 19:55 - 00000000 ____D () C:\Users\GrayBush\Downloads\other & software

2015-01-06 19:38 - 2015-01-06 19:59 - 00000000 ____D () C:\Users\GrayBush\Downloads\debate

2015-01-06 19:34 - 2015-01-06 19:55 - 00000000 ____D () C:\Users\GrayBush\Downloads\school (old)

2015-01-06 19:32 - 2015-01-06 19:59 - 00000000 ____D () C:\Users\GrayBush\Downloads\art&stuff

2014-12-18 09:07 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 09:07 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-13 03:20 - 2014-12-13 03:20 - 00000000 _____ () C:\Windows\SysWOW64\sho8AEF.tmp

2014-12-10 03:41 - 2014-12-10 03:41 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 03:09 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 03:09 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 03:09 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 03:09 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 03:09 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 03:09 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 03:09 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 03:09 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 03:09 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 03:09 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-09 19:31 - 2014-12-09 19:32 - 00000000 ____D () C:\Users\GrayBush\Documents\MC Art

2014-12-09 12:53 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-09 12:53 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-09 12:53 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-09 12:53 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-09 12:53 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-09 12:53 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-09 12:53 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-09 12:53 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-09 12:53 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-09 12:53 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-09 12:53 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-09 12:53 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-09 12:53 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-09 12:53 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-09 12:53 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-09 12:53 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-09 12:53 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-09 12:53 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-09 12:53 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-09 12:53 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-09 12:53 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-09 12:53 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-09 12:53 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-09 12:53 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-09 12:53 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-09 12:53 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-09 12:53 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-09 12:53 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-09 12:53 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-09 12:53 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-09 12:53 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-09 12:53 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-09 12:53 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-09 12:53 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-09 12:53 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-09 12:53 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-09 12:53 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-09 12:53 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-09 12:53 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-09 12:53 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-09 12:53 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-09 12:53 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-09 12:53 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-09 12:53 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-09 12:53 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-09 12:53 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-09 12:53 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-09 12:53 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-09 12:53 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-09 12:53 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-09 12:53 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-09 12:53 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-09 12:53 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-09 12:53 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-09 12:52 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-09 12:52 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-09 12:52 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-09 12:52 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-09 12:52 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-09 12:52 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-09 12:52 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-09 12:52 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-09 12:52 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-09 12:52 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-09 12:51 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-09 12:51 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-09 12:51 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-09 12:51 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-09 12:51 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-09 12:51 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-09 12:51 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-09 12:51 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-09 12:51 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-09 12:51 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-09 12:51 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-09 12:51 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-09 12:51 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-09 12:50 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-09 12:50 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 13:24 - 2012-12-12 20:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-08 13:15 - 2014-04-01 13:05 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2753690234-888831857-2254222751-1000UA.job

2015-01-08 11:05 - 2012-12-12 18:49 - 01454580 _____ () C:\Windows\WindowsUpdate.log

2015-01-08 07:33 - 2009-07-13 20:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-08 07:33 - 2009-07-13 20:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-08 07:27 - 2014-09-14 15:18 - 00000000 ___RD () C:\Users\GrayBush\Dropbox

2015-01-08 07:27 - 2014-09-14 15:17 - 00000000 ____D () C:\Users\GrayBush\AppData\Roaming\Dropbox

2015-01-08 07:26 - 2014-01-20 00:31 - 00005848 _____ () C:\Windows\system32\CovenantEyesProxy.ini

2015-01-08 07:26 - 2014-01-20 00:31 - 00003096 _____ () C:\Windows\SysWOW64\CovenantEyesProxyOff.ini

2015-01-08 07:26 - 2014-01-20 00:31 - 00003096 _____ () C:\Windows\system32\CovenantEyesProxyOff.ini

2015-01-08 07:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-08 07:23 - 2009-07-13 20:51 - 00108416 _____ () C:\Windows\setupact.log

2015-01-07 23:01 - 2014-08-29 22:15 - 00000000 __SHD () C:\Users\GrayBush\AppData\Local\EmieUserList

2015-01-07 23:01 - 2014-08-29 22:15 - 00000000 __SHD () C:\Users\GrayBush\AppData\Local\EmieSiteList

2015-01-07 22:54 - 2010-11-20 19:47 - 00669012 _____ () C:\Windows\PFRO.log

2015-01-07 22:52 - 2012-12-12 21:38 - 00000000 ____D () C:\Users\GrayBush\AppData\Local\CrashDumps

2015-01-07 22:51 - 2014-01-20 01:49 - 00000000 ____D () C:\Windows\system32\MpEngineStore

2015-01-07 21:32 - 2012-12-12 21:35 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-07 21:18 - 2014-01-20 00:21 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-01-07 21:15 - 2014-04-01 13:05 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2753690234-888831857-2254222751-1000Core.job

2015-01-07 21:10 - 2014-08-12 06:29 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-07 14:31 - 2009-07-13 21:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-07 14:18 - 2014-08-29 09:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2015-01-07 14:11 - 2012-12-16 19:24 - 00000000 ____D () C:\Users\GrayBush\AppData\Roaming\SoftGrid Client

2015-01-07 14:06 - 2012-12-12 18:54 - 00025200 _____ () C:\Windows\DPINST.LOG

2015-01-07 11:43 - 2014-05-27 11:12 - 01099264 ___SH () C:\Users\GrayBush\Downloads\Thumbs.db

2015-01-06 12:53 - 2014-04-04 18:56 - 00000000 ____D () C:\Users\GrayBush\AppData\Local\Windows Live

