Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Browser hijacked, Extremely slow laptop [Solved]


  • This topic is locked This topic is locked
26 replies to this topic

#1 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 17 January 2015 - 03:09 PM

My son is gettng into gaming and downloading softwares for games, recording and broadcasting youtube vids.  Startup takes 5 minutes plus.  It's got our computer running at a snails pace, and the IE or Google Chrome browser gets redirected to www-searching.com.  I can't get rid of it.  Executing other programs is almost non existent.  Typing lags by 2-3 seconds.

 

I've updated Malwarbytes and found some pups and some malware.  I updated Avast (free) and ran it and found other virus'.  I'm positive his software download technique (hit next, next, next ....) is NOT custom and I'm getting alot of unwanted "add-ons" I don't want and making a mess of the computer.  I really want to get the computer "clean", minimized startup time, get our needed programs to run much faster as they used to.  He's going to get his own gaming computer and I need to instruct him on keeping his computer from getting like what we have now.

 

I'll be running Hijack This and post results.  Edit, I will not run Hijack This first.  I will post results from asw,MBR and FRST.

 

Thanks, Fred

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-17 13:23:53
-----------------------------
13:23:53.127    OS Version: Windows x64 6.1.7601 Service Pack 1
13:23:53.127    Number of processors: 2 586 0x170A
13:23:53.127    ComputerName: BLY4-PC  UserName: Bly4
13:23:56.840    Initialize success
13:23:56.855    VM: initialized successfully
13:23:56.855    VM: Intel CPU virtualization not supported
13:24:00.443    AVAST engine defs: 15011701
13:24:31.253    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:24:31.269    Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
13:24:31.659    Disk 0 MBR read successfully
13:24:31.659    Disk 0 MBR scan
13:24:31.674    Disk 0 unknown MBR code
13:24:31.721    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
13:24:31.737    Disk 0 default boot code
13:24:31.768    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       461435 MB offset 409600
13:24:31.815    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15304 MB offset 945428480
13:24:32.002    Disk 0 scanning C:\Windows\system32\drivers
13:24:59.943    Service scanning
13:25:42.368    Modules scanning
13:25:42.384    Disk 0 trace - called modules:
13:25:42.399    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
13:25:42.415    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800580a060]
13:25:42.431    3 CLASSPNP.SYS[fffff880010f943f] -> nt!IofCallDriver -> [0xfffffa8005809930]
13:25:42.431    5 hpdskflt.sys[fffff88002319289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b2d050]
13:25:43.429    AVAST engine scan C:\Windows
13:26:02.367    AVAST engine scan C:\Windows\system32
13:31:10.667    AVAST engine scan C:\Windows\system32\drivers
13:31:31.247    AVAST engine scan C:\Users\Bly4
14:27:00.926    AVAST engine scan C:\ProgramData
14:46:07.118    Disk 0 statistics 6867491/0/0 @ 0.82 MB/s
14:46:07.165    Scan finished successfully
14:50:12.460    Disk 0 MBR has been saved successfully to "C:\Users\Bly4\Videos\Desktop\MBR.dat"
14:50:12.460    The log file has been saved successfully to "C:\Users\Bly4\Videos\Desktop\aswMBR.txt"

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Bly4 (administrator) on BLY4-PC on 17-01-2015 15:01:16
Running from C:\Users\Bly4\Downloads
Loaded Profiles: Bly4 (Available profiles: Bly4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\Bly4\Videos\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Run: [GoogleChromeAutoLaunch_76C729D2CF1D184427F8EA5874136251] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52684;https=127.0.0.1:52684
ProxyServer: [S-1-5-21-439321651-4069142202-3324294406-1000] => http=127.0.0.1:49167;https=127.0.0.1:49167
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
URLSearchHook: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKLM-x32 -> {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> DefaultScope {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3368DA14-5819-46BD-98BB-417DB755C16F} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {4C974C8A-AF04-4433-8C77-7D142A55A210} URL = http://search.condui...8608CBA1D7=
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {755D8F6D-DFDB-4D50-A972-8CA741A6E30D} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {A39B26C5-462A-4C26-B376-6158F7EBD95E} URL = http://start.mysearc...r=1072125782=
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {BB7E4686-A426-46DF-BDCE-C933377F0475} URL = http://websearch.ask...10-6F9F60E1D17D
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.yhs4.searc...669,0,IE10,7743
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM-x32 - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/pcpitstop.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
DPF: HKLM-x32 {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.gamehouse...zylomplayer.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...Installer64.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn2.safelnk...SetupClient.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9-x64 01 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 02 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 03 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 04 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 15 C:\Windows\system32\plsapp64.dll [439296] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: npDisplayEngine -> C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-439321651-4069142202-3324294406-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bly4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension:  RivalGaming  - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-01-15]
FF Extension:  LivingPlay TextLinks   - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com [2011-08-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-09]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
FF HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Firefox\Extensions: [{BD20A947-EF74-4633-A96A-84D2F26A4812}] - C:\Users\Bly4\AppData\Local\{BD20A947-EF74-4633-A96A-84D2F26A4812}

Chrome:
=======
CHR Profile: C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google Search) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]
CHR Extension: (Gmail) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-17] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-17] (Comodo Security Solutions, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-12] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [386560 2013-10-15] (C-Media Inc.)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U3 aswMBR; \??\C:\Users\Bly4\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 15:01 - 2015-01-17 15:02 - 00030974 _____ () C:\Users\Bly4\Downloads\FRST.txt
2015-01-17 14:59 - 2015-01-17 15:01 - 00000000 ____D () C:\FRST
2015-01-17 14:58 - 2015-01-17 14:59 - 02125824 _____ (Farbar) C:\Users\Bly4\Downloads\FRST64.exe
2015-01-17 13:20 - 2015-01-17 13:21 - 05198336 _____ (AVAST Software) C:\Users\Bly4\Downloads\aswMBR (1).exe
2015-01-17 13:19 - 2015-01-17 13:19 - 05198336 _____ (AVAST Software) C:\Users\Bly4\Downloads\aswMBR.exe.bln7zz4.partial
2015-01-15 22:05 - 2015-01-16 12:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-439321651-4069142202-3324294406-1000
2015-01-15 22:05 - 2015-01-16 12:10 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-439321651-4069142202-3324294406-1000
2015-01-15 22:02 - 2015-01-15 22:03 - 05149528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 22:02 - 2015-01-15 22:02 - 00004126 _____ () C:\Windows\PFRO.log
2015-01-15 20:19 - 2015-01-15 20:19 - 00143792 _____ () C:\Users\Bly4\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 19:28 - 2015-01-17 14:59 - 00001400 _____ () C:\Windows\setupact.log
2015-01-15 19:28 - 2015-01-15 19:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 14:37 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-05 14:37 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-30 12:34 - 2014-12-30 12:34 - 00000000 __SHD () C:\Users\Bly4\AppData\Local\EmieBrowserModeList
2014-12-30 11:08 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-30 11:08 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-30 11:08 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-30 11:08 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-30 11:08 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-30 11:08 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-30 11:08 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-30 11:08 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-30 11:08 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-30 11:08 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-30 11:08 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-30 11:08 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-30 11:08 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-30 11:08 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-30 11:08 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-30 11:08 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-30 11:08 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-30 11:08 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-30 11:08 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-30 11:08 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-30 11:08 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-30 11:08 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-30 11:08 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-30 11:08 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-30 11:08 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-30 11:08 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-30 11:08 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-30 11:08 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-30 11:08 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-30 11:08 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-30 11:08 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-30 11:08 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-30 11:08 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-30 11:08 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-30 11:08 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-30 11:08 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-30 11:08 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-30 11:08 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-30 11:08 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-30 11:08 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-30 11:08 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-30 11:08 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-30 11:08 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-30 11:08 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-30 11:08 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-30 11:08 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-30 11:08 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-30 11:08 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-30 11:08 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-30 11:08 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-30 11:08 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-30 11:08 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-30 11:08 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-30 11:08 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-30 11:07 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-30 11:07 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-30 11:07 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-30 11:07 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-30 11:07 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-30 11:07 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-30 11:07 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-30 11:07 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-30 11:07 - 2014-08-28 18:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-30 11:07 - 2014-08-28 17:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-30 11:07 - 2014-08-28 17:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-30 11:07 - 2014-08-28 17:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-30 11:07 - 2014-08-28 17:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-30 11:06 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-30 11:06 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-30 11:06 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-30 11:06 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-30 11:06 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-30 11:05 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-30 11:05 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-30 11:05 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-30 11:05 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-30 11:05 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-30 11:05 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-30 11:05 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-30 11:05 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-30 11:05 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-30 11:05 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-30 11:05 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-30 11:05 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-30 11:05 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-30 11:02 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-30 11:02 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-30 10:59 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-30 10:59 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-30 10:59 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-30 10:59 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-30 10:59 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-30 10:59 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-30 10:58 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-30 10:58 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-30 10:57 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-30 10:57 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-30 10:57 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-30 10:26 - 2014-12-30 10:26 - 00000000 __SHD () C:\found.004

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 15:02 - 2014-01-19 16:39 - 00000358 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-439321651-4069142202-3324294406-1000.job
2015-01-17 15:00 - 2010-06-03 20:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 14:59 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 14:59 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 14:19 - 2012-05-06 13:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 13:42 - 2009-08-25 00:30 - 01941767 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 13:14 - 2010-01-07 20:45 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-16 15:45 - 2012-07-10 20:20 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-16 12:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-16 12:10 - 2013-02-03 22:50 - 00000412 _____ () C:\Windows\Tasks\Quick PC Booster64 startups.job
2015-01-16 12:10 - 2012-07-11 17:55 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-01-16 12:10 - 2010-06-03 20:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 23:13 - 2014-04-12 22:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-15 22:20 - 2014-05-17 11:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 22:03 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 20:54 - 2014-09-22 15:59 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2015-01-15 20:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-15 19:19 - 2014-09-22 22:12 - 00000000 ____D () C:\Users\Bly4\AppData\Local\CrashDumps
2015-01-13 22:22 - 2013-07-15 12:13 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBly4
2015-01-13 22:22 - 2013-07-15 12:12 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForBly4.job
2015-01-13 20:14 - 2012-05-06 13:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 20:12 - 2012-05-06 13:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 20:12 - 2011-06-07 10:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 19:00 - 2013-01-04 08:34 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-12 19:00 - 2010-04-20 17:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-08 09:55 - 2010-02-11 21:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 08:42 - 2014-06-24 20:45 - 00000000 ____D () C:\Users\Bly4\AppData\Roaming\TS3Client
2015-01-08 00:25 - 2009-07-13 21:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 13:44 - 2009-07-13 21:13 - 00788704 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 12:29 - 2009-12-24 09:40 - 00000000 ____D () C:\Users\Bly4\AppData\Local\Adobe
2014-12-30 12:15 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-30 12:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-30 11:47 - 2010-11-20 10:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-30 11:41 - 2013-12-13 09:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-26 23:31 - 2013-12-31 14:48 - 00000000 ____D () C:\Users\Bly4\AppData\Roaming\.minecraft
2014-12-22 18:41 - 2010-05-30 21:05 - 00000000 ____D () C:\Users\Bly4\Documents\Ghislaine

