1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AppSave Ads Adware

Discussion in 'Virus & Other Malware Removal' started by BG08, Apr 10, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. BG08

    BG08 Thread Starter

    Joined:
    Mar 4, 2008
    Messages:
    19
    Not sure how this got on my system but it make use of google chrome impossible. BHO takes over everything. Puts link on all keywords and displays Ads by AppSave. Redirects user to call a tech site because computer is infected, only way to close windows is through task manager. Local IT in my company ran latest updates of Malwarebytes and Super Anti Spyware. Found some objects, quarantined them, but problem still exists. Local IT is no more help, wants to format hard drive. Thanks for your help.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
    Processor: Intel(R) Core (TM)2 Quad CPU Q9400 @ 2.66GHz, x64 Family 6
    Model 23 Stepping 10
    Processor Count: 4
    RAM: 3709 Mb
    Graphics Card: NVIDIA Quadro NVS 420, 256 Mb
    Hard Drives: C: Total - 237626 MB, Free - 97833 MB;
    Motherboard: Dell Inc., 0F428D
    Antivirus: Trend Micro OfficeScan Antivirus, Updated: Yes, On-Demand
    Scanner: Enabled
     
    BG08, Apr 10, 2015
    #1
  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi BG08,
    -------------------------------------------------------------
    Run Junkware Removal Tool
    Please download Junkware Removal Tool to your desktop.
    • Shut down/disable your antivirus now to avoid potential conflicts. Usually you can do this by right clicking the Antivirus icon in the System Tray (lower right corner of screen).
    • Run the tool by double-clicking it. If you are using Vista, Win7, or Win8, right-click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient, as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST and save to your Desktop.
    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
    askey127, Apr 11, 2015
    #2
  4. BG08

    BG08 Thread Starter

    Joined:
    Mar 4, 2008
    Messages:
    19
    While waiting for a response, I was able to run ADW Cleaner and Avast Browser Cleanup. This seemed to take care of the problem. However, when I saw your response, I ran the two tools that you mentioned. The text files are below.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.5.3 (04.07.2015:1)
    OS: Windows 7 Professional x86
    Ran by OMBLG on Mon 04/13/2015 at 7:40:19.08
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\flexnet"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 04/13/2015 at 7:42:04.42
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
    Ran by OMBLG (administrator) on OMJHM-3GC6BP1 on 13-04-2015 07:43:38
    Running from C:\Users\omblg\Downloads
    Loaded Profiles: OMBLG (Available profiles: OXBBKP & OMJKE & OMBLG & OMTJH & OMJHM & OMDAS & OMSDW & WPMDK & COCRP & WPJEM & Administrator)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    (DameWare Development LLC) C:\Windows\System32\DWRCS.EXE
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (DameWare Development) C:\Windows\System32\DWRCST.EXE
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
    (Intel Corporation) C:\Program Files\Intel\AMT\lms.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [702072 2007-05-07] (Trend Micro Inc.)
    HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
    HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
    HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\system32\DWRCST.exe [78848 2009-02-04] (DameWare Development)
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist Corporate\1055\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-01-15] (SlySoft, Inc.)
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4617600 2012-01-20] (SUPERAntiSpyware.com)
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\MountPoints2: E - E:\LaunchU3.exe -a
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\MountPoints2: {235d9465-bdc2-11e4-b72e-bc305bd13ea7} - E:\LaunchU3.exe -a
    Startup: C:\Users\omblg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizer.lnk
    ShortcutTarget: SuperOptimizer.lnk -> C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}\SuperOptimizer.exe (Super PC Tools Ltd)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
    SearchScopes: HKLM -> {E35F80B1-62BC-4064-A7AE-E6F8F8F8C32B} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2090123917-190833012-3475663718-1662 -> {E35F80B1-62BC-4064-A7AE-E6F8F8F8C32B} URL =
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-27] (Sun Microsystems, Inc.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
    BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-27] (Sun Microsystems, Inc.)
    BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
    DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://boctmc.oxbow.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
    DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://boctmc.oxbow.com:4343/officescan/console/html/ClientInstall/setup.cab
    DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://boctmc.oxbow.com:4343/officescan/console/html/root/AtxEnc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/event/ieatgpc1.cab
    Handler: WSIEChrome - No CLSID Value - []
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Tcpip\Parameters: [DhcpNameServer] 10.253.68.30 10.5.2.39