2015-01-04 16:30 - 2014-09-14 15:18 - 00001027 _____ () C:\Users\GrayBush\Desktop\Dropbox.lnk

2015-01-04 16:30 - 2014-09-14 15:18 - 00000000 ____D () C:\Users\GrayBush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-12-14 11:01 - 2013-06-04 19:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-12-14 11:01 - 2013-06-04 19:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-12-14 10:53 - 2013-06-04 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-12-13 10:50 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-12-13 05:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

2014-12-10 20:24 - 2014-09-09 16:24 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-12-10 20:24 - 2012-12-12 20:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 20:24 - 2012-12-12 20:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 20:24 - 2012-12-12 20:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 03:41 - 2014-05-07 10:52 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 03:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 03:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-10 03:21 - 2014-01-19 07:51 - 00000000 ____D () C:\Windows\system32\MRT

Some content of TEMP:

====================

C:\Users\GrayBush\AppData\Local\Temp\avgnt.exe

C:\Users\GrayBush\AppData\Local\Temp\COMAP.EXE

C:\Users\GrayBush\AppData\Local\Temp\ConsumerInputSetup.exe

C:\Users\GrayBush\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc_mldr.dll

C:\Users\GrayBush\AppData\Local\Temp\GLF1183.EXE

C:\Users\GrayBush\AppData\Local\Temp\GLF1955.EXE

C:\Users\GrayBush\AppData\Local\Temp\GLF1BB7.EXE

C:\Users\GrayBush\AppData\Local\Temp\GLFDB8B.EXE

C:\Users\GrayBush\AppData\Local\Temp\GLFE30B.EXE

C:\Users\GrayBush\AppData\Local\Temp\GLFE506.EXE

C:\Users\GrayBush\AppData\Local\Temp\nitro_reader3_64.exe

C:\Users\GrayBush\AppData\Local\Temp\ObronaBlockAds.exe

C:\Users\GrayBush\AppData\Local\Temp\OfficeSetup.exe

C:\Users\GrayBush\AppData\Local\Temp\oi_{69A83661-3F7F-4D4B-B939-4BBA5D108631}.exe

C:\Users\GrayBush\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_d1f8befe-aca6-4c46-9c3b-fbb3be34211d_TX_PR_.exe

C:\Users\GrayBush\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe

C:\Users\GrayBush\AppData\Local\Temp\SpOrder.dll

C:\Users\GrayBush\AppData\Local\Temp\UNINSTALL.EXE

C:\Users\GrayBush\AppData\Local\Temp\_isF673.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 14:40

==================== End Of Log ============================

[attachment=16034:Addition.txt]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by GrayBush at 2015-01-08 13:56:01

Running from C:\Users\GrayBush\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)

ACID Music Studio 8.0 (x32 Version: 8.0.178 - Sony) Hidden

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )

ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)

ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)

Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.125 - Atheros)

Autodesk SketchBook Pro 7 (HKLM\...\{00972CB9-9D37-47A1-B53D-7B2373EFBD3F}) (Version: 7.00.0000 - Autodesk)

Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 5.0.4.49 - Covenant Eyes, Inc.)

CrashPlan (HKLM\...\{F80817FB-59A8-4591-AFB3-A8949D573B87}) (Version: 3.6.3 - Code 42 Software)

CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dropbox (HKU\S-1-5-21-2753690234-888831857-2254222751-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

DVD Architect Studio 5.0 (x32 Version: 5.0.157 - Sony) Hidden

Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)

FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

HL-L2320D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 0.0.13.0 - Brother Industries, Ltd.)

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)

Java™ 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)

Java™ 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Keyboard_Shortcuts (x32 Version: 1.1.0.12190 - Sony Corporation) Hidden

KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)

Media Go (x32 Version: 2.0.317 - Sony) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2753690234-888831857-2254222751-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)

Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

PlayMemories Home (x32 Version: 6.1.01.14210 - Sony Corporation) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayStation®Network Downloader (x32 Version: 2.07.00849 - Sony Computer Entertainment Inc.) Hidden

PlayStation®Store (x32 Version: 4.5.15.13232 - Sony Computer Entertainment Inc.) Hidden

Qualcomm Atheros Direct Connect (x32 Version: 3.1 - Qualcomm Atheros) Hidden

Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)

Reader for PC (x32 Version: 1.1.02.10070 - Sony Corporation) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)

Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden

Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176 - Sony) Hidden

SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden

SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)

System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)

TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden

TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)

UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 9.0 - Huion Animation)

V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)

VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.00.14200 - Sony Corporation)

VAIO - Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden

VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) Hidden

VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden

VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden

VAIO 3D Portal (x32 Version: 1.2.0.10131 - Sony Corporation) Hidden

VAIO Care (HKLM\...\{FDCC09EA-A33E-4639-B1CD-FC1702815FA7}) (Version: 8.4.0.14281 - Sony Corporation)

VAIO Control Center (x32 Version: 5.2.1.15070 - Sony Corporation) Hidden

VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200 - Sony Corporation) Hidden

VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden

VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden

VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden

VAIO Gate Default (x32 Version: 2.5.2.02090 - Sony Corporation) Hidden

VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden

VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)

VAIO Help and Support (x32 Version: 17.00.0109 - Sony Corporation) Hidden

VAIO Improvement (x32 Version: 1.3.0.12280 - Sony Corporation) Hidden

VAIO Manual (x32 Version: 2.3.0.12300 - Sony Corporation) Hidden

VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)

VAIO OOBE (x32 Version: 12.2.1.2483 - Sony Corporation) Hidden

VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden

VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden

VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation) Hidden

VAIO Transfer Support (x32 Version: 1.7.1.06040 - Sony Corporation) Hidden

VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)

VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden

VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256 - Sony) Hidden

VHD (x32 Version: 1.0.0 - Microsoft) Hidden

VIx64 (Version: 1.0.0 - Sony Corporation) Hidden

VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden

VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden

VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Windows Driver Package - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

19-12-2014 03:00:20 Windows Update

23-12-2014 08:16:10 Windows Update

30-12-2014 09:53:37 Windows Update

06-01-2015 09:40:14 Windows Update

07-01-2015 14:02:25 Device Driver Package Install: HUION Animation Human Interface Devices

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BD6EF3-8DD9-4FCF-A3C6-4EDDD74DD2C7} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)

Task: {00C30B0B-EC12-4692-BFFD-577E1A7AA3C6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {0A481A39-7140-405C-96E0-6DF03DDF7D30} - System32\Tasks\RPC => C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe

Task: {10993E4E-00AE-46BA-AA70-E00BA9DE2AF0} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {10EB5E07-0C8F-4D7D-B28D-998066E386C2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2753690234-888831857-2254222751-1000UA => C:\Users\GrayBush\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)

Task: {11179F73-B977-4AF4-8143-84D5677906DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {264832AA-9528-4B66-8301-8C16CC5284F4} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {2B14184C-78D4-40CB-9C7F-A7486A0C1032} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)

Task: {2C975FBD-13A3-4761-B5FB-96D2FE6B0003} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {2CCCB3CD-DBD9-4912-8D68-74C83591E9A1} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)

Task: {2E02A0B7-7923-42FA-B9AF-6B9657762F64} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {37E7525B-8C14-400C-93DF-69A272D5C492} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"

Task: {49C7F6CB-385B-4002-B56E-C5152E048C0A} - System32\Tasks\VAIO® Messenger (Mcx1-FACEPALMCOMICS) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-02] (Digital Delivery Networks, Inc.)

Task: {594CE4E8-5A3F-4AFB-A78E-8384084DD6E8} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)

Task: {5C9D5647-35C7-40DF-B102-7E584469C333} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\SymErr.exe

Task: {5CD63D19-29B3-4FA9-BBEB-6E76DC5026F1} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net

Task: {66EDF506-D6BE-4E87-83A8-782CE79C913C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {6992577F-402A-40A6-B87D-40192F9933CC} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {6C1EDCC7-A6C8-4414-A8DA-70C229FCF520} - System32\Tasks\VAIO® Messenger (GrayBush) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-02] (Digital Delivery Networks, Inc.)

Task: {77783B2F-F37A-4E00-98AF-B9E684F0E20D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\WSCStub.exe

Task: {79553992-7115-4D30-BFFE-C98BB2B43AC0} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {833F817B-4EBE-4E6F-9864-C0A72B451546} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)

Task: {92476D70-75A0-4EF1-A6E3-10D904360E01} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)

Task: {945CDD51-EB95-4AC8-BBEC-76D046A3D50D} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\SymErr.exe

Task: {94A1982F-CB86-4B39-946A-EB3FC39902AA} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {94D6505B-E3BC-4F6D-AE1B-735742783AEF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {9FFE3B6C-9221-43AE-9788-4689F461CEE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)

Task: {A0AEA439-C588-4F0A-8E7F-B0551E2273A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {A22B712E-5685-4DA9-94AA-9367350CD537} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)

Task: {A5EA4D11-D719-4357-95D0-3FDFE644B470} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {AF871AB6-8694-4BE2-BA4C-47B53D03DBE7} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)

Task: {B1E8A605-9031-4AB2-95BC-3C0DF8F74A69} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {B409F49C-0552-44DA-8E17-7B065CC2D23D} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)

Task: {B6DA2687-1373-456A-A8AC-D61445C306E1} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()

Task: {B883CF2A-A735-46E3-AF4C-236E0BFE569F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {B8D9EBFF-9424-4135-9A5F-0247CAD5AEB1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)

Task: {BCC5A7BC-5110-4125-BD5D-214528CD1A5F} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)

Task: {C2788129-1BB4-4C5D-9DDC-41BC17100497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {C2BF6153-9A1E-4BE1-BCB4-7F1646459515} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)

Task: {C43FB954-F67D-4165-9E83-15CA839E16A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2753690234-888831857-2254222751-1000Core => C:\Users\GrayBush\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)

Task: {CF01ADB9-56C7-476B-836C-E2B22FB4272E} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)

Task: {D020CF9B-12EB-4EF9-86A4-4B0414A37EF8} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-02] (Digital Delivery Networks, Inc.)

Task: {D3A5BF78-11DF-43C1-AC04-0AF573E445D0} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {ED83FFEA-A27A-45BB-80EE-5950912A88A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {EE9ED847-D68A-4B4D-8228-70F9E2496CE7} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-FACEPALMCOMICS => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)

Task: {EFF806F2-2F8A-4242-9805-C5B7FBC91561} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)

Task: {F0DE4640-7E4B-4DDE-9BF9-FE61C63086F3} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)

Task: {F2421AA7-BF08-45D2-8294-6F5AEC353158} - System32\Tasks\{6871279C-D490-4C3D-AEB7-D3CCB7A46915} => Chrome.exe http://ui.skype.com/...#38;page=tsBing

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2753690234-888831857-2254222751-1000Core.job => C:\Users\GrayBush\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2753690234-888831857-2254222751-1000UA.job => C:\Users\GrayBush\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-29 09:04 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-01-20 00:30 - 2013-12-05 10:32 - 04510240 _____ () C:\Program Files (x86)\CE\CovenantEyesCommService.exe

