Page 1 of 3 123 LastLast
Results 1 to 10 of 29
  1. #1
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default Computer running slow and won't D/L updates etc

    This is a Windows 7 machine, 32 bit, 2.5 G RAM. I had a Trojan, powessere.a!res and got rid of it. There must be something I missed because I am still having problems. I can't D/L Adobe updates, firmware for my camera system, and other files. My security settings (in IE) were changed and I reset them to the defaults, however that still doesn't seem to help. The mouse will sometimes run slow and jerky, and the general computer is slow. With these problems the only way for me to run Hijack This was to put it on a thumb drive (from a good machine) and move it over the bad one. I am posting the files (Hijack this) here and also AVG 2015, Superantispyware, and Malwarebytes. I ran the Hijack log thru the detective too.

    AVG:
    Whole Computer Scan
    No infection was found during this scan
    Scanned folders:;"Scan Whole Computer"
    Started:;"12/15/2014, 8:26:50 AM"
    Finished:;"12/15/2014, 10:34:36 AM"
    Scanned items:;"163234"
    Launched by:;"user"




    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 12:52:01 PM, on 12/15/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.17183)


    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    C:\Program Files\AVG\AVG2015\avgui.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\USBKVM Switcher\USBKVM.exe
    C:\Program Files\Common Files\aol\1266698022\ee\aolsoftware.exe
    C:\Program Files\AOL Desktop 9.7a\waol.exe
    C:\Program Files\AOL Desktop 9.7a\shellmon.exe
    C:\Program Files\Common Files\aol\1266698022\ee\aolupdates.exe
    C:\Users\user\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [IOGEAR Auto Printer Sharing Switch] C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe start
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Users\user\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.7a\AOL.EXE" -b
    O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe
    O4 - Global Startup: USBKVM Switcher.lnk = C:\Program Files\USBKVM Switcher\USBKVM.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: LastPass - file://C:\Users\user\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\user\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - http://javadl-esd.oracle.com/update/...ndows-i586.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
    O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
    O23 - Service: lxec_device - - C:\Windows\system32\lxeccoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Splunkd - Splunk Inc. - C:\Program Files\Splunk\bin\splunkd.exe
    O23 - Service: Splunkweb - Unknown owner - C:\Program Files\Splunk\bin\splunkweb.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 7568 bytes






    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 12/15/2014
    Scan Time: 7:16:37 AM
    Logfile: MalwareLOG.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.15.02
    Rootkit Database: v2014.12.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: user

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 392275
    Time Elapsed: 23 min, 55 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)




    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/15/2014 at 08:25 AM

    Application Version : 6.0.1164
    Database Version : 11661

    Scan type : Complete Scan
    Total Scan Time : 00:43:07

    Operating System Information
    Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 731
    Memory threats detected : 0
    Registry items scanned : 22338
    Registry threats detected : 0
    File items scanned : 25444
    File threats detected : 0

    ============
    End of Log
    ============

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  3. #3
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default

    Hi Mr. Pittsburgh! You did a good job of helping me about a year ago with a problem. It turned out great. Attached are the logs you asked for.