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\system32\npdeployJava1.dll [2012-04-27] (Sun Microsystems, Inc.)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-04-27] (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2090123917-190833012-3475663718-1662: @citrixonline.com/appdetectorplugin -> C:\Users\omblg\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-13] (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Users\omblg\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-12-10] (Cisco WebEx LLC)
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
    CHR Extension: (Google Drive) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
    CHR Extension: (YouTube) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
    CHR Extension: (Google Search) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
    CHR Extension: (Cisco WebEx Extension) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-12-10]
    CHR Extension: (Google Wallet) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
    CHR Extension: (Gmail) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
    CHR HKLM\...\Chrome\Extension: [nedmkhahhppfofnniinaggmabnngddjk] - C:\Program Files\LinkiDoo\nedmkhahhppfofnniinaggmabnngddjk.crx [Not Found]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
    R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
    R2 DWMRCS; C:\Windows\SYSTEM32\DWRCS.EXE [234496 2009-02-04] (DameWare Development LLC) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-04-12] (Flexera Software, Inc.)
    S3 GoToAssist; C:\Program Files\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2014-11-13] (Citrix Online, a division of Citrix Systems, Inc.)
    S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-02-08] (Hewlett-Packard) [File not signed]
    S2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [771704 2007-05-07] (Trend Micro Inc.)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-02-08] (Hewlett-Packard) [File not signed]
    S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
    S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
    S2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [796280 2007-05-07] (Trend Micro Inc.)
    S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
    R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
    R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
    R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [205328 2008-05-02] (Trend Micro Inc.)
    R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36368 2008-05-02] (Trend Micro Inc.)
    S2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1169240 2008-05-02] (Trend Micro Inc.)
    S4 LMIRfsClientNP; No ImagePath
    S0 PBADRV; system32\DRIVERS\PBADRV.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-13 07:43 - 2015-04-13 07:44 - 00018535 _____ () C:\Users\omblg\Downloads\FRST.txt
    2015-04-13 07:43 - 2015-04-13 07:43 - 01135616 _____ (Farbar) C:\Users\omblg\Downloads\FRST.exe
    2015-04-13 07:43 - 2015-04-13 07:43 - 00000000 ____D () C:\FRST
    2015-04-13 07:42 - 2015-04-13 07:42 - 00000820 _____ () C:\Users\omblg\Desktop\JRT.txt
    2015-04-13 07:40 - 2015-04-13 07:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OMJHM-3GC6BP1-Windows-7-Professional-(32-bit).dat
    2015-04-13 07:40 - 2015-04-13 07:40 - 00000000 ____D () C:\RegBackup
    2015-04-13 07:34 - 2015-04-13 07:34 - 02686959 _____ (Thisisu) C:\Users\omblg\Downloads\JRT.exe
    2015-04-10 13:57 - 2015-04-10 13:57 - 00509440 _____ (Tech Support Guy System) C:\Users\omblg\Downloads\SysInfo.exe
    2015-04-10 13:05 - 2015-04-10 13:05 - 00000000 ____D () C:\ProgramData\New folder
    2015-04-10 10:02 - 2015-04-13 06:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-10 10:02 - 2015-04-10 10:02 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-04-10 10:02 - 2015-04-10 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-10 10:02 - 2015-04-10 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-04-10 10:02 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-04-10 10:02 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-04-10 09:59 - 2015-04-10 10:02 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Malwarebytes
    2015-04-10 09:59 - 2015-04-10 09:59 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\SUPERAntiSpyware.com
    2015-04-10 09:58 - 2015-04-10 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2015-04-10 09:58 - 2015-04-10 09:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-04-10 09:58 - 2015-04-10 09:58 - 00001963 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-04-10 09:58 - 2015-04-10 09:58 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2015-04-10 09:58 - 2015-04-10 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-04-10 09:58 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-04-10 07:36 - 2015-04-10 12:44 - 00000020 _____ () C:\Users\omblg\AppData\Roaming\appdataFr3.bin
    2015-04-09 03:38 - 2015-04-09 03:38 - 00000000 ____D () C:\Program Files\TransferBigFilescom Gmail Extension
    2015-04-04 03:00 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-03-31 08:03 - 2015-03-31 08:04 - 05761024 _____ () C:\Users\omblg\Downloads\SafetyTargetFall Protection2008.ppt
    2015-03-31 07:57 - 2015-03-31 07:57 - 00000291 _____ () C:\Users\omblg\Downloads\fallprotect.wvx
    2015-03-31 07:54 - 2015-03-31 07:54 - 00000266 _____ () C:\Users\omblg\Downloads\tieoff.wvx
    2015-03-27 09:04 - 2015-03-27 09:04 - 01126489 _____ () C:\Users\omblg\Documents\Map 5 TCC.bak
    2015-03-27 07:46 - 2015-03-27 09:58 - 01181016 _____ () C:\Users\omblg\Documents\Map 5 TCC.dwg
    2015-03-25 00:06 - 2015-03-10 21:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-03-25 00:06 - 2015-03-10 21:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-03-25 00:06 - 2015-03-10 21:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-03-24 11:56 - 2015-03-24 11:56 - 00009489 _____ () C:\Users\omblg\Downloads\Schedule43231-ALLCLUBHOMEExport.xls
    2015-03-20 13:35 - 2015-03-20 13:35 - 00026788 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (4).xls
    2015-03-20 08:17 - 2015-03-20 08:17 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Serif
    2015-03-20 08:09 - 2015-03-20 08:09 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PhotoPlus Starter Edition.lnk
    2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
    2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\Program Files\Serif
    2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
    2015-03-20 08:05 - 2015-03-20 08:05 - 118250544 _____ (Serif (Europe) Ltd., [email protected]) C:\Users\omblg\Downloads\ESDPK-HLX5-PhotoPlusSE_Downloader_Setup-EN-irnsrc3.exe
    2015-03-20 08:05 - 2015-03-20 08:05 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\0S1P1C1L1O
    2015-03-20 07:59 - 2015-03-20 08:16 - 00000000 ____D () C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}
    2015-03-20 07:57 - 2015-03-20 07:58 - 00842296 _____ ( ) C:\Users\omblg\Downloads\HLX5-PhotoPlus-SE-Installer-EN.exe
    2015-03-19 11:22 - 2015-03-19 11:22 - 00026752 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (3).xls
    2015-03-17 15:36 - 2015-03-17 15:36 - 00026066 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (2).xls
    2015-03-17 09:24 - 2015-03-17 09:24 - 00025887 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (1).xls
    2015-03-16 10:43 - 2015-03-16 10:43 - 00025887 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport.xls