2014-06-26 11:07 - 2014-06-26 11:07 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll

2014-10-20 13:30 - 2014-10-20 13:30 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll

2014-08-29 09:07 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2012-12-12 19:02 - 2012-03-13 08:01 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

2015-01-07 14:09 - 2015-01-07 10:27 - 04316160 ___SH () C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe

2015-01-07 14:09 - 2015-01-07 14:09 - 00154112 ____R () C:\Program Files (x86)\IocingRuwl\IocingRuwlHelper.exe

2014-01-20 00:30 - 2013-12-05 10:32 - 04367880 _____ () C:\Windows\SysWOW64\authServer.exe

2014-01-20 00:30 - 2013-12-05 10:32 - 02941440 _____ () C:\Program Files\CE\nmsvc64.dll

2014-01-20 00:30 - 2013-12-05 10:32 - 00086024 _____ () C:\Program Files\CE\nmsvTree64.dll

2012-03-14 12:54 - 2012-03-13 23:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-01-20 00:30 - 2013-12-05 10:32 - 07065104 _____ () C:\Program Files (x86)\CE\CovenantEyes.exe

2014-01-20 00:30 - 2013-12-05 10:32 - 05681176 _____ () C:\Program Files (x86)\CE\CovenantEyesHelper.exe

2013-11-01 13:59 - 2013-11-01 13:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe

2015-01-07 14:09 - 2015-01-07 10:27 - 00117262 ___SH () C:\Program Files (x86)\IocingRuwl\libgcc_s_dw2-1.dll

2015-01-07 14:09 - 2015-01-07 10:27 - 00970766 ___SH () C:\Program Files (x86)\IocingRuwl\libstdc++-6.dll

2012-12-12 19:54 - 2012-03-07 18:57 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll

2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-08 07:26 - 2015-01-08 07:26 - 00043008 _____ () c:\users\graybush\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc_mldr.dll

2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\GrayBush\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-08-29 09:04 - 2014-11-21 07:16 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2014-01-20 00:30 - 2013-12-05 10:32 - 02297344 _____ () C:\Program Files (x86)\CE\nmsvc.dll

2014-01-20 00:30 - 2013-12-05 10:32 - 00074760 _____ () C:\Program Files (x86)\CE\nmsvTree.dll

2014-12-06 13:04 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2014-10-17 11:47 - 2014-10-17 11:47 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll

2012-12-12 19:05 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2013-07-02 22:06 - 2013-07-02 22:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll

2013-07-02 22:06 - 2013-07-02 22:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll

2013-07-03 23:40 - 2013-07-02 22:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll

2013-07-03 23:40 - 2013-07-02 22:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll

2012-12-12 19:02 - 2012-03-13 08:02 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D287FACF

AlternateDataStreams: C:\ProgramData\Temp:D3A96964

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Auth Service => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64f.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64r.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesCommService => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesProxy => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2753690234-888831857-2254222751-500 - Administrator - Disabled)

GrayBush (S-1-5-21-2753690234-888831857-2254222751-1000 - Administrator - Enabled) => C:\Users\GrayBush

Guest (S-1-5-21-2753690234-888831857-2254222751-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2753690234-888831857-2254222751-1002 - Limited - Enabled)

Mcx1-FACEPALMCOMICS (S-1-5-21-2753690234-888831857-2254222751-1005 - Limited - Enabled) => C:\Users\Mcx1-FACEPALMCOMICS.FacePalmComics

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (01/08/2015 01:56:26 PM) (Source: VSS) (EventID: 12294) (User: )

Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.

Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000020B6C0).

Operation:

Get Shadow Copy Properties

Context:

Execution Context: Coordinator

Error: (01/08/2015 01:56:26 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine Error calling CreateFile on volume '\\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\'. hr = 0x80070005, Access is denied.

Operation:

Check If Volume Is Supported by Provider

Add a Volume to a Shadow Copy Set

Context:

Execution Context: Coordinator

Provider ID: {00000000-0000-0000-0000-000000000000}

Volume Name: \\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\

Execution Context: Coordinator

Error: (01/08/2015 01:56:21 PM) (Source: VSS) (EventID: 12293) (User: )

Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::QueryVolumesSupportedForSnapshots(ProviderId,-1,...) [hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.

Check the Application event log for more information.

Operation:

Query volumes supported by this provider

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Snapshot Context: -1

Error: (01/08/2015 01:56:21 PM) (Source: VSS) (EventID: 8193) (User: )

Error: (01/08/2015 01:41:08 PM) (Source: VSS) (EventID: 12294) (User: )

Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.

Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000028B620).

Operation:

Get Shadow Copy Properties

Context:

Execution Context: Coordinator

Error: (01/08/2015 01:41:08 PM) (Source: VSS) (EventID: 8193) (User: )

Operation:

Check If Volume Is Supported by Provider

Add a Volume to a Shadow Copy Set

Context:

Execution Context: Coordinator

Provider ID: {00000000-0000-0000-0000-000000000000}

Volume Name: \\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\

Execution Context: Coordinator

Error: (01/08/2015 01:41:03 PM) (Source: VSS) (EventID: 12293) (User: )

Check the Application event log for more information.

Operation:

Query volumes supported by this provider

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Snapshot Context: -1

Error: (01/08/2015 01:41:03 PM) (Source: VSS) (EventID: 8193) (User: )

Error: (01/08/2015 01:25:39 PM) (Source: VSS) (EventID: 12294) (User: )

Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.

Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000031CE30).