==================== Files in the root of some directories =======
2014-05-19 17:47 - 2014-10-20 16:59 - 0002475 _____ () C:\Users\Bly4\AppData\Roaming\SAS7_000.DAT
2009-12-21 16:25 - 2012-08-28 21:28 - 0006366 _____ () C:\Users\Bly4\AppData\Roaming\wklnhst.dat
2009-12-13 15:52 - 2009-12-13 15:52 - 0000000 _____ () C:\Users\Bly4\AppData\Local\AtStart.txt
2013-09-18 09:57 - 2013-09-18 09:59 - 0031186 _____ () C:\Users\Bly4\AppData\Local\c4u.log
2009-12-13 15:52 - 2009-12-13 15:52 - 0000000 _____ () C:\Users\Bly4\AppData\Local\DSwitch.txt
2010-01-07 20:56 - 2013-09-18 10:13 - 0553368 _____ () C:\Users\Bly4\AppData\Local\installer.log
2014-06-01 11:06 - 2014-06-01 11:06 - 0000000 ___SH () C:\Users\Bly4\AppData\Local\LumaEmu
2011-11-29 20:37 - 2011-11-29 21:23 - 0000600 _____ () C:\Users\Bly4\AppData\Local\PUTTY.RND
2009-12-13 15:52 - 2009-12-13 15:52 - 0000000 _____ () C:\Users\Bly4\AppData\Local\QSwitch.txt
2013-06-11 18:47 - 2014-03-27 19:42 - 0007616 _____ () C:\Users\Bly4\AppData\Local\Resmon.ResmonCfg
2010-07-10 20:57 - 2010-07-10 20:57 - 0000000 _____ () C:\Users\Bly4\AppData\Local\Rwocejopev.bin
2010-04-26 19:28 - 2010-04-26 19:28 - 2184414 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 006.0
2010-04-26 19:28 - 2010-04-26 19:28 - 1586997 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 007.0
2010-04-26 19:28 - 2010-04-26 19:28 - 0353853 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 007.JPG
2010-04-26 19:29 - 2010-04-26 19:29 - 1882736 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 008.0
2010-04-26 19:29 - 2010-04-26 19:29 - 0411955 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 008.JPG
2010-04-26 19:30 - 2010-04-26 19:30 - 0008256 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 008_navi.JPG
2010-04-26 19:24 - 2010-04-26 19:24 - 2224809 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 013.0
2010-04-26 19:24 - 2010-04-26 19:24 - 1201983 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 013.JPG
2010-04-26 19:30 - 2010-04-26 19:31 - 2144837 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 014.0
2010-04-26 19:31 - 2010-04-26 19:31 - 0865109 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 014.JPG
2010-04-26 19:30 - 2010-04-26 19:31 - 0013728 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 014_navi.JPG
2010-04-26 20:48 - 2010-04-26 20:48 - 2245533 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 029.JPG
2010-04-26 20:48 - 2010-04-26 20:48 - 0015205 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 029_navi.JPG
2010-03-21 19:22 - 2010-03-21 19:22 - 2178259 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 048.0
2010-03-21 19:22 - 2010-03-21 19:22 - 0823601 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 048.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 2339732 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.0
2011-03-19 09:35 - 2011-03-19 09:35 - 1153278 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0011585 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580_navi.JPG
2011-03-19 09:34 - 2011-03-19 09:34 - 2107746 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.0
2011-03-19 09:35 - 2011-03-19 09:34 - 0814227 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.1
2011-03-19 09:35 - 2011-03-19 09:35 - 0814263 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.2
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.3
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0010588 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581_navi.JPG
2011-03-19 09:33 - 2011-03-19 09:37 - 2152508 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.0
2011-03-19 09:37 - 2011-03-19 09:37 - 0834317 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.JPG
2011-03-19 09:37 - 2011-03-19 09:37 - 0013189 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582_navi.JPG
2010-11-26 21:20 - 2010-11-26 21:20 - 0674933 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.0
2010-11-26 21:21 - 2010-11-26 21:20 - 0176681 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.JPG
2010-11-26 21:21 - 2010-11-26 21:21 - 0691040 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.0
2010-11-26 21:21 - 2010-11-26 21:21 - 0186674 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.JPG
2010-11-26 21:23 - 2010-11-26 21:23 - 0700418 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.0
2010-11-26 21:23 - 2010-11-26 21:23 - 0174107 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.JPG
2010-07-10 20:57 - 2010-07-10 20:57 - 0000120 _____ () C:\Users\Bly4\AppData\Local\Vjagesikomejes.dat
2013-02-03 23:14 - 2013-02-10 16:58 - 0000105 _____ () C:\Users\Bly4\AppData\Local\ZDManager.ini
2009-12-13 15:52 - 2015-01-16 15:51 - 0000281 _____ () C:\ProgramData\HPWALog.txt
2010-10-09 21:48 - 2013-02-24 12:44 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-04-14 10:55 - 2014-04-14 18:46 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-04-25 13:41 - 2013-04-25 13:41 - 0010305 _____ () C:\ProgramData\regid.2002-03.com.schoolhousetech_FCA4358D-CA55-4EC6-8FED-5921CD3CBB06.swidtag
2009-08-25 01:14 - 2009-08-25 01:14 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-09 00:34 - 2009-08-09 00:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-25 01:13 - 2009-08-25 01:13 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-09 00:29 - 2009-08-09 00:30 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-25 01:13 - 2009-08-25 01:13 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-25 01:14 - 2009-08-25 01:14 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-09 00:28 - 2009-08-09 00:29 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-09 00:30 - 2009-08-09 00:34 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-25 01:14 - 2009-08-25 01:14 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\cd1\setup.exe
C:\Users\crack\keygen.bat
C:\Users\crack\lic.dat
C:\Users\crack\ptcrypt.exe

Some content of TEMP:
====================
C:\Users\Bly4\AppData\Local\Temp\bpuninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-16 12:30

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by Bly4 at 2015-01-17 15:03:21
Running from C:\Users\Bly4\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Action Replay Code Manager (HKLM-x32\...\Action Replay Code Manager_is1) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Any Video Converter 3.0.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcadeWeb (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\AWSoftware) (Version: 1.0 - )
ATI Catalyst Install Manager (HKLM\...\{83715090-142B-D305-36EC-7538A007D336}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
BitTorrent (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\BitTorrent) (Version: 7.9.2.33884 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
CodeStuff Starter (HKLM-x32\...\CodeStuff Starter) (Version: 5.6.2.9 - CodeStuff)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
Costco Photo Organizer (HKLM-x32\...\{788B97E8-D825-419A-8558-1C0B344C5371}) (Version: 1.5.0.102 - Costco Wholesale Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Elgato Game Capture HD (HKLM-x32\...\{BB6E10AB-CB79-463F-9548-B7DCEDC3BF28}) (Version: 1.42.24.539 - Elgato Systems GmbH)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
EPSON Artisan 50 Series Printer Uninstall (HKLM\...\EPSON Artisan 50 Series) (Version:  - SEIKO EPSON Corporation)
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 3.22 - Philipp Winterberg)
GamingWonderland Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Horizon v2.8.0.1 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.0.1 - Daring Development Inc.)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6230.0 - IDT)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Juniper Networks Cache Cleaner 6.4.0 (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Juniper_Networks_Cache_Cleaner 6.4.0) (Version: 6.4.0.14619 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Neoteris_Host_Checker) (Version: 6.4.0.14619 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Juniper_Setup_Client) (Version: 2.0.2.5977 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
KODAK All-in-One Printer Software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Marble Blast Gold (remove only) (HKLM-x32\...\MarbleBlastGoldYahoo) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight Free Download Packages (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Microsoft Silverlight Free Download Packages) (Version:  - ) <==== ATTENTION
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
netbrdg (x32 Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.5615 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.10.2 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuizCreator Free (HKLM-x32\...\Wondershare QuizCreator Free (Build 4.5.0)_is1) (Version:  - Wondershare Software)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RivalGaming (HKLM-x32\...\RivalGaming) (Version:  - RivalGaming) <==== ATTENTION!
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Schoolhouse Test 3 (HKLM-x32\...\{5B7A023B-5391-4157-992B-B3E8805955D5}) (Version: 3.1.17.1 - Schoolhouse Technologies)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SFR (x32 Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
SolidWorks 2006 SP0 (HKLM-x32\...\{984B44FD-953F-4176-BE74-421B00ED71C5}) (Version: 14.1.0011 - SolidWorks)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Letter Linker (HKLM-x32\...\am-superletterlinker) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.11 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

30-12-2014 11:10:17 Windows Update
05-01-2015 14:37:06 Windows Update
16-01-2015 12:26:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2011-07-29 20:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {029ED49E-66AD-4672-AC2D-961E983F724E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-439321651-4069142202-3324294406-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0384559A-8A74-4C1B-BA21-8F9D93267F1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: {03EFF395-79EA-4E75-92C3-D8226E691B0D} - \ASP No Task File <==== ATTENTION
Task: {11665884-73A2-40C4-A1A5-BB9CF0BE2D2A} - System32\Tasks\HPCeeScheduleForBly4 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {12BB4F89-AA2E-4BFF-A960-908593B23183} - System32\Tasks\{DD1A889D-7C86-4189-9EC6-19B9995E550E} => pcalua.exe -a C:\Users\Bly4\Desktop\setup_prevent_restore.exe -d C:\Users\Bly4\Desktop
Task: {1CC7F785-71E4-4582-95EC-3F568A5A38F2} - System32\Tasks\{846AF9D6-F471-42E8-B516-6149C1375CAA} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {1D0F43D1-39CA-432F-817C-CE88770F13DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {25DCCA2C-9A97-46F4-9628-123C1FF19CFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {28F14300-2E89-44AD-BCDB-BEA83C749DFA} - \RocketTab No Task File <==== ATTENTION
Task: {2F5470C4-21A7-456B-9ECA-0FEA95D4CBC3} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {3CB434F1-FCDE-4D49-9DA7-478640581DBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {41F6499F-9F35-434A-89CA-A5247CCA115F} - System32\Tasks\{16B295D5-E1FF-45C2-8E2F-2BF540475A09} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {49B3DFEF-F59E-4AD9-8EC6-6EEAF10BCFB0} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {4A5E6E71-2DEE-4DA4-B2BC-17BAE3AF0C64} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4C03242F-B6C7-46C6-A361-B2F61C26BE69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4F7B6A66-90F6-4F5D-A325-1E07A2448154} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {517F3BD6-B521-4387-866C-1D65ACD4D5BB} - System32\Tasks\{3ECD99B3-5DD0-4C16-817B-C79782832B02} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {5A6E45FA-3B9D-46C6-BB77-25F4932C707C} - System32\Tasks\{9BB352E8-A829-4590-8BC9-E567310EEEF6} => pcalua.exe -a F:\setup_prevent_restore.exe -d C:\Users\Bly4\Desktop
Task: {5C32BF33-00ED-452C-8E35-7B66247F4C68} - System32\Tasks\{B6CFB258-569C-43E6-81C3-EBDF9F418F29} => pcalua.exe -a "C:\Program Files (x86)\SpeedBit Video Downloader\GRRemove.exe" -d "C:\Program Files (x86)\SpeedBit Video Downloader"
Task: {5E2E4295-6A11-4C9F-84CE-404FC136839B} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {5F8F556E-384F-45EE-ADF1-BD0230514B3C} - System32\Tasks\{872C817F-64B0-42C7-9FAF-597F5FAE1833} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {660C6DDA-6491-427D-99F8-4387F5CC2BC9} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {6CD138C1-FF04-4D64-A346-4FEE5E79945B} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {6CE010F2-D4B8-4BE1-B064-036719EAA7D4} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {6F45771C-D689-4BB1-B47A-FD4C4B8FFC52} - \Dealply No Task File <==== ATTENTION
Task: {739A8A60-0E38-4965-BC8A-5DF2CC58534D} - System32\Tasks\{4C21EE64-5D9B-49F7-8AA4-19131D894002} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {7840D115-E995-4E18-BE64-99C272BFD4A5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {81423BA7-4F37-469D-B3D7-A2E4813350A4} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {81A4FFAE-A1CD-4227-B87A-E886EB6A9D8D} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {873D2E51-7E5F-4EBB-AE5D-ADC8E0B66621} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8A54A360-49F5-41B1-88B6-61E8BD5F873A} - System32\Tasks\{626267D1-3E9D-4C24-A7D0-C2503116774E} => C:\Users\Bly4\Desktop\minecraft.jar\mods\BestCodecsPackSetup.exe
Task: {906ED6D2-1207-490C-B381-7B144A13C8D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {909F34E4-FCC1-4619-8482-DBE86ED8211D} - System32\Tasks\{D353CE84-B85B-4DB8-8C30-C4CE415A6E39} => pcalua.exe -a "C:\Users\Bly4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QRJP7RE\yahoo_marbleblastgold_tm1-1[1].exe" -d C:\Users\Bly4\Desktop
Task: {97F6852F-BB93-4610-8FFC-7676F21F8D88} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9A51BF9D-2C76-40C1-85C5-E0A2E5EF4C65} - System32\Tasks\{75748995-CEC6-41E8-A4D1-1A2EBCB10104} => pcalua.exe -a E:\SOLIDWORKS_V2006\legend.exe -d E:\SOLIDWORKS_V2006
Task: {9CE90578-D6BE-4407-89C8-B18B21F9DBBA} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {9E93F8EE-0044-47A9-B0AC-A0DE035D162B} - System32\Tasks\{019D4A2C-5344-4A23-ABBA-DF7349A90D2B} => C:\Users\Bly4\Desktop\minecraft.jar\mods\BestCodecsPackSetup.exe
Task: {C1F5F45E-349A-4341-85D8-C1EB74ED63F9} - System32\Tasks\{4459E44D-CA78-44C2-BD25-2ACC900298F3} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {CBA25F96-DAED-4DB6-9B3D-D25750DACB84} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {CC5D91DD-DB75-46B9-8684-DFE6F4905BE9} - System32\Tasks\{C4AFC609-14C7-4E5C-9943-683BA535F933} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {CF7DAB50-9D60-4E95-8182-E2BDF5876159} - System32\Tasks\{1F086DD4-B6ED-4C8D-BF40-3C2FCC68FD3F} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {D838B64B-3912-49BC-AD87-EE46A5498564} - System32\Tasks\{F2FA5244-0C71-4F70-9A62-E2AB2BB687F2} => C:\Program Files (x86)\Marble Blast Gold\MarbleBlast.exe [2003-07-25] ()
Task: {D893E5E8-52CD-49BE-949D-AADC37BC8369} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {E7A12C8E-EB96-4021-B639-FEE99C14B021} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {EAF335B7-8A7D-4AE9-BE18-B1741114842E} - System32\Tasks\{B3A5E6DF-D253-4ED6-A2E2-777150642FAD} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {EC782F52-0A69-407C-9333-070A17B74130} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {ED921852-EE49-4AD2-BD9D-2E91486C2545} - System32\Tasks\CIMT_S-1-5-21-439321651-4069142202-3324294406-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {F1CADD5C-5C43-48E4-938C-42ECA03917F2} - System32\Tasks\4528 => Wscript.exe C:\Users\Bly4\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {F405895F-56CE-4E8B-B39E-C7820229194D} - System32\Tasks\{DF15CA10-27AD-487A-8CFC-695CAB0280D2} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {F64F65CC-BD86-4D3E-8CEB-EEC19C9D049C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F805F1AA-B444-423F-848C-6E7C8A69629F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F8DCA56E-48D0-47EB-96DE-905D4FD57B9F} - System32\Tasks\{BA0A9722-4EA2-4D8A-AD54-55C75BAB9FA6} => C:\Program Files (x86)\Marble Blast Gold\MarbleBlast.exe [2003-07-25] ()
Task: {F9550745-2E20-4F8B-8084-04407A64DEC6} - \MySearchDial No Task File <==== ATTENTION
Task: {FAB749D3-B88B-4BB6-BC98-4B00D4DEBCA8} - System32\Tasks\{0D069FBF-BA03-4108-9604-F3824B435170} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {FD792E21-E467-4F98-BAC9-ED78DDCD26CC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-439321651-4069142202-3324294406-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FFB70D58-C9DE-49BA-BA8A-C512632E4A64} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-439321651-4069142202-3324294406-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBly4.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe

==================== Loaded Modules (whitelisted) =============

2014-04-12 23:40 - 2014-04-12 23:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-08-09 00:34 - 2009-01-21 10:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-23 01:10 - 2014-05-23 01:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2009-07-21 09:34 - 2009-07-21 09:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-07-01 14:44 - 2009-07-01 14:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2015-01-15 19:07 - 2015-01-15 19:07 - 02910720 _____ () C:\Program Files\Alwil Software\Avast5\defs\15011502\algo.dll
2015-01-17 13:14 - 2015-01-17 13:14 - 02911744 _____ () C:\Program Files\Alwil Software\Avast5\defs\15011701\algo.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-11 10:59 - 2010-04-11 10:59 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-11 10:59 - 2010-04-11 10:59 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-04-04 17:03 - 2011-04-04 17:03 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-11-21 19:07 - 2014-11-21 19:07 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2009-07-23 10:37 - 2009-07-23 10:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gusvc => 3
MSCONFIG\startupfolder: C:^Users^Bly4^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1421377726
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_76C729D2CF1D184427F8EA5874136251 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: HPCam_Menu => "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: LTCM Client => C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PureLeads Tray => "C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Users\Bly4\Desktop\steam\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchProtection => "C:\Users\Bly4\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Bly4\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Bly4\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: uTorrent => "C:\Users\Bly4\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-439321651-4069142202-3324294406-500 - Administrator - Disabled)
Bly4 (S-1-5-21-439321651-4069142202-3324294406-1000 - Administrator - Enabled) => C:\Users\Bly4
Guest (S-1-5-21-439321651-4069142202-3324294406-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-439321651-4069142202-3324294406-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 07:59:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c
Faulting module name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c
Exception code: 0xc0000005
Fault offset: 0x0002b78a
Faulting process id: 0xc38
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3

Error: (01/16/2015 00:41:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (01/17/2015 01:14:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E225E692-4B47-4777-9BED-4FD7FE257F0E}

Error: (01/17/2015 01:14:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdatem) service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/15/2015 10:04:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (01/15/2015 10:04:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Microsoft Office Sessions:
=========================
Error: (01/16/2015 07:59:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpasset.exe3.0.3.15202c98chpasset.exe3.0.3.15202c98cc00000050002b78ac3801d03209f90ef876C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe3acb3708-9dfd-11e4-a17f-00269e8c030e

Error: (01/16/2015 00:41:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe

CodeIntegrity Errors:
===================================
  Date: 2011-07-29 21:08:23.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-29 21:08:23.683
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 65%
Total physical RAM: 4063.19 MB
Available physical RAM: 1404 MB
Total Pagefile: 8124.55 MB
Available Pagefile: 5285.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.62 GB) (Free:165.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.95 GB) (Free:2.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CF892B78)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


Edited by fredII, 17 January 2015 - 05:12 PM.

    Advertisements

Register to Remove


#2 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 17 January 2015 - 07:12 PM

Hello, fredll

My name is fbfbfb. I will gladly assist you with your concerns.

While working to resolve the issues with your machine, please follow these guidelines:

  • Please be patient. Logs are lengthy and can take time to analyze.
  • Read and follow my directions carefully, in the sequence they are posted.
  • If you are unsure about anything, please ask for clarification before continuing.
  • Use only those tools that you have been directed to use.
  • Do not install or uninstall any applications or run any other scans without being directed to do so.
  • Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
  • Stay with me until your machine has been deemed all clear, otherwise, your computer will most likely still be infected.
  • Please reply within 3 days of each posting to avoid closing this topic. If you need more time to complete tasks, or if you will be away, please let me know in advance.

Please run the following scan
 
CKSCANNER
 
Download CKScanner from HERE  and save it to your Desktop.

  • Double-click CKScanner.exe > Click Search For Files.

Note: For Vista, Windows7, or Windows 8, right click the CKScanner.exe icon > Choose Run As Administrator > Click Search For Files.

  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.  Please run this program only once.
  • Double-click the CKFiles.txt icon on your desktop > Copy/paste the contents into your next reply.


#3 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 17 January 2015 - 09:32 PM

Nice to meet you bfbfbf.  I ran CKScanner as requested and here's the results;

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_zh-cn\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_zh-hk\sounds\firecrackle.ogg
c:\program files (x86)\hp games\word symphony\resources\ball\eggcrack.wjp
c:\program files (x86)\hp games\word symphony\resources\ball\eggcrack_a.wjp
c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe
c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe.config
c:\users\crack\keygen.bat
c:\users\crack\lic.dat
c:\users\crack\ptcrypt.exe
c:\users\crack\readme.txt
scanner sequence 3.FI.11.SDNAXZ
 ----- EOF -----

Thanks, Fred
 



#4 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 18 January 2015 - 04:23 PM

Hello, fredII.
 
Thank you for your CKScanner log.
 
After reviewing your FRST log, I see you have P2P software (BitTorrent)  installed on your machine.  We are not here to pass judgment on file-sharing as a concept.  However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections.  It likely contributed to your current situation.
 
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe.  You will be sharing files from uncertified sources, and these are often infected.  The bad guys use P2P filesharing as a major conduit to spread their wares. 
 
Please see this topic for more information:  What You Need To Know About Peer-to-Peer File Sharing.

 

I would strongly recommend that you uninstall this now. You can do so via Control Panel > Programs and Features.
 
Please run the following scans

1.  AdwCleaner

We will be running this cleaner in 2 parts.  The first time you run it, please scan only and send me the log.  We will rerun it again later to clean.

Please download AdwCleaner from HERE.

  • Double click on adwcleaner.exe. Note: Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

2.  Junkware Removal Tool (JRT)
 
Please download Junkware Removal Tool from HERE and save it to your desktop.

  • Shutdown your antivirus to avoid any potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • JRTwill begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply.

3.  Malwarebytes Anti-Malware (MBAM)
 
Download MBAM from HERE > Save it to your Desktop.
Note:

  • Windows XP > Double click on the icon to run it.
  • Windows Vista, Windows 7 and 8 > Right-click and select Run As Administrator.

MBAMDashboard_zpsddef9b5f.gif

  • On the Dashboard, click Update Now.
  • Click the Settings tab > Click Detection and Protection.
  • Under Non-Malware Protection, make sure that both PUP and PUM are set to show Treat Detections as Malware .
  • Click Advanced Settings > Check mark Automatically Quarantine Detected Items.
  • On the Dashboard, click Scan.
  • Select Threat Scan > Click Scan Now.
  • When the scan is finished and the log pops up, select Copy to Clipboard .
  • Please paste the log into your next reply.
  • Exit Malwarebytes.

4.  Security Check

  • Download Security Check from HERE.
  • Save it to your desktop.
  • Double-click SecurityCheck.exe > Follow the onscreen instructions inside the black box.
  • In the event you get the message Unsupported operating system. Aborting now., reboot and try again.
  • A Notepad document should open automatically called checkup.txt.  This may take a few minutes.  Please copy and paste the contents of that document into your next reply.

CHECKLIST : In your next reply, please post the following:

  • AdwCleaner[R0].txt
  • JRT.txt
  • MBAM log
  • checkup.txt


#5 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 18 January 2015 - 09:51 PM

First and foremost, I apologize for the dyslexic spelling of your name.  I should know better given my initials are fb.  I thought you'd catch the bittorrent program.  It's one of those things I was thinking of trying but have always backed off of doing because of virus' and malware so it's never been used.  I'll delete it.

 

Second, I tried to download adwcleaner from "here".  It went to bleepingcomputer (which I trust) but my Avast sees it as "win32:Evo-gen[susp] and automatically puts it in the chest.  I eventually right clicked on the "download" button anyway (in bleeping computer) and it says it uses IntstallIQ and in a 7zip file and after a minute it says "this webpage not found". 

 

I'm stuck at this point from this source, or I need to shut off Avast and try again.  I was using right click to find "run as administrator" which I don't find. I know we need to run your to-do list in order so I'll await instructions.

 

Thanks, Fred



#6 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 19 January 2015 - 04:55 PM

Hello, fredII.
 
No problem with the spelling of my forum name!  You can abbreviate me to fb -- much easier.
 
When downloading AdwCleaner, you will be directed to Bleeping Computer, a very trusted site.  Some anti-virus programs will target legitimate programs as they are viewed as infectious.  Please try the following, and hopefully, everything should work for you:

  • Disable your anti-virus while downloading and installing AdwCleaner, then reanable when finished.
  • Instead of running the program as "administrator," double-click the icon to launch the program.
  • If you are still having difficulty, please download and install the program in Safe Mode.  If you are not familiar with Safe Mode, please do this:

 

  • Shut off your computer > Restart.
  • As soon as the computer starts to boot-up, tap the F8 key somewhat rapidly--this will bring up the Advanced Boot Options screen.
     

    Advanced_Boot_Options_Win7.png


     
  • Use the Up and Down arrow keys to scroll up to Safe Mode with Networking.
  • Then press the Enter key on your keyboard.
  • Wait for Windows 7 Files to load.
  • Log into your account as your normally do.

 

 



#7 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 19 January 2015 - 09:18 PM

fb, did as required and here's adwCleaner report;

 

# AdwCleaner v4.108 - Report created 19/01/2015 at 18:24:22
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bly4 - BLY4-PC
# Running from : C:\Users\Bly4\Videos\Desktop\AdwCleaner (2).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Bly4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Found : C:\Users\Bly4\daemonprocess.txt
File Found : C:\Users\Bly4\Videos\Desktop\SPEEDbit Video Downloader.lnk
File Found : C:\Windows\System32\log\iSafeKrnlCall.log
Folder Found : C:\Program Files (x86)\Mobogenie
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\Speedbit Video Downloader
Folder Found : C:\Program Files (x86)\v-Grabber
Folder Found : C:\Program Files (x86)\YTDownloader
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Found : C:\ProgramData\Updater
Folder Found : C:\Users\Bly4\AppData\Local\CrashRpt
Folder Found : C:\Users\Bly4\AppData\Local\FileTypeAssistant
Folder Found : C:\Users\Bly4\AppData\Local\genienext
Folder Found : C:\Users\Bly4\AppData\Local\Mobogenie
Folder Found : C:\Users\Bly4\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Bly4\AppData\Roaming\iSafe
Folder Found : C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
Folder Found : C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Found : C:\Users\Bly4\AppData\Roaming\SmartPCFix
Folder Found : C:\Users\Bly4\AppData\Roaming\Systweak
Folder Found : C:\Users\Bly4\Documents\Mobogenie

***** [ Scheduled Tasks ] *****

Task Found : ASP
Task Found : Dealply
Task Found : LaunchSignup
Task Found : MySearchDial
Task Found : ProgramUpdateCheck
Task Found : RocketTab Update Task
Task Found : RocketTab
Task Found : Smp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Found : HKCU\Software\Define Ext
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C974C8A-AF04-4433-8C77-7D142A55A210}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A39B26C5-462A-4C26-B376-6158F7EBD95E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB7E4686-A426-46DF-BDCE-C933377F0475}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SBConvert
Key Found : HKCU\Software\Search Extensions
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\usyndication.com
Key Found : HKCU\Software\YTDownloader
Key Found : [x64] HKCU\Software\Bitberry
Key Found : [x64] HKCU\Software\Define Ext
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C974C8A-AF04-4433-8C77-7D142A55A210}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A39B26C5-462A-4C26-B376-6158F7EBD95E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB7E4686-A426-46DF-BDCE-C933377F0475}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\SBConvert
Key Found : [x64] HKCU\Software\Search Extensions
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\YTDownloader
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322962282}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Found : HKLM\SOFTWARE\Define Ext
Key Found : HKLM\SOFTWARE\firstsearch
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\LookSafe
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BEC2075C-8E0A-4EB6-8D5D-A840665B39C9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\YTDownloader
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322962282}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BEC2075C-8E0A-4EB6-8D5D-A840665B39C9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Found : [x64] HKLM\SOFTWARE\YTDownloader
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v39.0.2171.99

*************************

AdwCleaner[R0].txt - [24244 octets] - [05/02/2014 18:56:21]
AdwCleaner[R1].txt - [13543 octets] - [19/01/2015 18:24:22]
AdwCleaner[S0].txt - [23359 octets] - [05/02/2014 19:19:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [13665 octets] ##########

 

 

Here's JRT report;