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-13 07:19 - 2014-01-07 09:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-13 07:17 - 2009-07-13 22:55 - 02045268 _____ () C:\Windows\WindowsUpdate.log
    2015-04-13 05:56 - 2011-02-01 14:51 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-04-13 04:53 - 2013-01-28 13:10 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-04-13 00:19 - 2014-01-07 09:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-12 11:01 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-12 11:01 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-10 14:40 - 2011-01-25 17:50 - 00797150 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-10 14:37 - 2015-01-21 12:16 - 00000125 ___SH () C:\ProgramData\.zreglib
    2015-04-10 14:36 - 2014-11-13 11:30 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-04-10 14:36 - 2014-11-13 11:30 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-04-10 14:35 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-10 14:35 - 2009-07-13 22:39 - 00046618 _____ () C:\Windows\setupact.log
    2015-04-10 14:34 - 2012-09-22 03:18 - 00009506 _____ () C:\Windows\TMFilter.log
    2015-04-10 13:11 - 2011-01-25 19:40 - 00215384 _____ () C:\Windows\PFRO.log
    2015-04-10 12:59 - 2014-11-13 11:31 - 00000000 ____D () C:\Users\omblg\AppData\Local\LogMeInIgnition
    2015-04-10 11:54 - 2014-06-11 09:53 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Real
    2015-04-10 11:54 - 2014-01-07 09:32 - 00000000 ____D () C:\ProgramData\Real
    2015-04-10 09:58 - 2012-08-30 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-04-10 09:47 - 2013-01-28 13:10 - 00000000 ____D () C:\Program Files\LogMeIn
    2015-04-06 13:46 - 2014-11-11 09:50 - 00000000 ____D () C:\Users\omblg\Documents\Personal
    2015-04-03 10:20 - 2014-01-07 09:37 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-02 15:51 - 2014-12-18 16:58 - 00000931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-04-02 15:51 - 2014-12-18 16:58 - 00000919 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-04-02 15:51 - 2014-12-18 16:58 - 00000000 ____D () C:\Program Files\TeamViewer
    2015-03-30 18:41 - 2012-05-01 08:50 - 00010932 __RSH () C:\Users\omblg\ntuser.pol
    2015-03-30 18:41 - 2012-05-01 08:50 - 00000000 ____D () C:\Users\omblg
    2015-03-28 03:35 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-03-28 03:24 - 2014-11-11 10:18 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\TeamViewer
    2015-03-27 09:59 - 2014-11-11 09:41 - 00001589 _____ () C:\Users\omblg\Documents\plot.log
    2015-03-25 03:15 - 2014-12-11 04:35 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-03-25 03:15 - 2014-09-02 13:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-03-24 13:01 - 2015-03-02 10:48 - 00000000 ____D () C:\Users\omblg\AppData\Local\WinZip