    Thanks, Larry


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01
    Ran by user (administrator) on COMPAQ on 15-12-2014 18:29:23
    Running from C:\Users\user\Desktop
    Loaded Profiles: user & Administrator (Available profiles: user & Administrator)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
    (ArcSoft, Inc.) C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    ( ) C:\Windows\System32\lxeccoms.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
    (Splunk Inc.) C:\Program Files\Splunk\bin\splunkd.exe
    () C:\Program Files\Splunk\bin\splunkweb.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
    () C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    () C:\Program Files\USBKVM Switcher\USBKVM.exe
    (AOL Inc.) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (AOL Inc.) C:\Program Files\Common Files\aol\1266698022\ee\aolsoftware.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
    (AOL Inc.) C:\Program Files\AOL Desktop 9.7a\waol.exe
    (AOL Inc.) C:\Program Files\AOL Desktop 9.7a\shellmon.exe
    (AOL Inc.) C:\Program Files\Common Files\aol\1266698022\ee\aolupdates.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [IOGEAR Auto Printer Sharing Switch] => C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe [867328 2010-03-05] ()
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-21-2178227108-149082570-3650749505-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-10-21] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-2178227108-149082570-3650749505-1002\...\Run: [cdloader] => C:\Users\user\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
    HKU\S-1-5-21-2178227108-149082570-3650749505-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6697752 2014-11-24] (SUPERAntiSpyware)
    HKU\S-1-5-21-2178227108-149082570-3650749505-1002\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7a\AOL.EXE [72760 2013-09-07] (AOL Inc.)
    HKU\S-1-5-21-2178227108-149082570-3650749505-500\...\RunOnce: [avg_spchecker] => "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\USBKVM Switcher.lnk
    ShortcutTarget: USBKVM Switcher.lnk -> C:\Program Files\USBKVM Switcher\USBKVM.exe ()
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
    BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2178227108-149082570-3650749505-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKU\S-1-5-21-2178227108-149082570-3650749505-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-2178227108-149082570-3650749505-1002 -> DefaultScope {2BE51A2D-CC39-4B72-BFCB-11FC0BB213F0} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2178227108-149082570-3650749505-1002 -> {1913A79D-26E4-4599-9AE5-B13BB10AAC05} URL =
    SearchScopes: HKU\S-1-5-21-2178227108-149082570-3650749505-1002 -> {2BE51A2D-CC39-4B72-BFCB-11FC0BB213F0} URL = https://www.google.com/search?q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.oracle.com/update/...ndows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c75guc3d.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass64.dll (LastPass)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin HKU\S-1-5-21-2178227108-149082570-3650749505-1002: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
    R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
    R2 BackupService; C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [67104 2013-02-20] (ArcSoft, Inc.)
    S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
    R2 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( )
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
    R2 Splunkd; C:\Program Files\Splunk\bin\splunkd.exe [15349528 2013-01-31] (Splunk Inc.)
    R2 Splunkweb; C:\Program Files\Splunk\bin\splunkweb.exe [19224 2013-01-31] ()
    R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 A5AGU; C:\Windows\System32\DRIVERS\AGUx86.sys [905728 2008-08-07] (D-Link Corporation)
    R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
    S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    R1 MpKsl3b95aea6; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{530A948F-D30A-41DF-B778-9C0B9344C54A}\MpKsl3b95aea6.sys [39464 2014-12-15] (Microsoft Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25808 2014-01-07] (Microsoft Corporation)
    R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [13528 2014-07-21] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 splunkdrv-win6; C:\Windows\System32\DRIVERS\splunkdrv-win6.sys [31096 2013-01-31] (Windows (R) Win 7 DDK provider) [File not signed]
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-03] ()
    S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2010-01-21] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2010-01-21] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24960 2010-01-21] (LG Electronics Inc.)
    R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-15 18:29 - 2014-12-15 18:29 - 00013706 _____ () C:\Users\user\Desktop\FRST.txt
    2014-12-15 18:29 - 2014-12-15 18:29 - 00000000 ____D () C:\FRST
    2014-12-15 18:27 - 2014-12-15 18:22 - 01111040 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
    2014-12-15 12:55 - 2014-12-15 12:55 - 00000581 _____ () C:\Users\user\Desktop\SUPERAntiSpyware Scan Log - 12-15-2014 - 08-25-09.log
    2014-12-15 12:53 - 2014-12-15 12:53 - 00000470 _____ () C:\Users\user\Desktop\AVGReport.csv
    2014-12-15 12:52 - 2014-12-15 12:52 - 00007569 _____ () C:\Users\user\Desktop\hijackthisAFTERCLEAN.log
    2014-12-15 12:43 - 2014-12-15 12:52 - 00007569 _____ () C:\Users\user\Downloads\hijackthis.log
    2014-12-15 12:43 - 2014-12-15 12:43 - 00007693 _____ () C:\Users\user\Desktop\hijackthis2.log
    2014-12-15 12:36 - 2014-12-15 12:36 - 00007890 _____ () C:\Users\user\Desktop\hijackthis.log
    2014-12-15 12:29 - 2014-12-15 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe
    2014-12-14 17:33 - 2014-12-14 17:33 - 00001056 _____ () C:\Users\user\Desktop\SecurView Pro.lnk
    2014-12-14 17:33 - 2014-12-14 17:33 - 00000000 ____D () C:\Program Files\TRENDnet
    2014-12-14 17:33 - 2012-10-22 12:39 - 01169144 _____ (TRENDnet) C:\Windows\system32\DVRCodecs.dll
    2014-12-14 17:33 - 2012-10-22 12:39 - 00378104 _____ (TRENDnet) C:\Windows\system32\DVRCodecsI.dll
    2014-12-14 17:33 - 2012-10-22 12:39 - 00196856 _____ (TRENDnet) C:\Windows\system32\DVRCodecsF.dll
    2014-12-14 17:33 - 2012-03-12 23:18 - 02274816 _____ () C:\Windows\system32\avcodec-dvrcodecsf-53.dll
    2014-12-14 17:33 - 2012-03-12 23:18 - 00244224 _____ () C:\Windows\system32\swscale-dvrcodecsf-2.dll
    2014-12-14 17:33 - 2012-03-12 23:18 - 00135680 _____ () C:\Windows\system32\avutil-dvrcodecsf-51.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 08527872 _____ (Intel Corporation.) C:\Windows\system32\ippiv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 08491008 _____ (Intel Corporation.) C:\Windows\system32\ippip8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 08077312 _____ (Intel Corporation.) C:\Windows\system32\ippmv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 08060928 _____ (Intel Corporation.) C:\Windows\system32\ippmp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 05509120 _____ (Intel Corporation.) C:\Windows\system32\ippmpx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 05107712 _____ (Intel Corporation.) C:\Windows\system32\ippipx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 03174400 _____ (Intel Corporation.) C:\Windows\system32\ippsv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 03170304 _____ (Intel Corporation.) C:\Windows\system32\ippsp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 02093056 _____ (Intel Corporation.) C:\Windows\system32\ippscp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 02064384 _____ (Intel Corporation.) C:\Windows\system32\ippscv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 01814528 _____ (Intel Corporation.) C:\Windows\system32\ippspx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 01429504 _____ (Intel Corporation.) C:\Windows\system32\ippccv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 01396736 _____ (Intel Corporation.) C:\Windows\system32\ippccp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 01351680 _____ (Intel Corporation.) C:\Windows\system32\ippvcv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 01347584 _____ (Intel Corporation.) C:\Windows\system32\ippvcp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 01204224 _____ (Intel Corporation.) C:\Windows\system32\ippvmv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 01204224 _____ (Intel Corporation.) C:\Windows\system32\ippvmp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 01122304 _____ (Intel Corporation.) C:\Windows\system32\ippjpx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 01093632 _____ (Intel Corporation.) C:\Windows\system32\ippscpx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00999424 _____ (Intel Corporation.) C:\Windows\system32\ippccpx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00995328 _____ (Intel Corporation.) C:\Windows\system32\ippvcpx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00917504 _____ (Intel Corporation.) C:\Windows\system32\ippacv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00917504 _____ (Intel Corporation.) C:\Windows\system32\ippacp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00892928 _____ (Intel Corporation.) C:\Windows\system32\ippvmpx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00892928 _____ (Intel Corporation.) C:\Windows\system32\ippjv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00892928 _____ (Intel Corporation.) C:\Windows\system32\ippjp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00798720 _____ (Intel Corporation.) C:\Windows\system32\ippacpx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00516832 _____ (Microsoft Corporation) C:\Windows\system32\capicom.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00352256 _____ (Intel Corporation.) C:\Windows\system32\ippi-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00294912 _____ (Intel Corporation.) C:\Windows\system32\ippdcv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00294912 _____ (Intel Corporation) C:\Windows\system32\libguide40.