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bly4 on Mon 01/19/2015 at 18:49:17.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webconnect
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022442279}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322962282}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022442279}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322962282}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WebConnect_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WebConnect_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WebConnect_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WebConnect_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\WebConnect_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\WebConnect_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\WebConnect_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\WebConnect_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C974C8A-AF04-4433-8C77-7D142A55A210}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A39B26C5-462A-4C26-B376-6158F7EBD95E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB7E4686-A426-46DF-BDCE-C933377F0475}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BEC2075C-8E0A-4EB6-8D5D-A840665B39C9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BEC2075C-8E0A-4EB6-8D5D-A840665B39C9}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Bly4\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Users\Bly4\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Bly4\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Bly4\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Users\Bly4\appdata\local\genienext"
Failed to delete: [Folder] "C:\Users\Bly4\appdata\local\mobogenie"
Successfully deleted: [Folder] "C:\Users\Bly4\appdata\locallow\surfcanyon"
Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie"
Successfully deleted: [Folder] "C:\Program Files (x86)\predm"
Successfully deleted: [Folder] "C:\Program Files (x86)\rivalgaming"
Successfully deleted: [Folder] "C:\Program Files (x86)\v-grabber"
Successfully deleted: [Folder] "C:\Users\Bly4\AppData\Roaming\microsoft\windows\start menu\programs\vgrabber"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{000EE2A8-554E-48B9-8F3F-E89C823B2DC3}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{0106DA1A-A213-4F48-9D01-CD1BD24D6B3D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{011F163C-63AB-4EF2-90AA-9EB448FC1A2C}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{0144F8CB-60A5-4576-84D0-8836DD2E280E}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{030C0C0D-E554-49C5-B240-D6A933DA8DDC}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{0310C11B-8F98-4C0D-BFB4-09812BA81D0D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{0321EE00-242F-4D8D-A59D-9A05ED838CCB}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{03BF8BEA-1196-4711-BD4E-C7FC1B2FE465}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{048C5FF4-AC2F-4FA7-8BC9-5B057D1870E4}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{06256F6C-B3FD-40A6-BD5E-DB77A1630C79}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{068D84F2-5581-42E3-96E7-4AACABD4CFEC}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{06DF8E0B-DE9E-4082-844A-0A00B117BA31}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{088479ED-B83D-4D2B-8D72-3122A69CBDE9}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{0914D74A-A1D6-447A-9BF6-C4516023A633}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{0917E855-7F21-4CE2-B2FD-B6FC28920EA0}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{09F6C116-A0B3-4A86-993B-333F7B7EFD0F}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{0B495E35-43DC-40A6-A8D7-FB79CF9F0ED8}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{0D0DA546-FAFD-42C4-9FDA-A1F5FA86AF93}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{0FAA2C29-1E2A-4DCE-B9B6-7071A55DF68A}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{11916AF6-34BF-43CB-9294-402F22552B3C}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{1263F991-E5B9-40B2-99A9-155C0DD814BC}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{1282689E-3E51-4803-91B4-3FA6743DB31D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{142E6151-4511-4B7B-9F6D-39D266BB2B47}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{19AA9763-279B-475E-A296-3A24C19F4C73}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{19B85E37-4949-4E94-9B5D-A3D4F866D554}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{1A293F7B-DA6B-4FE3-B062-B4488683FFA0}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{1A72549E-55C3-48A6-8987-E3267A9F6F46}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{1B4396A8-7069-4BCC-8328-0663F52FCD63}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{1DB31E8D-3421-4A73-BA74-BDFCAED1534D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{201DE1F5-449E-4DB2-96FA-F8BC589114A2}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{206E6363-D57C-4A92-981E-70F065C69B11}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{20DDFD62-D3F4-43E5-9AC1-0145A9B8BAF9}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{20EDDD59-DB19-4138-BC02-70146A7DD64A}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{22223B2A-10A4-4C01-AE33-94BD1476CE5C}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{22B59769-4AC2-4BC3-97F3-1EAEDA91A903}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{2498A4BA-F33A-4AF0-9D79-198CD9716AB2}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{2583DA6D-97A9-4CC2-B5E1-BDDDD9FD405B}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{25BE68A6-B906-492D-9FA1-C5CF963DCEAA}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{26F3C095-45AD-4DA0-A546-42584540EDF8}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{2947618C-878F-4936-86AF-A6914EA3BB37}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{2A6F2E24-40E3-4FF9-B373-DD290E397EF3}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{2E7EEED2-3373-4D48-B32C-371E0B8090A8}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{2F51FF2B-2BB4-4CCE-B99F-37243C43C974}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{3156499B-AE86-4116-9B41-6544AC535181}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{33D6D6A6-4F2C-49F5-8F8C-053467E4DFEF}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{36564699-562B-4CA8-93B5-C2D5C0EE9CA2}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{36F14C88-5B5B-4993-B6ED-4A288F9200F7}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{377E5493-1AFB-488A-AAD1-0602A06544B8}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{3792BE3E-1865-4867-83EF-F4F42CF5599B}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{37EA9A19-6EDD-45C3-AE5A-D4D6B65AE8EE}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{3832FE98-38DB-4AB1-BA9E-A0663C1FA495}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{38C4F478-A52D-483E-B273-A0053D7E6203}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{3978D66A-5CF0-45F9-B912-7A9D5FCF300F}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{3A91A520-8CBB-4546-A5CE-B0DB9028A31D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{3CA5240E-F95C-4668-BEA4-F561ADE57DF0}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{3EC4C7F5-543B-49D2-81F3-EFF42475C792}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{4128416D-6EE1-48A5-B0CB-1E28E4DA7CA4}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{416A90F2-C468-42AF-A93B-86896A46DB6B}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{422E391C-AE2F-4742-8563-21D48C617183}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{42F09913-EC20-447E-BC54-D48AFC38047F}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{43BE723B-8134-4C46-BAE7-EBA22C1A61F8}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{442E9B6B-DA17-4717-B099-4B55ADC28221}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{45011A8D-6307-4231-9C79-A7BEAEA15D70}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{4772EC39-1635-4B44-8C60-AED3A2F42D72}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{47DA3C02-5588-40E9-9A7E-7DAB39DEE6E1}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{486DD131-24F3-4011-8F61-417D8C5CDAA5}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{4884AAC0-1BE1-4C08-919F-BECCB46177EB}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{489FBB77-BAC2-43FA-B09D-10FE9D544695}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{4A2BC51C-0D90-4530-BB43-2531FE79E730}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{4CB9C49C-495D-41F2-B4E9-BA0743283AE7}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{4E3B6C33-F831-4352-854D-D360C770220A}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{4E8173C0-DE6B-491C-B075-5A2F8212E576}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{50A86EAC-75E0-47A8-B414-D641176F2544}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{50BD3DBD-4CC0-438D-9854-F7E103132411}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{51F3BE10-1696-411B-A8CA-E5EF49A0A676}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{51FC9085-ED1C-409D-A133-88967412B350}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{52595320-5A6A-43B9-B624-507CA81909D9}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{538720D9-7CDA-4144-9F9B-95ED46141DCC}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{54773E12-1373-4686-B6A3-99A709323396}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{568A69C3-D027-441D-88A0-1394A8117A08}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{59293B67-D445-4285-AD4C-B2D29C7B6925}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{5935A354-4BFE-40DD-AD93-AE3CA1622E6E}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{5A905C40-BBA5-4A7F-87B5-D19840055631}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{5BD902C2-FB41-4311-BE51-1CFEF9A9D0D2}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{5CC1A25F-FA1C-4DEA-9A07-EF9A8E3F27E7}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{5CF0C692-B067-4A7E-8FCF-5B852E4FB9FD}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{5DC1E1F9-8B0C-477D-B6A3-057010238C4B}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{5E092D7A-A5FC-460F-9AF3-9ABCF6B82E31}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{5ECDF898-3988-4472-896A-BE9C26E3AF32}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{61271190-FFE9-4FF4-8B27-0D552C9D557C}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{61CC8283-13B2-4FCF-9355-652411AD3D57}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{61E0101B-4D58-4228-97C1-AB140E2F998D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{62E244C0-001D-4845-8B9E-7CC0D50696D4}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{63B0F3DA-F853-4945-8213-99C24CF4AE37}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{63F36786-546B-4C7A-AA36-BCFFFF5C54DF}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{640B7DE9-569F-4A62-8A77-08936F778AA7}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{6467530D-44CA-47CF-88B0-71B042DB12E3}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{6546343C-6159-4D10-9E1C-36D82BC0750F}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{656565C6-92A2-400C-830F-3BC98209497A}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{66235399-642B-4B1A-81CB-0C73D46897FB}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{6994B653-D192-4352-BF96-BEB4B7FEEB33}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{6B6E73D0-749F-477F-BC62-29104B078713}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{6B72B571-EAA8-4138-A18C-FE32EA45E359}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{6DEABC54-1319-483B-8559-C2FD10C59C39}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{6E079E5E-3363-4059-9600-85AE124DCB96}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{6FBD7E3B-0E1F-4665-8FE5-43AE0BFFFCBE}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{70417FFF-DDF5-4C5C-86E2-402247F601A5}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{716C3F68-6B95-4D57-A866-D06F6E07C7B4}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{72EA43DF-BEBA-4777-A9C5-98FD08A4472E}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{7445480B-30E5-4F07-A8A0-3F90D7B6D937}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{754F0FE2-ACF3-42AF-82F5-DF5B11F6CCDF}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{757D148C-443E-4EAF-B9E0-E2EA9D1B8608}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{768B20E7-56B2-43C7-831E-94D9DE07E945}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{779EA440-CFB7-4FBC-B1A5-4B548969AB8C}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{788F7582-6FD2-4D84-A54B-439820E1BA95}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{7BFCB289-5B34-4E17-BF16-441F75A23958}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{7C26EB5E-399F-419E-A52A-0CD83BB745FD}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{7D6E128B-26F1-402F-AC6F-CBBC1C8D5F5B}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{7E6082DA-0B66-4776-8726-536E7BC6BE99}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{7E9C2A93-E5A9-463D-9205-E659F20DBD79}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{80D1261E-4218-4272-AE61-648B99C095BF}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{83A06F3C-0B77-4B9A-8B80-BE6015449AA4}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{847215B4-0CAD-4D9D-A062-8E3F9683FDFE}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{85D667CD-097F-42B0-801F-B071094B7B8E}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{881AA5E4-140A-4A99-BCB6-2ACBE824ACD2}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{8DF9EDCA-AF86-42A4-9FC2-F6FDD3E261F2}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{90353520-034A-40C7-A8C5-E1A0A9E603F2}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{91CA0772-3590-4C39-BE82-216FEA7B8378}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{92A8F1CA-201F-459F-BAA5-7607039181E0}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{95E14E9E-010E-49D7-AC38-8759EAA73E9A}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{96A4F870-FEBD-446B-B499-F8D6E8EE363D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{96E39612-0548-4BA2-9097-F1E7911D5CDF}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{9755FFA8-38E1-4BB5-A949-F8128375B5C0}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{9790950E-BE81-4473-9A02-494418248800}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{9838B032-46D9-401F-9865-C791208246B1}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{98B9019B-300F-4314-979A-29FF373C2D92}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{9B6A1ADA-F2AF-40C8-A2E1-E8987142B015}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{9BCE3F93-F4D8-4036-AB34-C9259E82D3B7}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{9C7C03BD-1822-4721-9CFA-37189A0D6446}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A04927F9-12E1-4B34-ABC1-C27350B64447}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A1B8601C-93D9-46F3-9F69-F5A08D14AD40}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A3650252-E6C2-42F5-BCF8-C466B41D6947}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A5201F3B-0F03-4330-BF0F-AB924B02B018}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A555AF74-BAE0-4C8B-81FF-EFC0CA48C38F}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A5BA41F2-5F53-43EB-A712-EF16EA5D3B55}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A6B0D4CE-B419-4A82-BF82-07AD6A2D820A}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A7C5F2A0-FC3B-4FCD-B7C6-C6A98EA9FC9B}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A90058BF-D7FC-40C0-A54D-C7709F79DC85}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{A9F083E5-8120-4605-87D2-1FA79A23848B}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{ABFD0A3F-7F03-4EF7-A1BD-BA7214302997}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{AC3CD8C3-B5DE-4F80-8ECA-6B1CC83C64A9}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{ACCBF724-4517-4F77-8DCC-013BBF1A674E}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{B02F5209-0C7A-4CD2-AC30-E2F816378962}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{B28A3310-3438-4031-9EDF-91E6A3EA9421}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{B374863E-F6E1-41C1-9FCE-035E1553AB60}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{B3D976EC-0025-4ECA-8B01-22AB25FD5B27}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{B59599BE-86F0-4D3F-84AE-79D5236F0898}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{B5CCDA7C-B0F3-44DD-A42A-CDF01BD238F8}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{B61AA399-A401-4FCD-A6CE-EC7CF8FD8C3D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{B6CEA1B1-660E-4563-9F85-D0C5BDF813FF}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{BB979760-D8DF-4C8D-8F55-DB0775C1927E}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{BC2FFDE0-5FE7-413D-989D-EDDFA12462FA}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{BCF41A7C-E5B4-4AE9-AC1D-49D818045B8D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{BD5CAC98-3107-4A17-9D84-2DA03B9E0A88}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{BD85CEE8-651F-4938-975A-39B951B74ADA}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{BE5F2336-B5F7-427B-BC05-031BFD24B8AA}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{C02FC1B5-CD21-46F6-BA60-0C3531D5FC49}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{C3BE3472-16E0-4944-ADC6-F1E43FA30700}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{C4BA3187-319B-4B81-8C47-7D6A75BEA2C3}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{C5CCB116-C594-4256-A274-C877791E47E9}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{C5FC8455-314C-4958-8F0F-0852856B201E}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{CC233ABA-CB51-440B-8D6D-EFA554EE0005}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{CC2923E9-D2D3-448F-A8A5-B81B64E74249}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{CDA9ECDF-C6F8-4BA8-A9C3-298BD0E57F49}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{D227ABC4-8D93-484A-8083-C4FD6B150AE5}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{D239C7F7-40D9-431A-BEF8-D52DF26862CB}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{D296782A-DFD4-4B59-B6B8-CDA7446FB86A}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{D2DB93BA-69F4-4930-BA25-5904DB6C5BD2}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{D3D905A1-2D52-41BB-AD70-35BE833941F1}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{D54D2F3F-60AF-4097-AA2D-5192FF560B3F}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{D6731255-D93F-442B-9DE4-536B140A0A40}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DB918829-3F0F-4B68-A639-ED1A0F3EF7AA}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DC2764EC-DD3A-4628-8BCE-00124FD528BC}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DCC04C08-A6D6-4B1C-B6ED-4EF5648B9EE3}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DDAF887C-3734-4F07-A4E7-F40C85136BA3}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DDB5B49E-7A12-47D7-B894-F10E3A140E8A}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DEF5F5C8-0C69-4782-831E-7CBA308A5F21}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DF063CD6-1333-4114-9A89-2E9159D2306F}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DF30516C-CAD8-4E0C-B64B-175891848A5F}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DFA4E9F3-15F3-4314-A793-0B7C4E72DB27}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{DFD25C12-124F-4229-BF60-A39059F09B5D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E0DC477B-6CB3-4B4B-92D8-D1C29CEFF6F8}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E0FAADEC-61B3-422A-88B5-FD59BC144FC5}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E2426A04-5406-4E24-924A-538C6BB33016}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E359288A-BA86-420E-A4C8-CB378793EF7B}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E3FB272A-DC47-4CBE-8AB2-690937284C69}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E44DF414-BCC1-4DFE-9DA8-D601CBED2503}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E7141D54-EB5A-49D3-BD5C-4EB93671DAE5}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E75D44F3-8FC0-4152-892E-7B10EA88FE46}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E7D08553-B929-4432-B37D-85DA849164C0}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E81869D1-656F-4B4C-96FC-88C126974A2E}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E85DCB17-2B1A-4785-9E08-038CA1B71624}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{E8A5BE04-5CEC-43F2-B48D-4258A41AC685}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{EB54B91A-8918-4C77-B7B2-0C71F27CC842}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{EE09E653-D1E7-40D0-A97C-DF5619A8666D}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F11D4887-2BB5-4097-8839-6D23E9A87401}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F18143B9-CADC-4137-B5B6-3F8CA8913E8C}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F406DEA9-BE33-4708-99FB-99BFB7A39FA1}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F48AD969-4221-4525-A9C6-5D3ACB9934EF}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F4FFA757-CC56-40B9-9554-D525194E24A3}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F5DE55F6-76EA-4425-AC94-61DFCC4EBE0C}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F6060712-11EF-4F2C-9DE9-A853F5A063ED}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F6EF745F-DF35-4EBC-B683-66CA8E99E6EE}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F705A83C-C747-40D0-B002-F1721CFBBC4E}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F7A9A055-74C2-409A-AB14-0A7AD88F064B}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{F843DE93-23ED-4065-9895-C9881A3251F4}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{FB07FB6E-7489-4581-B9C8-4EDCD8E857D3}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{FB0E2F9A-41A3-4DE1-B60D-0377972F77F8}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{FCA7B646-8808-4C14-98AD-F8B5181A1ECB}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{FCAD5EBE-9CE5-40F9-9FF8-9D2D47D12E15}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{FD0AAB31-4CA0-4FAC-BF24-D18CE7455971}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{FD35ABDC-B02F-4EFC-85E5-86547784C5E1}
Successfully deleted: [Empty Folder] C:\Users\Bly4\appdata\local\{FDC2A9B3-0F69-471E-A1F0-5A929CCED5E1}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/19/2015 at 18:57:07.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I'll send MBAM and other report on another reply.