    ==================== Files in the root of some directories =======

    2015-04-10 07:36 - 2015-04-10 12:44 - 0000020 _____ () C:\Users\omblg\AppData\Roaming\appdataFr3.bin
    2015-01-21 12:16 - 2015-04-10 14:37 - 0000125 ___SH () C:\ProgramData\.zreglib
    2012-04-12 10:09 - 2012-04-12 10:09 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    ZeroAccess:
    C:\Windows\Installer\{36e98b7d-841b-f0c5-0ecb-4d9390dd1f73}

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-2090123917-190833012-3475663718-1672\$36e98b7d841bf0c50ecb4d9390dd1f73

    ZeroAccess:
    C:\Users\omjhm\AppData\Local\{36e98b7d-841b-f0c5-0ecb-4d9390dd1f73}

    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\MSN8CB6.exe
    C:\Users\omblg\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
    C:\Users\omblg\AppData\Local\Temp\Quarantine.exe
    C:\Users\omblg\AppData\Local\Temp\sqlite3.dll
    C:\Users\omblg\AppData\Local\Temp\supoptsetup.exe
    C:\Users\omjhm\AppData\Local\Temp\2jfuweif.exe
    C:\Users\omjhm\AppData\Local\Temp\AcDeltree.exe
    C:\Users\omjhm\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\omjhm\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
    C:\Users\omjhm\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
    C:\Users\omjhm\AppData\Local\Temp\lowproc.exe
    C:\Users\omjhm\AppData\Local\Temp\nss1723.tmp.tbProd.dll
    C:\Users\omjhm\AppData\Local\Temp\SearchWithGoogleUpdate.exe
    C:\Users\omjhm\AppData\Local\Temp\setup.exe
    C:\Users\omjhm\AppData\Local\Temp\stubhelper.dll
    C:\Users\omjke\AppData\Local\Temp\FNP_ACT_InstallerCA.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


    LastRegBack: 2015-04-04 00:10

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2015
    Ran by OMBLG at 2015-04-13 07:44:19
    Running from C:\Users\omblg\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
    AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 13.1.1 - Hewlett-Packard) Hidden
    Adobe Acrobat 9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
    AnyDVD (HKLM\...\AnyDVD) (Version: 7.5.7.0 - SlySoft)
    AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
    AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
    AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
    Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
    Autodesk Content Service (Version: 3.0.84.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (Version: 3.0.84.0 - Autodesk) Hidden
    Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
    Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
    BioAPI Framework (HKLM\...\{AF7E4468-E364-4991-BC2A-6E8293E1055B}) (Version: 1.0.1 - Dell Inc.)
    Brother's Keeper 6.6 (HKLM\...\Brother's Keeper 6.6) (Version: - )
    Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
    Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
    CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
    CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
    Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
    DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
    FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
    Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
    Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 11.1.0.1055 - Citrix Online, a division of Citrix Systems, Inc.)
    Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Network Connections 15.2.89.0 (HKLM\...\PROSetDX) (Version: 15.2.89.0 - Dell)
    Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
    Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
    Java(TM) 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
    LogMeIn (HKLM\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
    MacX DVD Ripper Pro For Windows 7.6.4 (HKLM\...\MacX DVD Ripper Pro For Windows_is1) (Version: - Digiarty Software, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
    NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.00 - NVIDIA Corporation)
    Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
    PhotoPlus Starter Edition Packages (HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\PhotoPlus Starter Edition Packages) (Version: - ) <==== ATTENTION
    PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
    Serif PhotoPlus Starter Edition 3 (HKLM\...\{5DF61899-B4D4-4CD5-9F3D-78ADBBF7DC2A}) (Version: 3.0.0.008 - Serif (Europe) Ltd)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
    TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
    Trend Micro OfficeScan Client (HKLM\...\OfficeScanNT) (Version: - )
    UPEK TouchChip Fingerprint Reader (HKLM\...\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}) (Version: 1.2.0 - Dell Inc.)
    WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinX DVD Ripper 5.6.0 (HKLM\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.)
    WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2090123917-190833012-3475663718-1662_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2090123917-190833012-3475663718-1662_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2090123917-190833012-3475663718-1662_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)