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00290816 _____ (Intel Corporation.) C:\Windows\system32\ippdcp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00237568 _____ (Intel Corporation.) C:\Windows\system32\ippdcpx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00233472 _____ (Intel Corporation.) C:\Windows\system32\ipps-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00221184 _____ (Intel Corporation.) C:\Windows\system32\ippchp8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00217088 _____ (Intel Corporation.) C:\Windows\system32\ippchv8-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00188416 _____ (Intel Corporation.) C:\Windows\system32\ippchpx-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00139264 _____ (Intel Corporation.) C:\Windows\system32\ippm-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00118784 _____ (Intel Corporation.) C:\Windows\system32\ippvc-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00118784 _____ (Intel Corporation.) C:\Windows\system32\ippcc-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00114688 _____ (Intel Corporation.) C:\Windows\system32\ippsc-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00098304 _____ (Intel Corporation.) C:\Windows\system32\ippvm-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00098304 _____ (Intel Corporation.) C:\Windows\system32\ippj-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00098304 _____ (Intel Corporation.) C:\Windows\system32\ippac-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00094208 _____ (Intel Corporation.) C:\Windows\system32\ippcore-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00090112 _____ (Intel Corporation.) C:\Windows\system32\ippdc-5.3.dll
    2014-12-14 17:33 - 2012-02-28 16:10 - 00086016 _____ (Intel Corporation.) C:\Windows\system32\ippch-5.3.dll
    2014-12-14 16:34 - 2014-12-14 16:57 - 00013624 _____ () C:\ProgramData\DVRServer.log
    2014-12-14 16:09 - 2014-12-14 17:35 - 00010570 _____ () C:\ProgramData\DVRServerTools.log
    2014-12-14 16:08 - 2014-12-14 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRENDnet
    2014-12-14 11:25 - 2014-12-14 22:46 - 00965990 _____ () C:\ProgramData\DVRServerMediaDevices.log
    2014-12-14 11:25 - 2014-12-14 22:41 - 01048678 _____ () C:\ProgramData\DVRServerMediaDevices_.log
    2014-12-13 21:47 - 2014-12-13 21:47 - 00000000 ____D () C:\ProgramData\DvrTemp
    2014-12-13 12:12 - 2014-12-13 12:12 - 00000336 _____ () C:\Program Files\temp995.bat
    2014-12-12 22:09 - 2014-12-12 22:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVG2015
    2014-12-12 22:08 - 2014-12-12 22:08 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
    2014-12-12 22:08 - 2014-12-12 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-12-12 22:07 - 2014-12-12 22:09 - 00000000 ____D () C:\ProgramData\AVG2015
    2014-12-12 22:07 - 2014-12-12 22:07 - 00000000 ___HD () C:\$AVG
    2014-12-12 22:07 - 2014-12-12 22:07 - 00000000 ____D () C:\Program Files\AVG
    2014-12-12 22:00 - 2014-12-15 09:20 - 00000000 ____D () C:\ProgramData\MFAData
    2014-12-12 22:00 - 2014-12-12 22:13 - 00000000 ____D () C:\Users\user\AppData\Local\Avg2015
    2014-12-12 22:00 - 2014-12-12 22:00 - 00000000 ____D () C:\Users\user\AppData\Local\MFAData
    2014-12-12 21:59 - 2014-12-12 21:59 - 04637504 _____ (AVG Technologies) C:\Users\user\Downloads\avg_free_stb_all_2015_5557_cnet.exe
    2014-12-12 09:31 - 2014-12-15 06:44 - 00000560 _____ () C:\Windows\setupact.log
    2014-12-12 09:31 - 2014-12-12 09:31 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-10 10:06 - 2014-12-10 10:06 - 00000000 ____D () C:\Users\user\Documents\dphone
    2014-12-10 09:04 - 2014-12-10 09:04 - 00000000 ____D () C:\Windows\system32\appraiser
    2014-12-10 08:58 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-10 08:43 - 2014-11-21 02:18 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-10 08:43 - 2014-11-21 02:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-10 08:43 - 2014-11-21 02:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-10 08:43 - 2014-11-21 02:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-10 08:43 - 2014-11-21 02:17 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-10 08:43 - 2014-11-21 02:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-10 08:43 - 2014-11-21 02:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-10 08:43 - 2014-11-21 02:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-10 08:43 - 2014-11-21 02:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-10 08:43 - 2014-11-21 01:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-10 08:43 - 2014-11-21 01:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-12-10 08:43 - 2014-11-21 00:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-12-10 08:43 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-10 08:42 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2014-12-10 08:42 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2014-12-10 08:42 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-12-10 08:42 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2014-12-10 08:42 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-12-10 08:42 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2014-12-10 08:42 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-12-10 08:42 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2014-12-10 08:42 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-10 08:42 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-10 08:41 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-10 08:40 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-10 08:40 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-10 08:40 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-10 08:40 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-10 08:40 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-09 20:53 - 2014-12-09 20:53 - 00001171 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
    2014-12-09 20:53 - 2014-12-09 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
    2014-12-09 20:53 - 2014-12-09 20:53 - 00000000 ____D () C:\Program Files\Tracker Software
    2014-12-09 20:51 - 2014-12-09 20:51 - 00000000 ____D () C:\Users\user\Downloads\PDFXVwer
    2014-12-09 20:49 - 2014-12-09 20:49 - 17072512 _____ () C:\Users\user\Downloads\PDFXVwer.zip
    2014-12-08 18:45 - 2014-12-08 18:46 - 00000000 _____ () C:\Users\user\Documents\tru dri.avi
    2014-12-02 22:29 - 2014-12-02 22:32 - 00000000 ____D () C:\AdwCleaner
    2014-12-02 22:26 - 2014-12-02 22:27 - 02154496 _____ () C:\Users\user\Downloads\adwcleaner_4.103.exe
    2014-11-25 17:36 - 2014-11-25 17:37 - 00000000 ____D () C:\Users\user\Documents\Reflect
    2014-11-25 17:14 - 2014-11-25 17:14 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
    2014-11-25 17:14 - 2014-11-25 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
    2014-11-25 17:14 - 2014-11-25 17:14 - 00000000 ____D () C:\Program Files\Macrium
    2014-11-25 17:12 - 2014-11-25 17:15 - 00313378 _____ () C:\Reflect_Install.log
    2014-11-25 17:08 - 2014-11-25 17:11 - 00000000 ____D () C:\Users\user\Downloads\Macrium
    2014-11-25 17:08 - 2014-11-25 17:11 - 00000000 ____D () C:\ProgramData\Macrium
    2014-11-25 17:06 - 2014-11-25 17:06 - 02292720 _____ (Paramount Software UK Ltd) C:\Users\user\Downloads\reflectdl.exe
    2014-11-19 08:22 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-19 08:22 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-15 15:57 - 2010-01-29 02:41 - 01134427 _____ () C:\Windows\WindowsUpdate.log
    2014-12-15 14:17 - 2009-07-13 23:34 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-15 14:17 - 2009-07-13 23:34 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-15 12:55 - 2014-06-30 09:55 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-15 12:49 - 2014-07-13 22:37 - 00000000 ____D () C:\Users\user\Downloads\backups
    2014-12-15 12:34 - 2010-01-29 02:51 - 00788450 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-15 07:41 - 2014-11-04 08:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-15 06:44 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-15 06:43 - 2010-04-09 08:02 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
    2014-12-14 17:54 - 2014-05-10 12:41 - 00188579 _____ () C:\ProgramData\DVRClient.log
    2014-12-14 17:34 - 2014-05-10 12:38 - 00000000 ____D () C:\Program Files\Morgan Multimedia Motion JPEG Codec
    2014-12-13 12:13 - 2010-02-28 22:57 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-12-13 12:12 - 2010-04-14 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
    2014-12-13 12:12 - 2010-02-28 22:54 - 00000000 ____D () C:\Program Files\PDF995
    2014-12-13 12:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-12-12 12:30 - 2011-08-31 19:41 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
    2014-12-12 09:24 - 2014-11-05 07:21 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
    2014-12-12 09:24 - 2010-01-29 02:37 - 00000000 ____D () C:\Windows\Panther
    2014-12-11 07:19 - 2011-10-16 08:59 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
    2014-12-10 23:57 - 2014-06-30 09:55 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-10 23:57 - 2014-06-30 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-10 09:43 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
    2014-12-10 09:04 - 2014-04-23 06:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-12-10 09:04 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
    2014-12-10 08:59 - 2010-01-29 11:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-10 08:55 - 2013-07-11 17:54 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 08:46 - 2010-01-29 08:31 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-04 18:04 - 2012-11-26 18:02 - 00000000 ___RD () C:\Program Files\Skype
    2014-12-04 18:03 - 2011-08-31 19:41 - 00000000 ____D () C:\ProgramData\Skype
    2014-12-04 06:18 - 2009-07-13 23:53 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-12-01 07:17 - 2012-04-13 21:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-12-01 07:17 - 2011-11-06 06:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-11-21 06:14 - 2014-06-30 09:55 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-21 06:14 - 2014-06-30 09:55 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-21 06:14 - 2011-09-15 19:01 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-15 21:50 - 2014-05-09 22:39 - 00000000 ___RD () C:\Users\user\OneDrive