#8 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 19 January 2015 - 10:37 PM

Fb, here's the MBAM report;  There was one that was labeled as a PUP, the Sony Vegas Pro zip file.  This is a legitimate software for recording that I want to keep.  I did NOT quarantine it.  Need advisement on this.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/19/2015
Scan Time: 7:27:43 PM
Logfile: MBAM_scan_1_19_2015.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.20.02
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bly4

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423725
Time Elapsed: 28 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Riskware.Patcher, C:\Users\Bly4\Videos\Desktop\recording\Sony Vegas Pro 13 Patch.zip, , [73dee215d5b4201677f5939161a07b85],
PUP.Optional.ConsumerInput.A, C:\Windows\Tasks\CIMT_S-1-5-21-439321651-4069142202-3324294406-1000.job, , [2031748320691026d3e6e1191de7ed13],
PUP.Optional.ConsumerInput.A, C:\Windows\System32\Tasks\CIMT_S-1-5-21-439321651-4069142202-3324294406-1000, , [cc857483bdcc211518a21edcd92b8a76],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Here's the security checkup report;

 

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Adobe Reader XI 
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent```````` 
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

Thanks, Fred
 



#9 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 20 January 2015 - 07:41 PM

Hello, fredII.

 

Thank you for your logs.  Can you please tell me if your Sony Vegas Pro is a purchased copy? 

 

Please run the following scans

 

1.  AdwCleaner

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleanerto restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

2.  Farbar Recovery Scan Tool (FRST)

 

Please rescan your computer with FRST and send me a fresh log.

 

CHECKLIST : In your next reply, please post the following:

  • AdwCleaner[S0].txt
  • FRST.txt
  • Let me know how your computer is running at this stage.


#10 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 20 January 2015 - 11:32 PM

Hi fb, I ran both programs and here's the reports;

 

# AdwCleaner v4.108 - Report created 20/01/2015 at 19:35:05
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bly4 - BLY4-PC
# Running from : C:\Users\Bly4\Videos\Desktop\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Updater
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Program Files (x86)\Speedbit Video Downloader
Folder Deleted : C:\Program Files (x86)\YTDownloader
Folder Deleted : C:\Users\Bly4\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Bly4\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Bly4\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Bly4\AppData\Roaming\SmartPCFix
Folder Deleted : C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Deleted : C:\Users\Bly4\Documents\Mobogenie
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\Bly4\daemonprocess.txt
File Deleted : C:\Users\Bly4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Deleted : C:\Users\Bly4\Videos\Desktop\SPEEDbit Video Downloader.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : ASP
Task Deleted : Dealply
Task Deleted : LaunchSignup
Task Deleted : MySearchDial
Task Deleted : ProgramUpdateCheck
Task Deleted : RocketTab Update Task
Task Deleted : RocketTab
Task Deleted : Smp

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Bly4\Videos\Desktop\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Bly4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Bly4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Bly4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BEC2075C-8E0A-4EB6-8D5D-A840665B39C9}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SBConvert
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\YTDownloader
Key Deleted : HKCU\Software\Define Ext
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\firstsearch
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\LookSafe
Key Deleted : HKLM\SOFTWARE\YTDownloader
Key Deleted : HKLM\SOFTWARE\Define Ext
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v39.0.2171.99

*************************

AdwCleaner[R0].txt - [24244 octets] - [05/02/2014 18:56:21]
AdwCleaner[R1].txt - [13970 octets] - [19/01/2015 18:24:22]
AdwCleaner[R2].txt - [12197 octets] - [20/01/2015 19:23:52]
AdwCleaner[S0].txt - [23359 octets] - [05/02/2014 19:19:14]
AdwCleaner[S1].txt - [12706 octets] - [20/01/2015 19:35:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12767 octets] ##########

 

FRST files;

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Bly4 (administrator) on BLY4-PC on 20-01-2015 19:55:57
Running from C:\Users\Bly4\Videos\Desktop
Loaded Profiles: Bly4 (Available profiles: Bly4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Run: [GoogleChromeAutoLaunch_76C729D2CF1D184427F8EA5874136251] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52684;https=127.0.0.1:52684
ProxyServer: [S-1-5-21-439321651-4069142202-3324294406-1000] => http=127.0.0.1:49167;https=127.0.0.1:49167
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> DefaultScope {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3368DA14-5819-46BD-98BB-417DB755C16F} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM-x32 - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/pcpitstop.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
DPF: HKLM-x32 {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.gamehouse...zylomplayer.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...Installer64.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn2.safelnk...SetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: npDisplayEngine -> C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-439321651-4069142202-3324294406-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bly4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension:  RivalGaming  - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-01-15]
FF Extension:  LivingPlay TextLinks   - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com [2011-08-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-09]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
FF HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Firefox\Extensions: [{BD20A947-EF74-4633-A96A-84D2F26A4812}] - C:\Users\Bly4\AppData\Local\{BD20A947-EF74-4633-A96A-84D2F26A4812}

Chrome:
=======
CHR Profile: C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google Search) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]
CHR Extension: (Gmail) - C:\Users\Bly4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-17] (Comodo Security Solutions, Inc.)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-17] (Comodo Security Solutions, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-12] ()
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [386560 2013-10-15] (C-Media Inc.)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 19:52 - 2015-01-20 19:52 - 00415232 _____ (Farbar) C:\Users\Bly4\Downloads\FSS.exe
2015-01-19 22:06 - 2015-01-19 22:06 - 00231760 _____ () C:\Users\Bly4\Downloads\CrucialScan.exe
2015-01-19 20:16 - 2015-01-19 20:16 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-439321651-4069142202-3324294406-1000
2015-01-19 18:57 - 2015-01-19 18:57 - 00030059 _____ () C:\Users\Bly4\Desktop\JRT.txt
2015-01-19 18:49 - 2015-01-19 18:49 - 00000000 ____D () C:\Windows\ERUNT
2015-01-18 19:59 - 2015-01-18 19:59 - 00000000 _____ () C:\Users\Bly4\Downloads\AdwCleaner (1).exe.pxyb5uf.partial
2015-01-18 19:34 - 2015-01-18 19:34 - 00000000 _____ () C:\Users\Bly4\Downloads\AdwCleaner.exe.j7mz1u4.partial
2015-01-17 19:09 - 2015-01-17 19:09 - 00468480 _____ () C:\Users\Bly4\Downloads\CKScanner.exe
2015-01-17 15:03 - 2015-01-17 15:04 - 00046386 _____ () C:\Users\Bly4\Downloads\Addition.txt
2015-01-17 15:01 - 2015-01-17 15:04 - 00057974 _____ () C:\Users\Bly4\Downloads\FRST.txt
2015-01-17 14:59 - 2015-01-20 19:56 - 00000000 ____D () C:\FRST
2015-01-17 13:20 - 2015-01-17 13:21 - 05198336 _____ (AVAST Software) C:\Users\Bly4\Downloads\aswMBR (1).exe
2015-01-17 13:19 - 2015-01-17 13:19 - 05198336 _____ (AVAST Software) C:\Users\Bly4\Downloads\aswMBR.exe.bln7zz4.partial
2015-01-15 22:05 - 2015-01-19 20:16 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-439321651-4069142202-3324294406-1000
2015-01-15 22:02 - 2015-01-20 19:37 - 00004786 _____ () C:\Windows\PFRO.log
2015-01-15 22:02 - 2015-01-15 22:03 - 05149528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 20:19 - 2015-01-15 20:19 - 00143792 _____ () C:\Users\Bly4\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 19:28 - 2015-01-20 19:55 - 00003472 _____ () C:\Windows\setupact.log
2015-01-15 19:28 - 2015-01-15 19:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 14:37 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-05 14:37 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-30 12:34 - 2014-12-30 12:34 - 00000000 __SHD () C:\Users\Bly4\AppData\Local\EmieBrowserModeList
2014-12-30 11:08 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-30 11:08 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-30 11:08 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-30 11:08 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-30 11:08 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-30 11:08 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-30 11:08 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-30 11:08 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-30 11:08 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-30 11:08 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-30 11:08 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-30 11:08 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-30 11:08 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-30 11:08 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-30 11:08 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-30 11:08 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-30 11:08 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-30 11:08 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-30 11:08 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-30 11:08 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-30 11:08 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-30 11:08 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-30 11:08 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-30 11:08 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-30 11:08 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-30 11:08 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-30 11:08 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-30 11:08 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-30 11:08 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-30 11:08 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-30 11:08 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-30 11:08 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-30 11:08 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-30 11:08 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-30 11:08 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-30 11:08 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-30 11:08 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-30 11:08 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-30 11:08 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-30 11:08 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-30 11:08 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-30 11:08 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-30 11:08 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-30 11:08 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-30 11:08 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-30 11:08 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-30 11:08 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-30 11:08 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-30 11:08 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-30 11:08 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-30 11:08 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-30 11:08 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-30 11:08 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-30 11:08 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-30 11:07 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-30 11:07 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-30 11:07 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-30 11:07 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-30 11:07 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-30 11:07 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-30 11:07 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-30 11:07 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-12-30 11:07 - 2014-08-28 18:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-30 11:07 - 2014-08-28 18:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-30 11:07 - 2014-08-28 17:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-30 11:07 - 2014-08-28 17:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-30 11:07 - 2014-08-28 17:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-30 11:07 - 2014-08-28 17:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-30 11:06 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-30 11:06 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-30 11:06 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-30 11:06 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-30 11:06 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-30 11:05 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-30 11:05 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-30 11:05 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-30 11:05 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-30 11:05 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-30 11:05 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-30 11:05 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-30 11:05 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-30 11:05 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-30 11:05 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-30 11:05 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-30 11:05 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-30 11:05 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-30 11:05 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-30 11:05 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-30 11:04 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-30 11:04 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-30 11:02 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-30 11:02 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-30 10:59 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-30 10:59 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-30 10:59 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-30 10:59 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-30 10:59 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-30 10:59 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-30 10:58 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-30 10:58 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-30 10:57 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-30 10:57 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-30 10:57 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-30 10:26 - 2014-12-30 10:26 - 00000000 __SHD () C:\found.004