    ==================== Restore Points =========================

    20-03-2015 08:07:44 Installed Serif PhotoPlus Starter Edition 3
    24-03-2015 02:49:33 Windows Update
    25-03-2015 03:00:12 Windows Update
    28-03-2015 03:00:15 Windows Update
    03-04-2015 02:21:23 Windows Update
    04-04-2015 03:00:14 Windows Update
    10-04-2015 02:21:24 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {008054AE-2332-44E0-BE3D-744397CC4B5D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2090123917-190833012-3475663718-1672 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {1CEE4AD7-8D30-4CBD-8369-9B3935C3D895} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {43265A3B-0499-4C9D-8E7C-1FD181FF329E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2090123917-190833012-3475663718-1672 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {5E120666-5FC4-4301-8DCF-20DCD0C8CD83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
    Task: {941965E3-99E4-4802-8484-9F8491FEB683} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {A51F6398-EA19-40C8-9395-B7E2FDE9E4D6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {EF6DD827-A1D8-4ED2-9CCE-C8C2D0934E20} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {F753EA49-C9D6-4067-8DE0-DE6838BD44EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
    Task: {FBE29A8D-9157-4F2B-B5F1-B0CFA497D7E8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
    2015-04-03 10:20 - 2015-03-30 15:07 - 01174856 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
    2015-04-03 10:20 - 2015-03-30 15:07 - 00080200 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\libegl.dll
    2015-04-03 10:20 - 2015-03-30 15:07 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows\system32\Drivers\ahbnlgvg.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\alscwwjs.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\avoxiuxj.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\avvqdonk.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\blqjrscj.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\bnmenzpg.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\ccwetpxz.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\dnerbkmo.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\dxibwdgd.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\evlxjdri.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\gfbgcafy.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\ggzzfdsn.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\gmdtuoma.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\gnwomxjv.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\gwwubkmd.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\hmahlzmv.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\ibgasucc.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\ikynyidu.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\iselpbvz.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\iwudvajj.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\jghacamt.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\jhnekwke.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\jhphdzpd.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\jkcmglai.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\kyyqjank.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\lcaczqhl.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\lusiyczm.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\mdntzmig.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\momznddd.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\ngojzaur.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\niajyyjh.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\nvqtzzir.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\osbqvzpv.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\phpvrlpv.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\piqahlxj.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\pjaebock.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\pkhfbcse.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\pnyxknhr.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\qizvxbue.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\qjrwcusk.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\qnbvwjxh.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\qvtmlsgj.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\revtgjhv.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\rhvbkcwn.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\rszqyoee.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\rwhlhlfg.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\sthwhxox.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\tritubnu.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\ttsxiznr.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\urlvnbxz.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\urxncmjn.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\vgjhcrdu.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\vsnenzwp.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\vugfarqv.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\vuuicamr.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\wfhncouo.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\wjryhzhd.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\wqgfpuzu.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\xkrjamou.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\xoatwmzi.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\xzjvaiwv.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\ysuxhghn.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\zeeweeth.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\zmaumofr.sys:changelist
    AlternateDataStreams: C:\Windows\system32\Drivers\zsisnyoc.sys:changelist