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-15 11:07




    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2014 01
    Ran by user at 2014-12-15 18:30:36
    Running from C:\Users\user\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
    Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
    AVG 2015 (Version: 15.0.4235 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
    AVIGenerator V1.0.0.0 (HKLM\...\AVIGenerator V1.0.0.0_is1) (Version: - DVR)
    Cain & Abel 4.9.46 (HKLM\...\Cain & Abel 4.9.46) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
    Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
    D9-Viewer 1.2.7.232 (HKLM\...\D9-Viewer) (Version: 1.2.7.232 - )
    DeductionPro 2009 (HKLM\...\{97F4D62E-5AEB-4649-BABF-4712C6EF6845}) (Version: 17.04 - HRB Technology, LLC.)
    Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
    DWG TrueView 2009 (HKLM\...\DWG TrueView 2009) (Version: 17.2.56.0 - Autodesk)
    DWG TrueView 2009 (Version: 17.2.56.0 - Autodesk) Hidden
    eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
    Elevated Installer (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
    Ettercap (Version: 0.7.4 - Ettercap Development Team) Hidden
    Ettercap-0.7.4 (HKLM\...\Ettercap 0.7.4) (Version: 0.7.4 - Ettercap Development Team)
    ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
    FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
    Garmin Express (HKLM\...\{045320b6-c340-4960-aefd-57bf08a9b425}) (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
    GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
    H264 Video Codec (HKLM\...\H264) (Version: - T,DP5)
    Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
    ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
    IOGEAR Auto Printer Sharing Switch 2.0 (HKLM\...\IOGEAR Auto Printer Sharing Switch_is1) (Version: - IOGEAR, Inc.)
    iSpy (HKLM\...\{C31719FC-309E-4529-A78C-DC6FAEC12CC2}) (Version: 6.1.3 - iSpy)
    LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)
    Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.)
    Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
    Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
    Macrium Reflect Free Edition (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden
    magicJack (HKU\S-1-5-21-2178227108-149082570-3650749505-1002\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Expression Blend 3 SDK (HKLM\...\{0E837AF0-4C92-4077-83F0-D022073F17C0}) (Version: 1.0.1327.0 - Microsoft Corporation)
    Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
    Microsoft Expression Studio 2 (HKLM\...\ExpressionStudio_2.0.133.0) (Version: 2.0.133.0 - Microsoft Corporation)
    Microsoft Expression Studio 3 (HKLM\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
    Microsoft Expression Studio 4 (HKLM\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Web 2 (HKLM\...\XWeb) (Version: 12.0.4518.1084 - Microsoft Corporation)
    Microsoft Expression Web 3 (HKLM\...\Web_3.0.3813.0) (Version: 3.0.3813.0 - Microsoft Corporation)
    Microsoft Expression Web 3 SP1 (HKLM\...\{752E90AC-3F11-4EA3-88EA-96441047EC31}) (Version: - Microsoft Corporation)
    Microsoft Expression Web 4 (HKLM\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
    Microsoft Expression Web 4 Service Pack 2 (HKLM\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
    Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Access database engine 2007 (English) (HKLM\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2178227108-149082570-3650749505-1002\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40624.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation)
    Microsoft Streets & Trips 2010 (HKLM\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.18.2200 - Microsoft Corporation)
    Microsoft Streets & Trips 2011 (HKLM\...\{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}) (Version: 18.0.26.0201 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    MiniPlayer version 1.5 (HKLM\...\{CFEFC45E-86A0-4970-B14F-C273CA021B10}_is1) (Version: 1.5 - )
    Morgan Multimedia Motion JPEG Codec 3.0.0.9 (HKLM\...\Morgan Multimedia Motion JPEG Codec_is1) (Version: 3.0.0.9 - Morgan Multimedia)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network Print Monitor for Windows (HKLM\...\Network Print Monitor) (Version: - )
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
    PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
    Playback 2.3.0.4 (HKLM\...\Playback_is1) (Version: - )
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    QS Multi DVR View (HKLM\...\{FF14C187-9EB3-41F9-862F-2620EF5E5898}_is1) (Version: - sz)
    Quicken 2007 (HKLM\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.1.27 - Intuit)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
    Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
    SecurView Pro 2.1.4 (HKLM\...\DVRServer.Application_is1) (Version: 2.1.4 - TRENDnet)
    Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
    SlimCleaner (HKLM\...\{0E202730-41DE-479B-9AE3-63EE685766C4}) (Version: 3.0.20442 - SlimWare Utilities, Inc.)
    SlingPlayer for Web (HKLM\...\{C4C16155-2677-46DE-8EC2-A978204B6829}) (Version: 2.4.063 - Sling Media)
    Splunk (HKLM\...\{B015973E-A65D-48D3-83C2-BF9723705AB1}) (Version: 108.5.24561 - Splunk, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
    Survey Link Extension (HKLM\...\{280C9F2B-45ED-493B-B406-31C1434CAF7C}) (Version: 1.0.0 - Autodesk)
    SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
    Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version: - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    USBKVM Switcher 2.27 (HKLM\...\USBKVM Switcher_is1) (Version: - )
    VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
    Viber (HKU\S-1-5-21-2178227108-149082570-3650749505-1002\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
    Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    VS 2008 CRT Package (HKLM\...\{ED79C920-2FF2-4742-AF32-B58BE68B0FA6}) (Version: 1.1.0 - Microsoft)
    WebClient (HKLM\...\WebClient) (Version: - )
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Mobile Device Center Driver Update (HKLM\...\{CB8CA439-DA83-419C-A4CF-5A0A50025144}) (Version: 6.0.6783.0 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    Wireshark 1.8.6 (32-bit) (HKLM\...\Wireshark) (Version: 1.8.6 - The Wireshark developer community, http://www.wireshark.org)
    WPF Toolkit June 2009 (Version 3.5.40619.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.40619.1 - Microsoft Corporation)
    Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2178227108-149082570-3650749505-1002\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7a\axtrack.dll (AOL Inc.)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\DWG TrueView 2009\DWGVIEWRficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}\localserver32 -> C:\Program Files\DWG TrueView 2009\DWGVIEWR.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7a\axtrack.dll (AOL Inc.)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\DWG TrueView 2009\DWGVIEWR.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\user\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe No F (the data entry has 3 more characters).
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7a\axtrack.dll (AOL Inc.)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\FileSyncApi.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    15-12-2014 16:12:47 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:04 - 2014-11-03 12:32 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0036FEC4-37D0-41CD-9741-0AF3CA09E353} - System32\Tasks\{D520AAEB-8738-4DD6-8611-177733682EFF} => pcalua.exe -a C:\Users\user\Desktop\T3vis.exe -d C:\Users\user\Desktop
    Task: {1CF03292-7DA3-426D-BB57-DE79DE74ECC2} - System32\Tasks\{5B827648-999A-4A67-AA49-75C3A7068065} => pcalua.exe -a C:\Users\user\Desktop\trilogyiii.exe -d C:\Users\user\Desktop
    Task: {2F999AB4-9783-434C-8925-6FA19D9635B0} - System32\Tasks\{D1D76AED-470B-4724-9ACF-055C5D153865} => pcalua.exe -a C:\Users\user\Desktop\pictureviz.exe -d C:\Users\user\Desktop