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 19:45 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:45 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:43 - 2009-08-25 00:30 - 02037543 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 19:37 - 2013-02-03 22:50 - 00000412 _____ () C:\Windows\Tasks\Quick PC Booster64 startups.job
2015-01-20 19:37 - 2012-07-11 17:55 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-01-20 19:37 - 2010-06-03 20:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 19:37 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 19:35 - 2014-05-03 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-20 19:35 - 2014-02-05 18:56 - 00000000 ____D () C:\AdwCleaner
2015-01-20 19:35 - 2013-12-11 20:32 - 00000000 ____D () C:\Windows\system32\log
2015-01-20 19:35 - 2009-12-13 15:52 - 00000947 _____ () C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 19:35 - 2009-12-13 14:56 - 00000000 ____D () C:\Users\Bly4
2015-01-20 19:19 - 2012-07-10 20:20 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-20 19:19 - 2012-05-06 13:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 23:00 - 2010-06-03 20:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 20:14 - 2014-05-17 11:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 19:22 - 2014-05-17 11:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 19:21 - 2014-06-05 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 19:21 - 2013-06-04 16:07 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 19:02 - 2013-07-15 12:12 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForBly4.job
2015-01-18 19:02 - 2010-01-07 20:45 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-18 09:00 - 2013-07-15 12:13 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBly4
2015-01-16 12:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-15 23:13 - 2014-04-12 22:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-15 20:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-15 19:19 - 2014-09-22 22:12 - 00000000 ____D () C:\Users\Bly4\AppData\Local\CrashDumps
2015-01-13 20:14 - 2012-05-06 13:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 20:12 - 2012-05-06 13:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 20:12 - 2011-06-07 10:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 19:00 - 2013-01-04 08:34 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-12 19:00 - 2010-04-20 17:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-08 09:55 - 2010-02-11 21:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 08:42 - 2014-06-24 20:45 - 00000000 ____D () C:\Users\Bly4\AppData\Roaming\TS3Client
2015-01-08 00:25 - 2009-07-13 21:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 13:44 - 2009-07-13 21:13 - 00788704 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 12:29 - 2009-12-24 09:40 - 00000000 ____D () C:\Users\Bly4\AppData\Local\Adobe
2014-12-30 12:15 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-30 12:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-30 11:47 - 2010-11-20 10:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-30 11:41 - 2013-12-13 09:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-26 23:31 - 2013-12-31 14:48 - 00000000 ____D () C:\Users\Bly4\AppData\Roaming\.minecraft
2014-12-22 18:41 - 2010-05-30 21:05 - 00000000 ____D () C:\Users\Bly4\Documents\Ghislaine

==================== Files in the root of some directories =======
2014-05-19 17:47 - 2014-10-20 16:59 - 0002475 _____ () C:\Users\Bly4\AppData\Roaming\SAS7_000.DAT
2009-12-21 16:25 - 2012-08-28 21:28 - 0006366 _____ () C:\Users\Bly4\AppData\Roaming\wklnhst.dat
2009-12-13 15:52 - 2009-12-13 15:52 - 0000000 _____ () C:\Users\Bly4\AppData\Local\AtStart.txt
2013-09-18 09:57 - 2013-09-18 09:59 - 0031186 _____ () C:\Users\Bly4\AppData\Local\c4u.log
2009-12-13 15:52 - 2009-12-13 15:52 - 0000000 _____ () C:\Users\Bly4\AppData\Local\DSwitch.txt
2010-01-07 20:56 - 2013-09-18 10:13 - 0553368 _____ () C:\Users\Bly4\AppData\Local\installer.log
2014-06-01 11:06 - 2014-06-01 11:06 - 0000000 ___SH () C:\Users\Bly4\AppData\Local\LumaEmu
2011-11-29 20:37 - 2011-11-29 21:23 - 0000600 _____ () C:\Users\Bly4\AppData\Local\PUTTY.RND
2009-12-13 15:52 - 2009-12-13 15:52 - 0000000 _____ () C:\Users\Bly4\AppData\Local\QSwitch.txt
2013-06-11 18:47 - 2014-03-27 19:42 - 0007616 _____ () C:\Users\Bly4\AppData\Local\Resmon.ResmonCfg
2010-07-10 20:57 - 2010-07-10 20:57 - 0000000 _____ () C:\Users\Bly4\AppData\Local\Rwocejopev.bin
2010-04-26 19:28 - 2010-04-26 19:28 - 2184414 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 006.0
2010-04-26 19:28 - 2010-04-26 19:28 - 1586997 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 007.0
2010-04-26 19:28 - 2010-04-26 19:28 - 0353853 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 007.JPG
2010-04-26 19:29 - 2010-04-26 19:29 - 1882736 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 008.0
2010-04-26 19:29 - 2010-04-26 19:29 - 0411955 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 008.JPG
2010-04-26 19:30 - 2010-04-26 19:30 - 0008256 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 008_navi.JPG
2010-04-26 19:24 - 2010-04-26 19:24 - 2224809 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 013.0
2010-04-26 19:24 - 2010-04-26 19:24 - 1201983 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 013.JPG
2010-04-26 19:30 - 2010-04-26 19:31 - 2144837 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 014.0
2010-04-26 19:31 - 2010-04-26 19:31 - 0865109 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 014.JPG
2010-04-26 19:30 - 2010-04-26 19:31 - 0013728 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 014_navi.JPG
2010-04-26 20:48 - 2010-04-26 20:48 - 2245533 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 029.JPG
2010-04-26 20:48 - 2010-04-26 20:48 - 0015205 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 029_navi.JPG
2010-03-21 19:22 - 2010-03-21 19:22 - 2178259 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 048.0
2010-03-21 19:22 - 2010-03-21 19:22 - 0823601 _____ () C:\Users\Bly4\AppData\Local\tmpDISNEYLAND-EXPERIMENT 048.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 2339732 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.0
2011-03-19 09:35 - 2011-03-19 09:35 - 1153278 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0011585 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580_navi.JPG
2011-03-19 09:34 - 2011-03-19 09:34 - 2107746 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.0
2011-03-19 09:35 - 2011-03-19 09:34 - 0814227 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.1
2011-03-19 09:35 - 2011-03-19 09:35 - 0814263 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.2
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.3
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0010588 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581_navi.JPG
2011-03-19 09:33 - 2011-03-19 09:37 - 2152508 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.0
2011-03-19 09:37 - 2011-03-19 09:37 - 0834317 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.JPG
2011-03-19 09:37 - 2011-03-19 09:37 - 0013189 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582_navi.JPG
2010-11-26 21:20 - 2010-11-26 21:20 - 0674933 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.0
2010-11-26 21:21 - 2010-11-26 21:20 - 0176681 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.JPG
2010-11-26 21:21 - 2010-11-26 21:21 - 0691040 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.0
2010-11-26 21:21 - 2010-11-26 21:21 - 0186674 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.JPG
2010-11-26 21:23 - 2010-11-26 21:23 - 0700418 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.0
2010-11-26 21:23 - 2010-11-26 21:23 - 0174107 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.JPG
2010-07-10 20:57 - 2010-07-10 20:57 - 0000120 _____ () C:\Users\Bly4\AppData\Local\Vjagesikomejes.dat
2013-02-03 23:14 - 2013-02-10 16:58 - 0000105 _____ () C:\Users\Bly4\AppData\Local\ZDManager.ini
2009-12-13 15:52 - 2015-01-20 19:38 - 0000189 _____ () C:\ProgramData\HPWALog.txt
2010-10-09 21:48 - 2013-02-24 12:44 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-04-14 10:55 - 2014-04-14 18:46 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-04-25 13:41 - 2013-04-25 13:41 - 0010305 _____ () C:\ProgramData\regid.2002-03.com.schoolhousetech_FCA4358D-CA55-4EC6-8FED-5921CD3CBB06.swidtag
2009-08-25 01:14 - 2009-08-25 01:14 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-09 00:34 - 2009-08-09 00:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-25 01:13 - 2009-08-25 01:13 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-09 00:29 - 2009-08-09 00:30 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-25 01:13 - 2009-08-25 01:13 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-25 01:14 - 2009-08-25 01:14 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-09 00:28 - 2009-08-09 00:29 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-09 00:30 - 2009-08-09 00:34 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-25 01:14 - 2009-08-25 01:14 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\cd1\setup.exe
C:\Users\crack\keygen.bat
C:\Users\crack\lic.dat
C:\Users\crack\ptcrypt.exe

Some content of TEMP:
====================
C:\Users\Bly4\AppData\Local\Temp\bpuninstall.exe
C:\Users\Bly4\AppData\Local\Temp\Quarantine.exe
C:\Users\Bly4\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-16 12:30

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Bly4 at 2015-01-20 19:57:29
Running from C:\Users\Bly4\Videos\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Action Replay Code Manager (HKLM-x32\...\Action Replay Code Manager_is1) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Any Video Converter 3.0.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcadeWeb (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\AWSoftware) (Version: 1.0 - )
ATI Catalyst Install Manager (HKLM\...\{83715090-142B-D305-36EC-7538A007D336}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
CodeStuff Starter (HKLM-x32\...\CodeStuff Starter) (Version: 5.6.2.9 - CodeStuff)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
Costco Photo Organizer (HKLM-x32\...\{788B97E8-D825-419A-8558-1C0B344C5371}) (Version: 1.5.0.102 - Costco Wholesale Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Elgato Game Capture HD (HKLM-x32\...\{BB6E10AB-CB79-463F-9548-B7DCEDC3BF28}) (Version: 1.42.24.539 - Elgato Systems GmbH)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
EPSON Artisan 50 Series Printer Uninstall (HKLM\...\EPSON Artisan 50 Series) (Version:  - SEIKO EPSON Corporation)
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 3.22 - Philipp Winterberg)
GamingWonderland Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Horizon v2.8.0.1 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.0.1 - Daring Development Inc.)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6230.0 - IDT)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Juniper Networks Cache Cleaner 6.4.0 (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Juniper_Networks_Cache_Cleaner 6.4.0) (Version: 6.4.0.14619 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Neoteris_Host_Checker) (Version: 6.4.0.14619 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Juniper_Setup_Client) (Version: 2.0.2.5977 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
KODAK All-in-One Printer Software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marble Blast Gold (remove only) (HKLM-x32\...\MarbleBlastGoldYahoo) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight Free Download Packages (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\Microsoft Silverlight Free Download Packages) (Version:  - ) <==== ATTENTION
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
netbrdg (x32 Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.5615 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.10.2 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuizCreator Free (HKLM-x32\...\Wondershare QuizCreator Free (Build 4.5.0)_is1) (Version:  - Wondershare Software)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RivalGaming (HKLM-x32\...\RivalGaming) (Version:  - RivalGaming) <==== ATTENTION!
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Schoolhouse Test 3 (HKLM-x32\...\{5B7A023B-5391-4157-992B-B3E8805955D5}) (Version: 3.1.17.1 - Schoolhouse Technologies)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SFR (x32 Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
SolidWorks 2006 SP0 (HKLM-x32\...\{984B44FD-953F-4176-BE74-421B00ED71C5}) (Version: 14.1.0011 - SolidWorks)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Letter Linker (HKLM-x32\...\am-superletterlinker) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-439321651-4069142202-3324294406-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.11 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