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Control Panel\Desktop\\Wallpaper -> C:\Users\omblg\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 10.253.68.30 - 10.5.2.39

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    MSCONFIG\startupreg: DameWare MRC Agent => C:\Windows\system32\DWRCST.exe
    MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
    MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
    MSCONFIG\startupreg: picon => "C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe" -startup
    MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
    MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-319076873-3345597711-2242175296-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-319076873-3345597711-2242175296-501 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
    Percentage of memory in use: 39%
    Total physical RAM: 3709.59 MB
    Available physical RAM: 2247.82 MB
    Total Pagefile: 7417.48 MB
    Available Pagefile: 5798.2 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1891.57 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:232.06 GB) (Free:94.63 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.8 GB) (Disk ID: 77E3ED41)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
    BG08, Apr 13, 2015
    #3
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    BG08,
    ------------------------------------------------
    Remove A Program Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click this Entry, if it exists, choose Uninstall, and give permission to Continue:

    Java(TM) 6 Update 32
    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ------------------------------------------------------------
    You may want to read here before you decide whether to keep Java on your system:
    http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

    If You Decide to Keep it, Download and Install the latest version of Java Runtime Environment from here :
    http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html, and install it to your computer.
    If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
    Check the button to agree to the license.
    Select the link for your Platform jre-8u40-windows-i586.exe for 32-bit, and click it.
    Download it, choose Save, and save it to your desktop.
    Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

    During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
    When it finishes, you can remove the Installer from your desktop.
    (I don't have any Java on my system).
    --------------------------------------------------------
    Download and Install the newest version of Adobe Reader for reading pdf files
    There are security vulnerabilities in earlier versions of both Reader and Acrobat Pro. All versions numbered lower than 11.0.10 are vulnerable.
    Go HERE to download the Installer AdbeRdr11008_en_US.exe .
    Save the file to your desktop and run it to install the latest version of Adobe Reader.
    Always be careful to UNCHECK any offer for toolbars, helpers or other "partner" Free programs
    After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
    Click on Edit and select Preferences.
    On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    Click on the Security (Enhanced) category
    Uncheck Automatically trust sites from my Win OS security zones, and under Protected View, click on Files from potentially unsafe locations.
    Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    Click the OK button
    When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
    When it finishes, you can remove the Installer from your desktop.
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.
    -----------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST.exe on your desktop to launch it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
    • Please post the contents in your next reply.
    This machine kinda looks like a work machine. Any comments about that?
    askey127
     
    askey127, Apr 13, 2015
    #4
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Attached FixList is here
     

    Attached Files:

    askey127, Apr 13, 2015
    #5
  7. BG08

    BG08 Thread Starter

    Joined:
    Mar 4, 2008
    Messages:
    19
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-04-2015
    Ran by OMBLG at 2015-04-13 10:54:04 Run:1
    Running from C:\Users\omblg\Desktop
    Loaded Profiles: OMBLG (Available profiles: OXBBKP & OMJKE & OMBLG & OMTJH & OMJHM & OMDAS & OMSDW & WPMDK & COCRP & WPJEM & Administrator)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
    HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    C:\Program Files\Common Files\Wondershare

    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DelaypluginInstall => value deleted successfully.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

    "C:\Program Files\Common Files\Wondershare" directory move:

    Could not move "C:\Program Files\Common Files\Wondershare" directory. => Scheduled to move on reboot.


    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-13 10:57:27)<=

    C:\Program Files\Common Files\Wondershare => Is moved successfully.