    Task: {3601BC20-1BD0-4C08-B2AD-B7EE287EEDCA} - System32\Tasks\{EB8090B3-C384-42A6-9F4F-F46C7F4F31F0} => pcalua.exe -a C:\Users\user\Desktop\dungeon.exe -d C:\Users\user\Desktop
    Task: {37D9620F-0225-43AC-B775-F96761FB1B9F} - System32\Tasks\{51F16467-F11B-402A-9E94-7471FFCC3BFC} => pcalua.exe -a C:\Users\user\Desktop\trilogyii.exe -d C:\Users\user\Desktop
    Task: {3848A168-5CFF-415A-9C25-D96016C25F60} - System32\Tasks\{8F888DD2-0C14-4769-92BA-1FDC990589DF} => pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_wua2340_drivers_150.zip\wua2340_drivers_150\setup.exe
    Task: {3FFE774F-A01B-4249-95A6-540C965D83AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
    Task: {51B79F38-BAC0-40E4-AB54-03560CF7AF54} - System32\Tasks\{19930FA1-ACF1-41CB-9506-07908DCC0957} => pcalua.exe -a E:\DRV_UVC_20100510_mirror_flip_345I342E_Default.exe -d E:\
    Task: {52FCCDB1-D408-4573-A16F-2C94DB6B48FA} - System32\Tasks\{E6171111-7F08-465E-BDDB-DC5877DD56AC} => pcalua.exe -a C:\Users\user\Desktop\MP10_EnergyBlissViz.exe -d C:\Users\user\Desktop
    Task: {57AE3D20-01A2-4DEE-AE90-4FB2C9B52F6D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {5C54B399-7F27-43A9-BA2B-B68358919E63} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: {709BAA2D-D6AE-4745-A9E2-7C92F5A39A90} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {7C98F62A-EE35-4E65-B08D-D2A377EA88CB} - System32\Tasks\{C4274ED6-E428-4B71-9C59-F8268457C72E} => pcalua.exe -a C:\Users\user\Desktop\pulsingcolorsviz.exe -d C:\Users\user\Desktop
    Task: {8935F75F-FA9A-4FF4-B75C-8B74B1D0F5FE} - System32\Tasks\{363C56F6-0136-4E56-90F2-41EE5E66815E} => pcalua.exe -a C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE -c /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Task: {894CABFB-095D-409F-812C-80758CAFDCB0} - System32\Tasks\{6ACFDBA4-C61E-457A-93AF-BA199C24B75C} => pcalua.exe -a "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8TFTF42\t_452_us0_tab_1_5cut_hang.EXE" -d C:\Users\user\Desktop
    Task: {8C70CD50-021D-4A4E-88E9-86A983E8A0EE} - System32\Tasks\{A754535D-B2A2-4EA5-97C8-06494CA00D1E} => pcalua.exe -a F:\HijackThis.exe -d F:\
    Task: {8E3967BB-BFAD-4564-8168-B9D0AF11D8FA} - System32\Tasks\{6E8587A0-F3A6-42F3-8C5E-A10191A86818} => pcalua.exe -a C:\Users\user\Desktop\colorcubesviz.exe -d C:\Users\user\Desktop
    Task: {923F1E7B-8E7A-4188-A7CA-2D6DFA54E545} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-10-21] ()
    Task: {AFC8C065-5A8C-4B08-B7C8-AC0763ED8934} - System32\Tasks\{2B99464D-2ED2-4FE7-8796-8CA17BB3C831} => C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe [2010-03-05] ()
    Task: {B94F76B5-708F-4F72-B549-021C6B754DEC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {BA245C37-EA92-463A-9ADC-464FE87E1480} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
    Task: {BA26F2AF-846F-4C15-96C1-8DBC9C865FD2} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
    Task: {C243FCF2-7771-4D3A-B738-60593832FCB0} - System32\Tasks\{4BFF3150-D863-4713-BF10-F8545D9014C5} => C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe [2010-03-05] ()
    Task: {C4E680BA-1325-441C-A270-64DBE7AE344D} - System32\Tasks\{B77F6105-7FE0-42EB-882D-95A584406DBA} => pcalua.exe -a "C:\Program Files\Samsung\USB Drivers\Uninstall.exe"
    Task: {CF93644F-5B86-406C-95AE-A6227E7229F0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {FB530633-6E72-4132-BA6F-F2011D4B8035} - System32\Tasks\{5F6DDD2E-B52C-42E2-A5A0-3EFE913249B3} => C:\Users\user\Desktop\epson12526.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-11-18 08:24 - 2014-07-02 14:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2010-11-26 20:51 - 2009-11-26 02:08 - 00049152 _____ () C:\Windows\System32\LXECPMON.DLL
    2010-11-26 20:51 - 2009-01-13 09:15 - 04485120 _____ () C:\Windows\System32\LXECOEM.DLL
    2011-08-12 13:31 - 2009-08-27 13:51 - 00054080 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\CRDPROC.DLL
    2012-12-28 20:14 - 2009-11-04 08:14 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxecdrpp.dll
    2012-01-08 08:41 - 2012-01-08 08:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2013-01-28 16:47 - 2007-07-17 16:26 - 00086016 _____ () C:\Program Files\USBKVM Switcher\kEYHOOK.dll
    2013-01-31 19:20 - 2013-01-31 19:20 - 00969496 ____R () C:\Program Files\Splunk\bin\libxml2.dll
    2013-01-31 19:20 - 2013-01-31 19:20 - 00175896 ____R () C:\Program Files\Splunk\bin\libxslt.dll
    2013-01-31 19:20 - 2013-01-31 19:20 - 00493336 ____R () C:\Program Files\Splunk\bin\archive.dll
    2013-01-31 19:21 - 2013-01-31 19:21 - 00019224 ____R () C:\Program Files\Splunk\bin\splunkweb.exe
    2013-01-31 19:21 - 2013-01-31 19:21 - 00112408 ____R () C:\Program Files\Splunk\bin\PyWinTypes27.dll
    2013-01-31 19:21 - 2013-01-31 19:21 - 00046872 ____R () C:\Program Files\Splunk\bin\servicemanager.pyd
    2013-01-31 19:21 - 2013-01-31 19:21 - 00042264 ____R () C:\Program Files\Splunk\bin\win32service.pyd
    2013-01-31 19:21 - 2013-01-31 19:21 - 00087832 ____R () C:\Program Files\Splunk\bin\win32api.pyd
    2013-01-31 19:21 - 2013-01-31 19:21 - 00013080 ____R () C:\Program Files\Splunk\bin\_win32sysloader.pyd
    2013-01-31 19:21 - 2013-01-31 19:21 - 00022808 ____R () C:\Program Files\Splunk\bin\win32event.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00059160 ____R () C:\Program Files\Splunk\bin\_socket.pyd
    2013-01-31 19:21 - 2013-01-31 19:21 - 00029464 ____R () C:\Program Files\Splunk\bin\_ssl.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00145176 ____R () C:\Program Files\Splunk\bin\_elementtree.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00141080 ____R () C:\Program Files\Splunk\bin\pyexpat.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00890648 ____R () C:\Program Files\Splunk\bin\etree.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00067864 ____R () C:\Program Files\Splunk\bin\libexslt.dll
    2013-01-31 19:20 - 2013-01-31 19:20 - 00016152 ____R () C:\Program Files\Splunk\bin\select.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00702232 ____R () C:\Program Files\Splunk\bin\unicodedata.pyd
    2013-01-31 19:21 - 2013-01-31 19:21 - 00087832 ____R () C:\Program Files\Splunk\bin\win32file.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00015128 ____R () C:\Program Files\Splunk\bin\rand.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00063256 ____R () C:\Program Files\Splunk\bin\crypto.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00050968 ____R () C:\Program Files\Splunk\bin\SSL.pyd
    2013-01-31 19:20 - 2013-01-31 19:20 - 00100120 ____R () C:\Program Files\Splunk\bin\_ctypes.pyd
    2013-12-21 20:22 - 2010-03-05 13:37 - 00867328 _____ () C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    2013-01-28 16:47 - 2008-10-02 10:24 - 00188416 _____ () C:\Program Files\USBKVM Switcher\USBKVM.exe
    2010-02-20 15:35 - 2009-10-28 10:38 - 00118784 _____ () c:\program files\common files\aol\1266698022\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll
    2013-09-07 12:20 - 2013-09-07 12:20 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7a\zlib.dll
    2013-09-07 12:19 - 2013-09-07 12:19 - 21117440 _____ () C:\Program Files\AOL Desktop 9.7a\libcef.dll
    2013-09-07 12:19 - 2013-09-07 12:19 - 00648704 _____ () C:\Program Files\AOL Desktop 9.7a\libglesv2.dll
    2013-09-07 12:19 - 2013-09-07 12:19 - 00122880 _____ () C:\Program Files\AOL Desktop 9.7a\libegl.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD
    AlternateDataStreams: C:\Users\user\Documents\Frank Deshantz transfer papers.tiff:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\user\Documents\Frank Deshantz transfer papers.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: Garmin Core Update Service => 2
    MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk => C:\Windows\pss\HP SimpleSave Monitor.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: eFax 4.4 => "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: SkyDrive => "C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2178227108-149082570-3650749505-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-2178227108-149082570-3650749505-501 - Limited - Enabled)
    user (S-1-5-21-2178227108-149082570-3650749505-1002 - Administrator - Enabled) => C:\Users\user