Operation:

Get Shadow Copy Properties

Context:

Execution Context: Coordinator

Error: (01/08/2015 01:25:39 PM) (Source: VSS) (EventID: 8193) (User: )

Operation:

Check If Volume Is Supported by Provider

Add a Volume to a Shadow Copy Set

Context:

Execution Context: Coordinator

Provider ID: {00000000-0000-0000-0000-000000000000}

Volume Name: \\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\

Execution Context: Coordinator

System errors:

=============

Error: (01/08/2015 07:26:58 AM) (Source: BROWSER) (EventID: 8032) (User: )

Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{926D7DCA-9190-40D9-B2DF-A1DA8F310264}.

The backup browser is stopping.

Error: (01/08/2015 07:20:03 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Error: (01/08/2015 07:18:16 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Error: (01/08/2015 07:18:12 AM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy4.

Error: (01/08/2015 07:14:00 AM) (Source: BROWSER) (EventID: 8032) (User: )

Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{926D7DCA-9190-40D9-B2DF-A1DA8F310264}.

The backup browser is stopping.

Error: (01/08/2015 05:41:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (01/08/2015 05:41:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (01/08/2015 05:41:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (01/08/2015 05:41:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (01/08/2015 05:41:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Microsoft Office Sessions:

=========================

Error: (01/08/2015 01:56:26 PM) (Source: VSS) (EventID: 12294) (User: )

Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000000020B6C0)

Operation:

Get Shadow Copy Properties

Context:

Execution Context: Coordinator

Error: (01/08/2015 01:56:26 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Error calling CreateFile on volume '\\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\'0x80070005, Access is denied.

Operation:

Check If Volume Is Supported by Provider

Add a Volume to a Shadow Copy Set

Context:

Execution Context: Coordinator

Provider ID: {00000000-0000-0000-0000-000000000000}

Volume Name: \\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\

Execution Context: Coordinator

Error: (01/08/2015 01:56:21 PM) (Source: VSS) (EventID: 12293) (User: )

Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::QueryVolumesSupportedForSnapshots(ProviderId,-1,...)0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.

Check the Application event log for more information.

Operation:

Query volumes supported by this provider

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Snapshot Context: -1

Error: (01/08/2015 01:56:21 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Error calling CreateFile on volume '\\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\'0x8000ffff, Catastrophic failure

Error: (01/08/2015 01:41:08 PM) (Source: VSS) (EventID: 12294) (User: )

Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000000028B620)

Operation:

Get Shadow Copy Properties

Context:

Execution Context: Coordinator

Error: (01/08/2015 01:41:08 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Error calling CreateFile on volume '\\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\'0x80070005, Access is denied.

Operation:

Check If Volume Is Supported by Provider

Add a Volume to a Shadow Copy Set

Context:

Execution Context: Coordinator

Provider ID: {00000000-0000-0000-0000-000000000000}

Volume Name: \\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\

Execution Context: Coordinator

Error: (01/08/2015 01:41:03 PM) (Source: VSS) (EventID: 12293) (User: )

Check the Application event log for more information.

Operation:

Query volumes supported by this provider

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Snapshot Context: -1

Error: (01/08/2015 01:41:03 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Error calling CreateFile on volume '\\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\'0x8000ffff, Catastrophic failure

Error: (01/08/2015 01:25:39 PM) (Source: VSS) (EventID: 12294) (User: )

Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000000031CE30)

Operation:

Get Shadow Copy Properties

Context:

Execution Context: Coordinator

Error: (01/08/2015 01:25:39 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Error calling CreateFile on volume '\\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\'0x80070005, Access is denied.

Operation:

Check If Volume Is Supported by Provider

Add a Volume to a Shadow Copy Set

Context:

Execution Context: Coordinator

Provider ID: {00000000-0000-0000-0000-000000000000}

Volume Name: \\?\Volume{d96e9b15-47f5-11e2-8dd7-08edb9ae5d1a}\

Execution Context: Coordinator

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz

Percentage of memory in use: 55%

Total physical RAM: 6046.36 MB

Available physical RAM: 2684.91 MB

Total Pagefile: 12090.89 MB

Available Pagefile: 8179.82 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:679.8 GB) (Free:587.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: EDA781F2)

Partition 1: (Not Active) - (Size=18.5 GB) - (Type=27)

Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=679.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by Whiteloba, 08 January 2015 - 05:51 PM.

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 09 January 2015 - 05:50 AM

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Please go to one of the below sites to scan the following files:
Virus Total (Recommended)
jotti.org
VirScan
click on Browse, and upload the following file for analysis:

C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

~~~~~~~~~~~~~~~~~~~~

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

Internet Explorer: How to reset Internet Explorer settings
Firefox: Reset Firefox
Chrome: Chrome - Reset browser settings

~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
C:\Users\GrayBush\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe
HKU\S-1-5-21-2753690234-888831857-2254222751-1000\...\Run: [Obrona Block Ads] => "C:\Users\GrayBush\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" --hidden
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=<http://127.0.0.1:9880>
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2753690234-888831857-2254222751-1000 -> DefaultScope {3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} URL = http://search.condui...8451549382&UM=2
SearchScopes: HKU\S-1-5-21-2753690234-888831857-2254222751-1000 -> {3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} URL = http://search.condui...8451549382&UM=2
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
R2 IocingRuwl; C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe [4316160 2015-01-07] () [File not signed] <==== ATTENTION
2015-01-07 13:59 - 2015-01-07 14:08 - 00000000 ____D () C:\Users\GrayBush\AppData\Local\Obrona Block Ads
2015-01-07 13:59 - 2015-01-07 13:59 - 00000000 ____D () C:\Users\GrayBush\AppData\Roaming\OpenCandy
C:\Users\GrayBush\AppData\Local\Temp\avgnt.exe
C:\Users\GrayBush\AppData\Local\Temp\COMAP.EXE
C:\Users\GrayBush\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\GrayBush\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc_mldr.dll
C:\Users\GrayBush\AppData\Local\Temp\GLF1183.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLF1955.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLF1BB7.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLFDB8B.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLFE30B.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLFE506.EXE
C:\Users\GrayBush\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\GrayBush\AppData\Local\Temp\ObronaBlockAds.exe
C:\Users\GrayBush\AppData\Local\Temp\OfficeSetup.exe
C:\Users\GrayBush\AppData\Local\Temp\oi_{69A83661-3F7F-4D4B-B939-4BBA5D108631}.exe
C:\Users\GrayBush\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_d1f8befe-aca6-4c46-9c3b-fbb3be34211d_TX_PR_.exe
C:\Users\GrayBush\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\GrayBush\AppData\Local\Temp\SpOrder.dll
C:\Users\GrayBush\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\GrayBush\AppData\Local\Temp\_isF673.exe
CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0A481A39-7140-405C-96E0-6DF03DDF7D30} - System32\Tasks\RPC => C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
AlternateDataStreams: C:\ProgramData\Temp:D287FACF
AlternateDataStreams: C:\ProgramData\Temp:D3A96964
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

*******

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~
please post
Virus total results
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Whiteloba

New Member

Authentic Member
7 posts

Posted 09 January 2015 - 09:33 PM

Hi,

Thank you so much for your help! I got all the way to the part of the instructions that had me run the FRST/64. The computer restarted and then I opened IE to come back to this thread but IE won't allow me to come to this site on that computer. The message says, The proxy server isn't responding. Check your proxy settings 127.0.0.1:9881.

I can get the Google page to come up but that is it. I can use Google search but I can't go to in of the sites it pulls up.

Thank you.

#4 Whiteloba

New Member

Authentic Member
7 posts

Posted 09 January 2015 - 09:45 PM

I fixed the proxy issues and I'm now online. Will post the requested logs shortly!

Edited by Whiteloba, 09 January 2015 - 09:45 PM.

#5 Whiteloba

New Member

Authentic Member
7 posts

Posted 09 January 2015 - 10:58 PM

https://www.virustot...sis/1420858935/

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by GrayBush at 2015-01-09 19:15:39 Run:1
Running from C:\Users\GrayBush\Desktop
Loaded Profiles: GrayBush & Mcx1-FACEPALMCOMICS (Available profiles: GrayBush & Mcx1-FACEPALMCOMICS)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\GrayBush\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe
HKU\S-1-5-21-2753690234-888831857-2254222751-1000\...\Run: [Obrona Block Ads] => "C:\Users\GrayBush\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" --hidden
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=<http://127.0.0.1:9880>
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2753690234-888831857-2254222751-1000 -> DefaultScope {3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} URL = http://search.condui...8451549382&UM=2
SearchScopes: HKU\S-1-5-21-2753690234-888831857-2254222751-1000 -> {3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} URL = http://search.condui...8451549382&UM=2
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
R2 IocingRuwl; C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe [4316160 2015-01-07] () [File not signed] <==== ATTENTION
2015-01-07 13:59 - 2015-01-07 14:08 - 00000000 ____D () C:\Users\GrayBush\AppData\Local\Obrona Block Ads
2015-01-07 13:59 - 2015-01-07 13:59 - 00000000 ____D () C:\Users\GrayBush\AppData\Roaming\OpenCandy
C:\Users\GrayBush\AppData\Local\Temp\avgnt.exe
C:\Users\GrayBush\AppData\Local\Temp\COMAP.EXE
C:\Users\GrayBush\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\GrayBush\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc_mldr.dll
C:\Users\GrayBush\AppData\Local\Temp\GLF1183.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLF1955.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLF1BB7.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLFDB8B.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLFE30B.EXE
C:\Users\GrayBush\AppData\Local\Temp\GLFE506.EXE
C:\Users\GrayBush\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\GrayBush\AppData\Local\Temp\ObronaBlockAds.exe
C:\Users\GrayBush\AppData\Local\Temp\OfficeSetup.exe
C:\Users\GrayBush\AppData\Local\Temp\oi_{69A83661-3F7F-4D4B-B939-4BBA5D108631}.exe
C:\Users\GrayBush\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_d1f8befe-aca6-4c46-9c3b-fbb3be34211d_TX_PR_.exe
C:\Users\GrayBush\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\GrayBush\AppData\Local\Temp\SpOrder.dll
C:\Users\GrayBush\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\GrayBush\AppData\Local\Temp\_isF673.exe
CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\GrayBush\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0A481A39-7140-405C-96E0-6DF03DDF7D30} - System32\Tasks\RPC => C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
AlternateDataStreams: C:\ProgramData\Temp:D287FACF
AlternateDataStreams: C:\ProgramData\Temp:D3A96964