30-12-2014 11:10:17 Windows Update
05-01-2015 14:37:06 Windows Update
16-01-2015 12:26:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2011-07-29 20:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0384559A-8A74-4C1B-BA21-8F9D93267F1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: {11665884-73A2-40C4-A1A5-BB9CF0BE2D2A} - System32\Tasks\HPCeeScheduleForBly4 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {12BB4F89-AA2E-4BFF-A960-908593B23183} - System32\Tasks\{DD1A889D-7C86-4189-9EC6-19B9995E550E} => pcalua.exe -a C:\Users\Bly4\Desktop\setup_prevent_restore.exe -d C:\Users\Bly4\Desktop
Task: {1CC7F785-71E4-4582-95EC-3F568A5A38F2} - System32\Tasks\{846AF9D6-F471-42E8-B516-6149C1375CAA} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {1D0F43D1-39CA-432F-817C-CE88770F13DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {25DCCA2C-9A97-46F4-9628-123C1FF19CFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {2F5470C4-21A7-456B-9ECA-0FEA95D4CBC3} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {3CB434F1-FCDE-4D49-9DA7-478640581DBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {41F6499F-9F35-434A-89CA-A5247CCA115F} - System32\Tasks\{16B295D5-E1FF-45C2-8E2F-2BF540475A09} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {49B3DFEF-F59E-4AD9-8EC6-6EEAF10BCFB0} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {4C03242F-B6C7-46C6-A361-B2F61C26BE69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4F7B6A66-90F6-4F5D-A325-1E07A2448154} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {517F3BD6-B521-4387-866C-1D65ACD4D5BB} - System32\Tasks\{3ECD99B3-5DD0-4C16-817B-C79782832B02} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {5A6E45FA-3B9D-46C6-BB77-25F4932C707C} - System32\Tasks\{9BB352E8-A829-4590-8BC9-E567310EEEF6} => pcalua.exe -a F:\setup_prevent_restore.exe -d C:\Users\Bly4\Desktop
Task: {5C32BF33-00ED-452C-8E35-7B66247F4C68} - System32\Tasks\{B6CFB258-569C-43E6-81C3-EBDF9F418F29} => pcalua.exe -a "C:\Program Files (x86)\SpeedBit Video Downloader\GRRemove.exe" -d "C:\Program Files (x86)\SpeedBit Video Downloader"
Task: {5E2E4295-6A11-4C9F-84CE-404FC136839B} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {5F8F556E-384F-45EE-ADF1-BD0230514B3C} - System32\Tasks\{872C817F-64B0-42C7-9FAF-597F5FAE1833} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {660C6DDA-6491-427D-99F8-4387F5CC2BC9} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {6CD138C1-FF04-4D64-A346-4FEE5E79945B} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {6CE010F2-D4B8-4BE1-B064-036719EAA7D4} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {739A8A60-0E38-4965-BC8A-5DF2CC58534D} - System32\Tasks\{4C21EE64-5D9B-49F7-8AA4-19131D894002} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {7840D115-E995-4E18-BE64-99C272BFD4A5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7982A447-D2E8-4430-A1ED-1CE3B8623590} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-439321651-4069142202-3324294406-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {81423BA7-4F37-469D-B3D7-A2E4813350A4} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {81A4FFAE-A1CD-4227-B87A-E886EB6A9D8D} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {873D2E51-7E5F-4EBB-AE5D-ADC8E0B66621} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8A54A360-49F5-41B1-88B6-61E8BD5F873A} - System32\Tasks\{626267D1-3E9D-4C24-A7D0-C2503116774E} => C:\Users\Bly4\Desktop\minecraft.jar\mods\BestCodecsPackSetup.exe
Task: {8FF6FE07-A07F-4CDA-BC84-D2DE0015FFA6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-439321651-4069142202-3324294406-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {906ED6D2-1207-490C-B381-7B144A13C8D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {909F34E4-FCC1-4619-8482-DBE86ED8211D} - System32\Tasks\{D353CE84-B85B-4DB8-8C30-C4CE415A6E39} => pcalua.exe -a "C:\Users\Bly4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QRJP7RE\yahoo_marbleblastgold_tm1-1[1].exe" -d C:\Users\Bly4\Desktop
Task: {97F6852F-BB93-4610-8FFC-7676F21F8D88} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9A51BF9D-2C76-40C1-85C5-E0A2E5EF4C65} - System32\Tasks\{75748995-CEC6-41E8-A4D1-1A2EBCB10104} => pcalua.exe -a E:\SOLIDWORKS_V2006\legend.exe -d E:\SOLIDWORKS_V2006
Task: {9E93F8EE-0044-47A9-B0AC-A0DE035D162B} - System32\Tasks\{019D4A2C-5344-4A23-ABBA-DF7349A90D2B} => C:\Users\Bly4\Desktop\minecraft.jar\mods\BestCodecsPackSetup.exe
Task: {C1F5F45E-349A-4341-85D8-C1EB74ED63F9} - System32\Tasks\{4459E44D-CA78-44C2-BD25-2ACC900298F3} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {CBA25F96-DAED-4DB6-9B3D-D25750DACB84} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {CC5D91DD-DB75-46B9-8684-DFE6F4905BE9} - System32\Tasks\{C4AFC609-14C7-4E5C-9943-683BA535F933} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {CF7DAB50-9D60-4E95-8182-E2BDF5876159} - System32\Tasks\{1F086DD4-B6ED-4C8D-BF40-3C2FCC68FD3F} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {D838B64B-3912-49BC-AD87-EE46A5498564} - System32\Tasks\{F2FA5244-0C71-4F70-9A62-E2AB2BB687F2} => C:\Program Files (x86)\Marble Blast Gold\MarbleBlast.exe [2003-07-25] ()
Task: {EAF335B7-8A7D-4AE9-BE18-B1741114842E} - System32\Tasks\{B3A5E6DF-D253-4ED6-A2E2-777150642FAD} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {EC782F52-0A69-407C-9333-070A17B74130} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {F1CADD5C-5C43-48E4-938C-42ECA03917F2} - System32\Tasks\4528 => Wscript.exe C:\Users\Bly4\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {F405895F-56CE-4E8B-B39E-C7820229194D} - System32\Tasks\{DF15CA10-27AD-487A-8CFC-695CAB0280D2} => C:\Program Files (x86)\SolidWorks\swspmanager.exe [2005-07-25] ()
Task: {F64F65CC-BD86-4D3E-8CEB-EEC19C9D049C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F805F1AA-B444-423F-848C-6E7C8A69629F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F8DCA56E-48D0-47EB-96DE-905D4FD57B9F} - System32\Tasks\{BA0A9722-4EA2-4D8A-AD54-55C75BAB9FA6} => C:\Program Files (x86)\Marble Blast Gold\MarbleBlast.exe [2003-07-25] ()
Task: {FAB749D3-B88B-4BB6-BC98-4B00D4DEBCA8} - System32\Tasks\{0D069FBF-BA03-4108-9604-F3824B435170} => C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe
Task: {FFB70D58-C9DE-49BA-BA8A-C512632E4A64} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBly4.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe

==================== Loaded Modules (whitelisted) =============

2014-05-23 01:10 - 2014-05-23 01:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-04-12 23:40 - 2014-04-12 23:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-08-09 00:34 - 2009-01-21 10:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-21 09:34 - 2009-07-21 09:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-07-01 14:44 - 2009-07-01 14:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2015-01-20 19:20 - 2015-01-20 19:20 - 02911744 _____ () C:\Program Files\Alwil Software\Avast5\defs\15012001\algo.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-23 10:37 - 2009-07-23 10:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-11-21 19:07 - 2014-11-21 19:07 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 19:50 - 2015-01-08 16:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2010-04-11 10:59 - 2010-04-11 10:59 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-11 10:59 - 2010-04-11 10:59 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-04-04 17:03 - 2011-04-04 17:03 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\Bly4\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CLPSLauncher => 2
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\startupfolder: C:^Users^Bly4^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1421377726
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_76C729D2CF1D184427F8EA5874136251 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: HPCam_Menu => "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: LTCM Client => C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PureLeads Tray => "C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Users\Bly4\Desktop\steam\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchProtection => "C:\Users\Bly4\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Bly4\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Bly4\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: uTorrent => "C:\Users\Bly4\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-439321651-4069142202-3324294406-500 - Administrator - Disabled)
Bly4 (S-1-5-21-439321651-4069142202-3324294406-1000 - Administrator - Enabled) => C:\Users\Bly4
Guest (S-1-5-21-439321651-4069142202-3324294406-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-439321651-4069142202-3324294406-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 09:32:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/19/2015 07:09:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 150c

Start Time: 01d0345e728a3cfb

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: c2f07003-a051-11e4-9422-00269e8c030e

System errors:
=============
Error: (01/20/2015 07:35:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/20/2015 07:35:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/20/2015 07:35:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/20/2015 07:35:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/20/2015 07:35:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/20/2015 07:35:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Com4QLBEx service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/20/2015 07:35:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/20/2015 07:35:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/20/2015 07:35:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/20/2015 07:35:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EPSON V5 Service4(01) service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (01/19/2015 09:32:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe

Error: (01/19/2015 07:09:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711150c01d0345e728a3cfb0C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exec2f07003-a051-11e4-9422-00269e8c030e

CodeIntegrity Errors:
===================================
  Date: 2011-07-29 21:08:23.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-29 21:08:23.683
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 4063.19 MB
Available physical RAM: 2380.15 MB
Total Pagefile: 8124.55 MB
Available Pagefile: 6117.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.62 GB) (Free:165.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.95 GB) (Free:2.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CF892B78)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Fb, as far a Sony Vegas Pro, talking to my son, he got it from a friend who purchased it.  I'm sure he unzipped it, and hit next, next, next. for the install.

 

As far as the computer running better, I think it is.  When it booted back up from the "cleaning", I went to IE and opened a page and Google loaded correctly vs the www-searching.com (hijack site).  The page loaded quickly.

 

I looked at the FRST report(s) and assume there are more items that need to be dealt with.


    Advertisements

Register to Remove


#11 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 21 January 2015 - 12:51 AM

Fb, I hit send before I was done.  I noticed some notations on the FRST report that said "attention" or anyones toolbars I don't want or bing

FRST Notepad

-- Policy restriction (I've seen in other posts that these are deleted?

-- www.bing.com/search?......(2 places) Please delete any bing stuff if you can.

--  I noticed a lot of realnetworks, realdownloader stuff.  I haven't used that software for a long long time.  I don't know if it will delete completely or not.

--  MSN toolbar  (delete please)

--  Is Comodo, or Comodo Security Solutions     (is this stuff real, needed, or malware)

--  FreeFileViewerupdatechecker   (I think that stuff was already deleted, I believe it's part of Bitberry, I still see more elements of it)

FRST Additional

--  FreeFile Viewer (under installed software)

--  GamingWondrland Toolbar  (under installed software or programs)

--  Microsoft Live Search Toolbar  (I obviously don't like toolbars and would like it gone unless it effects something that's needed)

--  Microsoft Silverlight ( I see it's marked for attention, I've had to use it to view movies from Netflix, a legitimate source)

--  FreeFileViewer, Bitberry  (under scheduled tasks)

--  Speedbit Video Downloader (under scheduled tasks)  It was deleted with adwCleaner.  More still I guess.

--  Quick PC Booster startup  (that was deleted with adwCleaner)

MSCONFIG/Task Managr Disabled items

-- MSNCONFIG\startup ..... APNUpdater   (is part of Ask.com, please delete anything having to do with Ask.com)

-- MSNCONFIG\Startup .... SearchProtection  (don't have any idea what this is and doesn't look legit)

-- MSNCONFIG\Startujp ....SearchSettings  (don't have any idea what this is and doesn't look legit.  It's part of Spigot and I know that's not good stuff)

--MSCONFIG\Startup ....  uTorrent  (that can be deleted please)

 

I don't know if what I've seen above is relevant, I'm just playing amateur sleuth I guess.  I assume this is the type of things you all look for also.

 

Thanks,  Fred



#12 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 21 January 2015 - 07:00 AM

Hello, fredII.

 

Thank you for your reports. 

 

The Sony Vegas Pro 13  software on your computer is an illegal copy.  Please refer to this link HERE.

 

MBAM has detected this illegally installed software on your system.  As all cracked/keygen software is infected with some form of malicious code, downloading this unauthorized software to circumvent the validation or authenticity of software will in turn infect your computer.

 

This forum, as well as all other malware removal forums, do not support the use of illegal software.  Continuing to help you while illegal software remains on your system could be construed in the eyes of the law as aiding and abetting a crime.

 

I will continue to help you clean your system only under the following conditions:

  •   Remove all illegal software from your computer.
  •   Run CKScanner and MBAM again and submit fresh logs in your next reply.

If you do not comply with these terms, under forum policy, I will discontinue to assist you and will close this thread.

 

Please advise how you wish to proceed.

 

 



#13 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 21 January 2015 - 03:59 PM

Hi fb,no problem,  I've deleted the Sony Vegas program thru the uninstall process.  I rebooted, checked again, not there.

 

Here is a new MBAM report;

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/21/2015
Scan Time: 12:48:23 PM
Logfile: MBAM_scan_1_21_2015.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.21.10
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bly4

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424411
Time Elapsed: 28 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.ZenDeals.A, C:\ProgramData\ZDManagerService, Quarantined, [321fe215d5b4072f673d6e066f94748c],

Files: 2
PUP.Optional.ZenDeals.A, C:\ProgramData\ZDManagerService\log.txt, Quarantined, [321fe215d5b4072f673d6e066f94748c],
PUP.Optional.ZenDeals.A, C:\Users\Bly4\AppData\Local\ZDManager.ini, Quarantined, [361b0bec7b0e989e5f465b1910f3fc04],

Physical Sectors: 0
(No malicious items detected)

(end)

 

MBAM found the Zendeals stuff.  I was subscribing to ZDNet emails, I don't know if they are related.  I will unsubscribe if you think so.

 

I had a hard time getting CKScanner to run again.  Kept saying not responding.  I turned off the Avast, downloaded a new file from your original post, ran it, said the same thing but then popped out a report.  Now I can't find that txt report of this latest run.  I saw it and it had the same things on it but I can't find the report.  I have the original report from a few days ago on the desktop and I think the new report would have the same name but won't put it there.  I did a C drive scan and only the original report shows up.

 

Should I delete the original report and do a new run?

 

Thanks,  Fred



#14 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 21 January 2015 - 08:58 PM

Hello, fredII.
 
Thank you for your MBAM log.  Let's not worry about CKScanner and continue with the next task.
 
Please run the following Fix

Please open Notepad:  Press the Windows key + r (Win Key + r) > Type Notepad > Click OK.

  • Copy and paste the entire contents of the code box below:  To do this, highlight the contents of the box, right click on it, and select Copy > Right-click in the open Notepad and select Paste.
  • Save this to the same directory you saved FRST or FRST64 > Save it as fixlist.txt.

Note:  In order for the fix to work, fixlist.txt must be placed next to FRST or FRST64.  You can use your mouse to drag it in place.
 