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/15/2014 00:49:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program HijackThis.exe version 2.0.0.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2354

    Start Time: 01d0188e9371efdd

    Termination Time: 62

    Application Path: C:\Users\user\Downloads\HijackThis.exe

    Report Id: b9318fdd-8482-11e4-8a0c-00038a000015

    Error: (12/14/2014 04:57:26 PM) (Source: SecurView Pro Server) (EventID: 5) (User: )
    Description: Error "Catastrophic failure" (0x8000ffff) in module DVRServerTools.ModuleCommunicationTcp

    Error: (12/14/2014 04:57:25 PM) (Source: SecurView Pro Server) (EventID: 5) (User: )
    Description: Error "Catastrophic failure" (0x8000ffff) in module DVRServerTools.ModuleConfiguration

    Error: (12/14/2014 04:55:52 PM) (Source: SecurView Pro Server) (EventID: 5) (User: )
    Description: Error "Catastrophic failure" (0x8000ffff) in module DVRServerTools.ModuleCommunicationTcp

    Error: (12/14/2014 04:55:51 PM) (Source: SecurView Pro Server) (EventID: 5) (User: )
    Description: Error "Catastrophic failure" (0x8000ffff) in module DVRServerTools.ModuleConfiguration

    Error: (12/14/2014 04:36:05 PM) (Source: SecurView Pro Server) (EventID: 5) (User: )
    Description: Error "Catastrophic failure" (0x8000ffff) in module DVRServerTools.ModuleCommunicationTcp

    Error: (12/14/2014 04:36:04 PM) (Source: SecurView Pro Server) (EventID: 5) (User: )
    Description: Error "Catastrophic failure" (0x8000ffff) in module DVRServerTools.ModuleConfiguration

    Error: (12/14/2014 04:34:40 PM) (Source: SecurView Pro Server) (EventID: 5) (User: )
    Description: Error "Catastrophic failure" (0x8000ffff) in module DVRServerTools.ModuleCommunicationTcp

    Error: (12/14/2014 04:34:39 PM) (Source: SecurView Pro Server) (EventID: 5) (User: )
    Description: Error "Catastrophic failure" (0x8000ffff) in module DVRServerTools.ModuleConfiguration

    Error: (12/14/2014 04:15:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program DVRClient.exe version 2.1.4.960 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 155c

    Start Time: 01d017e2fd2dbef5

    Termination Time: 96

    Application Path: C:\Program Files\TRENDnet\SecurView Pro\DVRClient.exe

    Report Id: 608dc63b-83d6-11e4-8536-00038a000015


    System errors:
    =============
    Error: (12/15/2014 06:45:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/15/2014 06:44:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The lxecCATSCustConnectService service failed to start due to the following error:
    %%1053

    Error: (12/15/2014 06:44:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService service to connect.

    Error: (12/14/2014 05:26:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/14/2014 05:25:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The lxecCATSCustConnectService service failed to start due to the following error:
    %%1053

    Error: (12/14/2014 05:25:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService service to connect.

    Error: (12/14/2014 05:25:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Garmin Core Update Service service failed to start due to the following error:
    %%1053

    Error: (12/14/2014 05:25:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

    Error: (12/14/2014 04:48:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/14/2014 04:47:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The lxecCATSCustConnectService service failed to start due to the following error:
    %%1053


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-11 23:16:11.007
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-11 23:16:10.168
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-11 23:16:09.504
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-11 22:58:32.182
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-11 22:58:31.982
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-11 22:58:31.774
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-11 22:58:28.833
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-11 22:58:28.632
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-11 22:58:28.425
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-11 22:35:54.590
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 Processor 3500+
    Percentage of memory in use: 51%
    Total physical RAM: 2558.55 MB
    Available physical RAM: 1232.3 MB
    Total Pagefile: 5115.4 MB
    Available Pagefile: 3417.39 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1903.26 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:178.99 GB) (Free:93.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (PRESARIO_RP) (Fixed) (Total:7.29 GB) (Free:0.35 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: CAB10BEE)
    Partition 1: (Active) - (Size=179 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=7.3 GB) - (Type=0C)

    ==================== End Of Log ============================

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Microsoft Security Essentials
    Can you uninstall that from programs an features
    We don't want 2 Anti Virus programs running.