EmptyTemp:
Hosts:
End

*****************

Processes closed successfully.
"C:\Users\GrayBush\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" => File/Directory not found.
HKU\S-1-5-21-2753690234-888831857-2254222751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Obrona Block Ads => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKU\ProxyEnable: Internet Explorer proxy is enabled.\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\ProxyServer: http=<http://127.0.0.1:988...ersion\Internet Settings\\ProxyServer => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-2753690234-888831857-2254222751-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2753690234-888831857-2254222751-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3FF070FA-2C6C-4F04-957A-99A93E2F7AD3}" => Key deleted successfully.
HKCR\CLSID\{3FF070FA-2C6C-4F04-957A-99A93E2F7AD3} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
IocingRuwl => Service deleted successfully.
C:\Users\GrayBush\AppData\Local\Obrona Block Ads => Moved successfully.
C:\Users\GrayBush\AppData\Roaming\OpenCandy => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\ConsumerInputSetup.exe => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc_mldr.dll => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\GLF1183.EXE => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\GLF1955.EXE => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\GLF1BB7.EXE => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\GLFDB8B.EXE => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\GLFE30B.EXE => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\GLFE506.EXE => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\nitro_reader3_64.exe => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\ObronaBlockAds.exe => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\oi_{69A83661-3F7F-4D4B-B939-4BBA5D108631}.exe => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_d1f8befe-aca6-4c46-9c3b-fbb3be34211d_TX_PR_.exe => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\GrayBush\AppData\Local\Temp\_isF673.exe => Moved successfully.
"HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2753690234-888831857-2254222751-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A481A39-7140-405C-96E0-6DF03DDF7D30}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A481A39-7140-405C-96E0-6DF03DDF7D30}" => Key deleted successfully.
C:\Windows\System32\Tasks\RPC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RPC" => Key deleted successfully.
C:\ProgramData\Temp => ":D287FACF" ADS removed successfully.
C:\ProgramData\Temp => ":D3A96964" ADS removed successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 2.2 GB temporary data.

The system needed a reboot.

==== End of Fixlog 19:17:36 ====

# AdwCleaner v4.107 - Report created 09/01/2015 at 19:48:31
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : GrayBush - MSCLAPTOP
# Running from : C:\Users\GrayBush\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage
File Found : C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Consumer Input
Folder Found : C:\Users\GrayBush\AppData\Local\Conduit
Folder Found : C:\Users\GrayBush\AppData\LocalLow\Conduit

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\Red Sky
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Compete
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Red Sky
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v

-\\ Google Chrome v

[C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN32736152876624257&ctid=CT3225826&UM=2
[C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN32736152876624257&ctid=CT3225826&UM=2
[C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\GrayBush\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=

*************************

AdwCleaner[R0].txt - [8316 octets] - [09/01/2015 19:48:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8376 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by GrayBush on Fri 01/09/2015 at 20:43:57.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2753690234-888831857-2254222751-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\GrayBush\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{13CCEBD0-8B00-4EE5-8E37-C9F07128C660}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{1DBADFD8-41CA-4F25-B648-A5354CA0D83D}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{3F68EA44-7B32-42F4-9E63-1EE9B1171B19}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{57549FB3-20F8-4AB1-BC7C-E4F9E296D563}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{68571D31-612C-4CAA-8C32-D30E906CE831}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{6F6E6F5D-9038-44BE-A14A-E808108A57E7}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{A1BC5B44-CC70-467A-A46C-5640B0671529}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{A2408D42-BE08-49AF-AECF-EDA371D82FA0}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{A2A7EE68-418D-4DE5-83A3-8F76F3F1FB06}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{C018F01B-ED92-40D4-8DA3-1292424DC7E7}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{C73100D0-67F4-48F0-973F-BA421CD69B02}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{CC8A7D15-EA63-4D9C-9C9F-2A89C94E96E2}
Successfully deleted: [Empty Folder] C:\Users\GrayBush\appdata\local\{DC2928B9-5DC2-44A0-8F4C-5FFB22E331B1}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/09/2015 at 20:45:54.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 10 January 2015 - 06:20 AM

Good job.

Download Malwarebytes' Anti-Malware to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- On the Dashboard click on Update Now
- Go to the Setting Tab
- Under Setting go to Detection and Protection
- Under PUP and PUM make sure both are set to show Treat Dections as Malware
- Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
- Then on the Dashboard click on Scan
- Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
***************************************

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
- Note:
  For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
- Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
- Click the blue Run ESET Online Scanner button
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
- Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
- Click on Advanced Settings
- Make sure that the option Remove found threats is unticked.
- Ensure these options are ticked
  - Scan archives
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth technology
- Click Start
- Wait for the scan to finish
- When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
- Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
- Close the ESET online scan.
*************************************

Please post
MBAM log
Eset log

How is your computer now?