Start
CloseProcesses:
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> DefaultScope {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3368DA14-5819-46BD-98BB-417DB755C16F} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
Toolbar: HKLM - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM-x32 - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: npDisplayEngine -> C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF Extension:  RivalGaming  - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-01-15]
FF Extension:  LivingPlay TextLinks   - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com [2011-08-18]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
2015-01-20 19:37 - 2013-02-03 22:50 - 00000412 _____ () C:\Windows\Tasks\Quick PC Booster64 startups.job
2015-01-20 19:37 - 2012-07-11 17:55 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2011-03-19 09:35 - 2011-03-19 09:35 - 2339732 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.0
2011-03-19 09:35 - 2011-03-19 09:35 - 1153278 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0011585 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580_navi.JPG
2011-03-19 09:34 - 2011-03-19 09:34 - 2107746 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.0
2011-03-19 09:35 - 2011-03-19 09:34 - 0814227 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.1
2011-03-19 09:35 - 2011-03-19 09:35 - 0814263 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.2
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.3
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0010588 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581_navi.JPG
2011-03-19 09:33 - 2011-03-19 09:37 - 2152508 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.0
2011-03-19 09:37 - 2011-03-19 09:37 - 0834317 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.JPG
2011-03-19 09:37 - 2011-03-19 09:37 - 0013189 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582_navi.JPG
2010-11-26 21:20 - 2010-11-26 21:20 - 0674933 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.0
2010-11-26 21:21 - 2010-11-26 21:20 - 0176681 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.JPG
2010-11-26 21:21 - 2010-11-26 21:21 - 0691040 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.0
2010-11-26 21:21 - 2010-11-26 21:21 - 0186674 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.JPG
2010-11-26 21:23 - 2010-11-26 21:23 - 0700418 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.0
2010-11-26 21:23 - 2010-11-26 21:23 - 0174107 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.JPG
2013-02-03 23:14 - 2013-02-10 16:58 - 0000105 _____ () C:\Users\Bly4\AppData\Local\ZDManager.ini
C:\Users\cd1\setup.exe
C:\Users\crack\keygen.bat
C:\Users\crack\lic.dat
C:\Users\crack\ptcrypt.exe
C:\Users\Bly4\AppData\Local\Temp\bpuninstall.exe
C:\Users\Bly4\AppData\Local\Temp\Quarantine.exe
C:\Users\Bly4\AppData\Local\Temp\sqlite3.dll
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 3.22 - Philipp Winterberg)
GamingWonderland Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
RivalGaming (HKLM-x32\...\RivalGaming) (Version:  - RivalGaming) <==== ATTENTION!
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Task: {2F5470C4-21A7-456B-9ECA-0FEA95D4CBC3} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {49B3DFEF-F59E-4AD9-8EC6-6EEAF10BCFB0} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {660C6DDA-6491-427D-99F8-4387F5CC2BC9} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {CBA25F96-DAED-4DB6-9B3D-D25750DACB84} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {F1CADD5C-5C43-48E4-938C-42ECA03917F2} - System32\Tasks\4528 => Wscript.exe C:\Users\Bly4\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A
AlternateDataStreams: C:\ProgramData\Temp:AD022376
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.  Running this on another machine may cause damage to your operating system.

  • Run FRST / FRST64, press the Fix button once and wait.
  • When finished, the tool will generate a log on the Desktop (Fixlog.txt).  Please post it to your next reply.

 

CHECKLIST : In your next reply, please post the following:

  • Fixlog.txt
  • Let me know how your computer is running now.


#15 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 23 January 2015 - 03:45 PM

Hi Fb, sorry to be so long.  Ran the fixit report and here's the results;

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Bly4 at 2015-01-23 11:13:16 Run:1
Running from C:\Users\Bly4\Videos\Desktop
Loaded Profiles: Bly4 (Available profiles: Bly4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {CC778948-1EA5-4599-AE7A-9807D211DCF4} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> DefaultScope {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3368DA14-5819-46BD-98BB-417DB755C16F} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL =
SearchScopes: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> {83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} URL = https://search.yahoo...&p={searchTerms}
Toolbar: HKLM - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - !{0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM-x32 - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKU\S-1-5-21-439321651-4069142202-3324294406-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: npDisplayEngine -> C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF Extension:  RivalGaming  - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-01-15]
FF Extension:  LivingPlay TextLinks   - C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com [2011-08-18]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
2015-01-20 19:37 - 2013-02-03 22:50 - 00000412 _____ () C:\Windows\Tasks\Quick PC Booster64 startups.job
2015-01-20 19:37 - 2012-07-11 17:55 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2011-03-19 09:35 - 2011-03-19 09:35 - 2339732 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.0
2011-03-19 09:35 - 2011-03-19 09:35 - 1153278 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0011585 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1580_navi.JPG
2011-03-19 09:34 - 2011-03-19 09:34 - 2107746 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.0
2011-03-19 09:35 - 2011-03-19 09:34 - 0814227 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.1
2011-03-19 09:35 - 2011-03-19 09:35 - 0814263 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.2
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.3
2011-03-19 09:35 - 2011-03-19 09:35 - 0814268 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581.JPG
2011-03-19 09:35 - 2011-03-19 09:35 - 0010588 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1581_navi.JPG
2011-03-19 09:33 - 2011-03-19 09:37 - 2152508 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.0
2011-03-19 09:37 - 2011-03-19 09:37 - 0834317 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582.JPG
2011-03-19 09:37 - 2011-03-19 09:37 - 0013189 _____ () C:\Users\Bly4\AppData\Local\tmpDSCN1582_navi.JPG
2010-11-26 21:20 - 2010-11-26 21:20 - 0674933 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.0
2010-11-26 21:21 - 2010-11-26 21:20 - 0176681 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0213.JPG
2010-11-26 21:21 - 2010-11-26 21:21 - 0691040 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.0
2010-11-26 21:21 - 2010-11-26 21:21 - 0186674 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0214.JPG
2010-11-26 21:23 - 2010-11-26 21:23 - 0700418 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.0
2010-11-26 21:23 - 2010-11-26 21:23 - 0174107 _____ () C:\Users\Bly4\AppData\Local\tmpIMG_0215.JPG
2013-02-03 23:14 - 2013-02-10 16:58 - 0000105 _____ () C:\Users\Bly4\AppData\Local\ZDManager.ini
C:\Users\cd1\setup.exe
C:\Users\crack\keygen.bat
C:\Users\crack\lic.dat
C:\Users\crack\ptcrypt.exe
C:\Users\Bly4\AppData\Local\Temp\bpuninstall.exe
C:\Users\Bly4\AppData\Local\Temp\Quarantine.exe
C:\Users\Bly4\AppData\Local\Temp\sqlite3.dll
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 3.22 - Philipp Winterberg)
GamingWonderland Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
RivalGaming (HKLM-x32\...\RivalGaming) (Version:  - RivalGaming) <==== ATTENTION!
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Task: {2F5470C4-21A7-456B-9ECA-0FEA95D4CBC3} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {49B3DFEF-F59E-4AD9-8EC6-6EEAF10BCFB0} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {660C6DDA-6491-427D-99F8-4387F5CC2BC9} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {CBA25F96-DAED-4DB6-9B3D-D25750DACB84} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {F1CADD5C-5C43-48E4-938C-42ECA03917F2} - System32\Tasks\4528 => Wscript.exe C:\Users\Bly4\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A
AlternateDataStreams: C:\ProgramData\Temp:AD022376
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC778948-1EA5-4599-AE7A-9807D211DCF4}" => Key deleted successfully.
HKCR\CLSID\{CC778948-1EA5-4599-AE7A-9807D211DCF4} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CC778948-1EA5-4599-AE7A-9807D211DCF4}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CC778948-1EA5-4599-AE7A-9807D211DCF4} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3368DA14-5819-46BD-98BB-417DB755C16F}" => Key deleted successfully.
HKCR\CLSID\{3368DA14-5819-46BD-98BB-417DB755C16F} => Key not found.
"HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}" => Key deleted successfully.
HKCR\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key not found.
"HKU\S-1-5-21-439321651-4069142202-3324294406-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83FAC2E9-A06B-42EE-B2DE-33FB37113CFC}" => Key deleted successfully.
HKCR\CLSID\{83FAC2E9-A06B-42EE-B2DE-33FB37113CFC} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value deleted successfully.
HKCR\CLSID\!{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => value deleted successfully.
HKCR\CLSID\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
HKCR\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{F3FEE66E-E034-436a-86E4-9690573BEE8A} => value deleted successfully.
HKCR\CLSID\!{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{F3FEE66E-E034-436a-86E4-9690573BEE8A} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Key not found.
HKU\S-1-5-21-439321651-4069142202-3324294406-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\npDisplayEngine" => Key deleted successfully.
C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll => Moved successfully.
C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com => Moved successfully.
C:\Users\Bly4\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com => Moved successfully.
catchme => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
C:\Windows\Tasks\Quick PC Booster64 startups.job => Moved successfully.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1580.0 => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1580.JPG => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1580_navi.JPG => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1581.0 => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1581.1 => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1581.2 => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1581.3 => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1581.JPG => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1581_navi.JPG => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1582.0 => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1582.JPG => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpDSCN1582_navi.JPG => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpIMG_0213.0 => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpIMG_0213.JPG => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpIMG_0214.0 => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpIMG_0214.JPG => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpIMG_0215.0 => Moved successfully.
C:\Users\Bly4\AppData\Local\tmpIMG_0215.JPG => Moved successfully.
"C:\Users\Bly4\AppData\Local\ZDManager.ini" => File/Directory not found.
C:\Users\cd1\setup.exe => Moved successfully.
C:\Users\crack\keygen.bat => Moved successfully.
C:\Users\crack\lic.dat => Moved successfully.
C:\Users\crack\ptcrypt.exe => Moved successfully.
C:\Users\Bly4\AppData\Local\Temp\bpuninstall.exe => Moved successfully.
C:\Users\Bly4\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Bly4\AppData\Local\Temp\sqlite3.dll => Moved successfully.
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION => Error: No automatic fix found for this entry.
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 3.22 - Philipp Winterberg) => Error: No automatic fix found for this entry.
GamingWonderland Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION => Error: No automatic fix found for this entry.
RivalGaming (HKLM-x32\...\RivalGaming) (Version:  - RivalGaming) <==== ATTENTION! => Error: No automatic fix found for this entry.
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F5470C4-21A7-456B-9ECA-0FEA95D4CBC3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F5470C4-21A7-456B-9ECA-0FEA95D4CBC3}" => Key deleted successfully.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49B3DFEF-F59E-4AD9-8EC6-6EEAF10BCFB0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49B3DFEF-F59E-4AD9-8EC6-6EEAF10BCFB0}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{660C6DDA-6491-427D-99F8-4387F5CC2BC9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{660C6DDA-6491-427D-99F8-4387F5CC2BC9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Quick PC Booster64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick PC Booster64 startups" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBA25F96-DAED-4DB6-9B3D-D25750DACB84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBA25F96-DAED-4DB6-9B3D-D25750DACB84}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMWUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1CADD5C-5C43-48E4-938C-42ECA03917F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1CADD5C-5C43-48E4-938C-42ECA03917F2}" => Key deleted successfully.
C:\Windows\System32\Tasks\4528 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4528" => Key deleted successfully.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job not found.
C:\Windows\Tasks\Quick PC Booster64 startups.job not found.
C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
C:\ProgramData\Temp => ":862BDB1A" ADS removed successfully.
C:\ProgramData\Temp => ":AD022376" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 109.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog 11:14:56 ====

 

Not quite sure how to read the report, but I'll ask questions later.  End result is the computer seems to be running better, and I'm not getting lagging typing, searches come up quick.  I'm not getting redirects from my currently selected homepage which is Google. 

 

I did notice that Bing is coming up as the search engine.  My son had loaded Google Chrome and I have no idea how many add-ons or toolbars Chrome has in it.  I personally do not like Google, I feel as a company and  search engine they are very invasive.  I don't trust them.  I may be all wet here and I don't know you (or those at WTT) have found out about Google but I'd be very interested.  I've done searches on other search engines (IE, Google, Safari, Firefox) as to who is best from that perspective but what I did find was research that IE & Google are the most secure, Safari & Firefox are lower.  the funny thing is I don't run into the near the problems or issues I have with my PC with my MacBook Pro, and I use Safari on it.

 

I went into tools, manage add-ons, toolbars and extensions;  I don't see any toolbars but lots of "extensions" (I assume) that are enabled.  Not sure how to manage them (off or on) and would like guidance on those.  I also went into search providers and the only one in there was Bing that was "default" and enabled.  I was expecting IE or Google, Google Chrome. I proceeded to Accelerators and found Mapand Translate default to Bing.   I did a C drive search for Bing and found;

Bing_icon - C:\Users\Bly4\AppData\Local\VirtualStore\Program Files (x86)\Online Services

Bing_icon - C:\Program Files (x86)\Online Services

favicon_bing - C:\Program Files (x86)\Internet Explorer\SIGNUP    Opens with: Windows Live Photo Gallery

Bing  - C:\Program Files\Internet Explorer\images

Bing - C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17509_none_11ac2db52f16b27a

Bing - C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_11ace3f52f15e572

Bing - 64e35_11.2.9600.17280_none_11d56cd12ef642b6

(the last 4 being .ico icon)

 

I guess I find it sneaky that under tools, internet options, and you select which Homepage you default in this case Google currently that in another toolbar I've got Bing as my default search provider.  At the end of the day I'd like to delete Bing from my computer.

 

At some point I'd like to work on computer startup time and program / services that startup that can minimize startup time.  That may be another topic in another place with WTT.

 

That's what I've got, sorry for being so long.

 

Fred


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users