    Next

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-2178227108-149082570-3650749505-1002 -> {1913A79D-26E4-4599-9AE5-B13BB10AAC05} URL = 
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
    2014-12-13 12:12 - 2014-12-13 12:12 - 00000336 _____ () C:\Program Files\temp995.bat
    AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD
    AlternateDataStreams: C:\Users\user\Documents\Frank Deshantz transfer papers.tiff:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\user\Documents\Frank Deshantz transfer papers.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    CMD: bitsadmin /reset /allusers
    Hosts:
    Emptytemp:
    reboot:
    end
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post
    1 Fixlog.txt
    2 AdwCleaner [SO].txt
    3 JRT.txt

    Thanks
    Joe

  5. #5
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default

    Removed Security Essentials.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Professional x86
    Ran by user on Mon 12/15/2014 at 20:18:52.38
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 12/15/2014 at 20:24:53.49
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-12-2014 01
    Ran by user at 2014-12-15 19:52:30 Run:1
    Running from C:\Users\user\Desktop
    Loaded Profile: user (Available profiles: user & Administrator)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-2178227108-149082570-3650749505-1002 -> {1913A79D-26E4-4599-9AE5-B13BB10AAC05} URL =
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
    2014-12-13 12:12 - 2014-12-13 12:12 - 00000336 _____ () C:\Program Files\temp995.bat
    AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD
    AlternateDataStreams: C:\Users\user\Documents\Frank Deshantz transfer papers.tiff:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\user\Documents\Frank Deshantz transfer papers.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    CMD: bitsadmin /reset /allusers
    Hosts:
    Emptytemp:
    reboot:
    end
    *****************

    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKU\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1913A79D-26E4-4599-9AE5-B13BB10AAC05}" => Key deleted successfully.
    "HKCR\CLSID\{1913A79D-26E4-4599-9AE5-B13BB10AAC05}" => Key not found.
    C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
    rpcapd => Service deleted successfully.
    C:\Program Files\temp995.bat => Moved successfully.
    C:\ProgramData\TEMP => ":F35A93AD" ADS removed successfully.
    "C:\Users\user\Documents\Frank Deshantz transfer papers.tiff" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
    C:\Users\user\Documents\Frank Deshantz transfer papers.tiff => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Unable to cancel {87773E39-B560-4650-AAB2-8ACA08447482}.
    Unable to cancel {EF306F56-490E-421E-9E4C-A0331EC2B45E}.
    Unable to cancel {C96B6372-285C-4C2E-AA2E-DFE0F34A7053}.
    0 out of 3 jobs canceled.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 134.8 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

    # AdwCleaner v4.103 - Report created 02/12/2014 at 22:32:15
    # Updated 01/12/2014 by Xplode
    # Database : 2014-12-02.2 [Live]
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : user - COMPAQ
    # Running from : C:\Users\user\Downloads\adwcleaner_4.103.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.17148


    -\\ Mozilla Firefox v


    *************************

    AdwCleaner[R0].txt - [793 octets] - [02/12/2014 22:29:52]
    AdwCleaner[S0].txt - [717 octets] - [02/12/2014 22:32:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [776 octets] ##########

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

    1. Close any open browsers or any other programs that are open.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

    "information and logs"