#7 Whiteloba

New Member

Authentic Member
7 posts

Posted 10 January 2015 - 04:00 PM

Great! The internet has been working normal so something has improved!

Here are the requested logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/10/2015
Scan Time: 12:05:17 PM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.10.15
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: GrayBush

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406337
Time Elapsed: 26 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
PUP.Optional.FreeMakeConverter.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fmconverter@gmail.com, C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\, , [824524d14346be789f70571cdf24fa06]
PUM.Bad.Proxy, HKU\S-1-5-21-2753690234-888831857-2254222751-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9881, , [efd84ca907824ee8a6afd8c6da2929d7]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.GamesDesktop.A, C:\Program Files (x86)\gmsd_us_62, , [d6f13cb9d9b09d99af73b7ac9c671de3],

Files: 1
PUP.Optional.Softonic, C:\Users\GrayBush\Downloads\SoftonicDownloader_for_rar-file-open-knife.exe, , [d5f212e39dec8fa73d757bdf3ac6619f],

Physical Sectors: 0
(No malicious items detected)

(end)

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\FRST\Quarantine\C\Users\GrayBush\AppData\Local\Obrona Block Ads\ExternalUninstaller.exe a variant of Win32/FirseriaInstaller.V potentially unwanted application
C:\FRST\Quarantine\C\Users\GrayBush\AppData\Local\Temp\ConsumerInputSetup.exe.xBAD Win32/Compete.A potentially unwanted application
C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe a variant of Win32/Adware.ObronaAds.B application
C:\Program Files (x86)\IocingRuwl\IocingRuwlHelper.exe a variant of Win32/Adware.ObronaAds.B application
C:\Users\GrayBush\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\GrayBush\Downloads\SoftonicDownloader_for_rar-file-open-knife.exe a variant of Win32/SoftonicDownloader.G potentially unwanted application
C:\Users\GrayBush\Downloads\other & software\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 10 January 2015 - 06:45 PM

Great! The internet has been working normal so something has improved!

yes!

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe
C:\Program Files (x86)\IocingRuwl\IocingRuwlHelper.exe
Folder: C:\Program Files (x86)\IocingRuwl
C:\Users\GrayBush\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\Plugins\npConduitFirefoxPlugin.dll
C:\Users\GrayBush\Downloads\SoftonicDownloader_for_rar-file-open-knife.exe
C:\Users\GrayBush\Downloads\other & software\avira_free_antivirus_en.exe
EmptyTemp:
End

#9 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 10 January 2015 - 06:45 PM

And MalwareBytes deleted what was found correct?

#10 Whiteloba

New Member

Authentic Member
7 posts

Posted 12 January 2015 - 12:53 PM

I'm not absolutely positive that the MalwareBytes deleted what was found. Is there a way for me to confirm that?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by GrayBush at 2015-01-12 10:37:02 Run:2
Running from C:\Users\GrayBush\Desktop
Loaded Profiles: GrayBush & Mcx1-FACEPALMCOMICS (Available profiles: GrayBush & Mcx1-FACEPALMCOMICS)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe
C:\Program Files (x86)\IocingRuwl\IocingRuwlHelper.exe
Folder: C:\Program Files (x86)\IocingRuwl
C:\Users\GrayBush\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\Plugins\npConduitFirefoxPlugin.dll
C:\Users\GrayBush\Downloads\SoftonicDownloader_for_rar-file-open-knife.exe
C:\Users\GrayBush\Downloads\other & software\avira_free_antivirus_en.exe
EmptyTemp:
End

*****************

Processes closed successfully.
C:\Program Files (x86)\IocingRuwl\IocingRuwl.exe => Moved successfully.
C:\Program Files (x86)\IocingRuwl\IocingRuwlHelper.exe => Moved successfully.

========================= Folder: C:\Program Files (x86)\IocingRuwl ========================

2015-01-07 14:09 - 2015-01-07 10:27 - 0001104 ___SH () C:\Program Files (x86)\IocingRuwl\cacert.crt
2015-01-07 14:09 - 2015-01-07 10:27 - 0070992 ___SH (Microsoft Corporation) C:\Program Files (x86)\IocingRuwl\CertMgr.exe
2015-01-07 14:09 - 2015-01-07 10:27 - 1939456 ___SH (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\IocingRuwl\libeay32.dll
2015-01-07 14:09 - 2015-01-07 10:27 - 0117262 ___SH () C:\Program Files (x86)\IocingRuwl\libgcc_s_dw2-1.dll
2015-01-07 14:09 - 2015-01-07 10:27 - 0970766 ___SH () C:\Program Files (x86)\IocingRuwl\libstdc++-6.dll
2015-01-07 14:09 - 2015-01-07 10:27 - 0048640 ___SH (MingW-W64 Project. All rights reserved.) C:\Program Files (x86)\IocingRuwl\libwinpthread-1.dll
2015-01-07 14:09 - 2015-01-07 10:27 - 0007168 ___SH () C:\Program Files (x86)\IocingRuwl\LoopbackForWin8.exe
2015-01-07 14:09 - 2015-01-07 10:27 - 5266432 ___SH (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\IocingRuwl\Qt5Core.dll
2015-01-07 14:09 - 2015-01-07 10:27 - 1506304 ___SH (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\IocingRuwl\Qt5Network.dll
2015-01-07 14:09 - 2015-01-07 10:27 - 0428544 ___SH (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\IocingRuwl\ssleay32.dll
2015-01-07 14:09 - 2015-01-07 14:09 - 0000000 __SHD () C:\Program Files (x86)\IocingRuwl\platforms
2015-01-07 14:09 - 2015-01-07 10:27 - 1293824 ___SH () C:\Program Files (x86)\IocingRuwl\platforms\qwindows.dll

====== End of Folder: ======

C:\Users\GrayBush\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\Plugins\npConduitFirefoxPlugin.dll => Moved successfully.
C:\Users\GrayBush\Downloads\SoftonicDownloader_for_rar-file-open-knife.exe => Moved successfully.
C:\Users\GrayBush\Downloads\other & software\avira_free_antivirus_en.exe => Moved successfully.
EmptyTemp: => Removed 487.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog 10:37:36 ====

#11 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 12 January 2015 - 12:56 PM

I'm not absolutely positive that the MalwareBytes deleted what was found. Is there a way for me to confirm that?

You can open the quarantine/history logs or run another scan.

How's the computer now?

#12 Whiteloba

New Member

Authentic Member
7 posts

Posted 12 January 2015 - 01:19 PM

Things seem to be working just fine both in IE and Chrome.

My daughter wants to know if she can delete all of the stuff on her desktop now?

Again, thank you for your help! So appreciate it!

#13 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 12 January 2015 - 01:22 PM

It's good news to my ears, and yes we can remove the tools and folders now.

DelFix

Please download DelFix and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Reset system settings
Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP

The following programmes come highly recommended in the security community.

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.