    In your next post I need the following

    Log from Combofix

  7. #7
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default

    ComboFix 14-12-14.01 - user 12/15/2014 20:49:40.1.1 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2559.1370 [GMT -5:00]
    Running from: c:\users\user\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\user\WINDOWS
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-16 to 2014-12-16 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-16 02:06 . 2014-12-16 02:06 -------- d-----w- c:\users\TEMP\AppData\Local\temp
    2014-12-16 02:06 . 2014-12-16 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-12-16 02:06 . 2014-12-16 02:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2014-12-16 01:14 . 2014-12-16 01:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5AC5C9C-8DD0-4DD7-9C7E-432F8F5E65BF}\offreg.dll
    2014-12-15 23:29 . 2014-12-16 00:54 -------- d-----w- C:\FRST
    2014-12-14 02:47 . 2014-12-14 02:47 -------- d-----w- c:\programdata\DvrTemp
    2014-12-13 03:09 . 2014-12-13 03:09 -------- d-----w- c:\users\user\AppData\Roaming\AVG2015
    2014-12-13 03:07 . 2014-12-13 03:09 -------- d-----w- c:\programdata\AVG2015
    2014-12-13 03:07 . 2014-12-13 03:07 -------- d-----w- C:\$AVG
    2014-12-13 03:07 . 2014-12-13 03:07 -------- d-----w- c:\program files\AVG
    2014-12-13 03:00 . 2014-12-16 00:51 -------- d-----w- c:\programdata\MFAData
    2014-12-13 03:00 . 2014-12-13 03:13 -------- d-----w- c:\users\user\AppData\Local\Avg2015
    2014-12-13 03:00 . 2014-12-13 03:00 -------- d-----w- c:\users\user\AppData\Local\MFAData
    2014-12-12 15:56 . 2014-12-12 15:57 -------- d-----w- C:\Malware programs
    2014-12-10 14:04 . 2014-12-10 14:04 -------- d-----w- c:\windows\system32\appraiser
    2014-12-10 13:58 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
    2014-12-10 13:42 . 2014-12-04 04:38 159744 ----a-w- c:\windows\system32\aepic.dll
    2014-12-10 13:42 . 2014-12-04 04:34 873984 ----a-w- c:\windows\system32\aeinv.dll
    2014-12-10 13:42 . 2014-12-01 23:28 1160872 ----a-w- c:\windows\system32\aitstatic.exe
    2014-12-10 13:42 . 2014-12-04 04:38 610304 ----a-w- c:\windows\system32\invagent.dll
    2014-12-10 13:42 . 2014-12-04 04:38 337920 ----a-w- c:\windows\system32\generaltel.dll
    2014-12-10 13:42 . 2014-12-04 04:38 315392 ----a-w- c:\windows\system32\devinv.dll
    2014-12-10 13:42 . 2014-12-04 04:38 202752 ----a-w- c:\windows\system32\aepdu.dll
    2014-12-10 13:42 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-12-10 13:42 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
    2014-12-10 13:41 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
    2014-12-10 13:40 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2014-12-10 13:40 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2014-12-10 13:40 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
    2014-12-10 13:40 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
    2014-12-10 13:40 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2014-12-10 01:53 . 2014-12-10 01:53 -------- d-----w- c:\program files\Tracker Software
    2014-12-03 03:29 . 2014-12-16 01:07 -------- d-----w- C:\AdwCleaner
    2014-11-25 22:14 . 2014-11-25 22:14 -------- d-----w- c:\program files\Macrium
    2014-11-25 22:08 . 2014-11-25 22:11 -------- d-----w- c:\programdata\Macrium
    2014-11-19 13:22 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-19 13:22 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-18 19:56 . 2014-11-18 19:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-16 01:44 . 2014-06-30 14:55 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-01 12:17 . 2012-04-14 02:46 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-12-01 12:17 . 2011-11-06 11:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-21 11:14 . 2014-06-30 14:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-21 11:14 . 2014-06-30 14:55 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-21 11:14 . 2011-09-16 00:01 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-03 16:17 . 2014-11-03 16:17 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-30 15:44 . 2014-10-30 15:44 152952 ----a-w- c:\windows\system32\drivers\psmounterex.sys
    2014-10-30 11:24 . 2010-01-29 05:03 229000 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-30 02:34 . 2014-10-30 02:34 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2014-10-25 01:32 . 2014-11-12 11:49 67584 ----a-w- c:\windows\system32\packager.dll
    2014-10-18 01:33 . 2014-11-12 11:49 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-14 01:56 . 2014-11-12 11:47 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 01:50 . 2014-11-12 11:47 523776 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 01:50 . 2014-11-12 11:50 2363904 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 01:50 . 2014-11-12 11:47 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 01:47 . 2014-11-12 11:47 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 01:46 . 2014-11-12 11:47 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-10 19:13 . 2014-10-10 19:13 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2014-10-10 00:45 . 2014-11-12 11:49 2379264 ----a-w- c:\windows\system32\win32k.sys
    2014-10-06 01:42 . 2014-10-06 01:42 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2014-10-03 01:44 . 2014-11-12 11:51 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-10-03 01:44 . 2014-11-12 11:51 275968 ----a-w- c:\windows\system32\EncDump.dll
    2014-10-03 01:44 . 2014-11-12 11:51 475136 ----a-w- c:\windows\system32\audiosrv.dll
    2014-10-03 01:44 . 2014-11-12 11:51 374784 ----a-w- c:\windows\system32\AudioEng.dll
    2014-10-03 01:44 . 2014-11-12 11:51 195584 ----a-w- c:\windows\system32\AudioSes.dll
    2014-09-25 01:40 . 2014-10-01 10:55 519680 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-19 09:23 . 2014-11-12 11:50 172032 ----a-w- c:\windows\system32\wdigest.dll
    2014-09-19 09:23 . 2014-11-12 11:50 65536 ----a-w- c:\windows\system32\TSpkg.dll
    2014-09-19 09:23 . 2014-11-12 11:50 248832 ----a-w- c:\windows\system32\schannel.dll
    2014-09-19 09:23 . 2014-11-12 11:50 221184 ----a-w- c:\windows\system32\ncrypt.dll
    2014-09-19 09:23 . 2014-11-12 11:50 259584 ----a-w- c:\windows\system32\msv1_0.dll
    2014-09-19 09:23 . 2014-11-12 11:50 17408 ----a-w- c:\windows\system32\credssp.dll
    2014-08-11 16:42 . 2014-08-11 16:42 15000576 ----a-w- c:\program files\Common Files\lpuninstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-08-07 20:23 233128 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-08-07 20:23 233128 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-08-07 20:23 233128 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-10-21 688984]
    "cdloader"="c:\users\user\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-11-24 6697752]
    "AOL Fast Start"="c:\program files\AOL Desktop 9.7a\AOL.EXE" [2013-09-07 72760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "IOGEAR Auto Printer Sharing Switch"="c:\program files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe" [2010-03-05 867328]
    "AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-10 3653136]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-8-11 15000576]
    USBKVM Switcher.lnk - c:\program files\USBKVM Switcher\USBKVM.exe [2013-1-28 188416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer8"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk]
    path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
    backup=c:\windows\pss\HP SimpleSave Monitor.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
    2012-08-29 18:01 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
    2014-08-07 20:23 251040 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    .
    R2 BackupService;BackupService;c:\users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2013-02-21 67104]
    R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [2010-04-14 193192]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-04 315008]
    R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [2008-08-07 905728]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2014-03-19 65232]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
    R3 splunkdrv-win6;Splunk Trace Kernel Mode Driver;c:\windows\system32\DRIVERS\splunkdrv-win6.sys [2013-02-01 31096]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1343400]
    R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-10-21 451416]
    S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-19 147736]
    S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-19 27416]
    S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2014-07-21 13528]
    S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-19 121624]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-10-30 213784]
    S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-19 21272]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-29 192792]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-11-10 3488784]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-11-10 298080]
    S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 598696]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
    S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2014-07-21 2462160]
    S2 Splunkd;Splunkd;c:\program files\Splunk\bin\splunkd.exe service [x]
    S2 Splunkweb;Splunkweb;c:\program files\Splunk\bin\splunkweb.exe [2013-02-01 19224]
    S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-28 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
    - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-28 21:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: LastPass - file://c:\users\user\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\users\user\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    ------- File Associations -------
    .
    .scr=DWGTrueViewScriptFile
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\VirtualStore\MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Favorite Movies]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-2178227108-149082570-3650749505-1002_Classes\VirtualStore\MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Recent Movies]
    @DACL=(02 0000)
    "Deep.Inside.Tawny.Roberts.2004(pornorip.net).avi"="2,c:\\Users\\user\\Documents\\Downloads\\Deep.Inside.Tawny.Roberts.2004(www.pornorip.net)\\Deep.Inside.Tawny.Roberts.2004(pornorip.net).avi"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-12-15 21:09:50
    ComboFix-quarantined-files.txt 2014-12-16 02:09
    .
    Pre-Run: 100,663,848,960 bytes free
    Post-Run: 100,357,750,784 bytes free
    .
    - - End Of File - - B3D0400BE2996B0E836AB9352FCD0365
    A36C5E4F47E84449FF07ED3517B43A31

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello Larry.,

    I don't see any Malware related issues. What issues still remain with the computer ?

    Joe

  9. #9
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default

    Hi Joe,

    I have not been using it while we are working on it so I don't know of any issues other than one. This last time I got on there was a message I have not seen before.....You are about to leave a secure connection. It is possible for others to view information you send...... Is this of any concern?

    Was there anything noteworthy that we removed?

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Was there anything noteworthy that we removed?
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    That was a restriction on Internet Explorer, so that's noteworthy.

    The rest was a basic clean up, but those basic clean ups can do wonders.

    You are about to leave a secure connection.
    Most of the time it's an informational message that you can safely ignore.

    See Here

    Let the computer run for a day, I'll leave the thread open.

    Let me know, because we still need to remove the tools we used.

    Joe

Page 1 of 3 123 LastLast