    ==== End of Fixlog 10:57:27 ====

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
    Ran by OMBLG (administrator) on OMJHM-3GC6BP1 on 13-04-2015 11:00:19
    Running from C:\Users\omblg\Desktop
    Loaded Profiles: OMBLG (Available profiles: OXBBKP & OMJKE & OMBLG & OMTJH & OMJHM & OMDAS & OMSDW & WPMDK & COCRP & WPJEM & Administrator)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    (DameWare Development LLC) C:\Windows\System32\DWRCS.EXE
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    (Trend Micro Inc.) C:\Windows\Temp\PT4E7.EXE
    (DameWare Development) C:\Windows\System32\DWRCST.EXE
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Super PC Tools Ltd) C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}\SuperOptimizer.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files\Intel\AMT\lms.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
    (Farbar) C:\Users\omblg\Desktop\FRST (1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [702072 2007-05-07] (Trend Micro Inc.)
    HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
    HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\system32\DWRCST.exe [78848 2009-02-04] (DameWare Development)
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist Corporate\1055\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-01-15] (SlySoft, Inc.)
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4617600 2012-01-20] (SUPERAntiSpyware.com)
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\MountPoints2: E - E:\LaunchU3.exe -a
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\MountPoints2: {235d9465-bdc2-11e4-b72e-bc305bd13ea7} - E:\LaunchU3.exe -a
    Startup: C:\Users\omblg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizer.lnk
    ShortcutTarget: SuperOptimizer.lnk -> C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}\SuperOptimizer.exe (Super PC Tools Ltd)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
    HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
    SearchScopes: HKLM -> {E35F80B1-62BC-4064-A7AE-E6F8F8F8C32B} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2090123917-190833012-3475663718-1662 -> {E35F80B1-62BC-4064-A7AE-E6F8F8F8C32B} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
    BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
    DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://boctmc.oxbow.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
    DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://boctmc.oxbow.com:4343/officescan/console/html/ClientInstall/setup.cab
    DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://boctmc.oxbow.com:4343/officescan/console/html/root/AtxEnc.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/event/ieatgpc1.cab
    Handler: WSIEChrome - No CLSID Value - []
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Tcpip\Parameters: [DhcpNameServer] 10.253.68.30 10.5.2.39

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\system32\npdeployJava1.dll [2012-04-27] (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2090123917-190833012-3475663718-1662: @citrixonline.com/appdetectorplugin -> C:\Users\omblg\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-13] (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Users\omblg\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-12-10] (Cisco WebEx LLC)
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
    CHR Extension: (Google Drive) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
    CHR Extension: (YouTube) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
    CHR Extension: (Google Search) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
    CHR Extension: (Cisco WebEx Extension) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-12-10]
    CHR Extension: (Google Wallet) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
    CHR Extension: (Gmail) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
    CHR HKLM\...\Chrome\Extension: [nedmkhahhppfofnniinaggmabnngddjk] - C:\Program Files\LinkiDoo\nedmkhahhppfofnniinaggmabnngddjk.crx [Not Found]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
    R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
    R2 DWMRCS; C:\Windows\SYSTEM32\DWRCS.EXE [234496 2009-02-04] (DameWare Development LLC) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-04-12] (Flexera Software, Inc.)
    S3 GoToAssist; C:\Program Files\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2014-11-13] (Citrix Online, a division of Citrix Systems, Inc.)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-02-08] (Hewlett-Packard) [File not signed]
    R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [771704 2007-05-07] (Trend Micro Inc.)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-02-08] (Hewlett-Packard) [File not signed]
    S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
    S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
    R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [796280 2007-05-07] (Trend Micro Inc.)
    R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
    R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
    R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
    R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-04-13] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [205328 2008-05-02] (Trend Micro Inc.)
    R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36368 2008-05-02] (Trend Micro Inc.)
    R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1169240 2008-05-02] (Trend Micro Inc.)
    S4 LMIRfsClientNP; No ImagePath
    S0 PBADRV; system32\DRIVERS\PBADRV.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-13 10:48 - 2015-04-13 10:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-04-13 10:48 - 2015-04-13 10:48 - 00001991 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2015-04-13 10:21 - 2015-04-13 10:21 - 01135616 _____ (Farbar) C:\Users\omblg\Desktop\FRST (1).exe
    2015-04-13 08:32 - 2015-04-13 08:32 - 00000000 ____D () C:\ProgramData\FLEXnet
    2015-04-13 08:28 - 2015-04-13 08:28 - 00907848 _____ () C:\Users\omblg\Downloads\players.xls
    2015-04-13 07:45 - 2015-04-13 11:00 - 00018944 _____ () C:\Users\omblg\Desktop\FRST.txt
    2015-04-13 07:45 - 2015-04-13 07:45 - 00022152 _____ () C:\Users\omblg\Desktop\Addition.txt
    2015-04-13 07:44 - 2015-04-13 07:44 - 00022152 _____ () C:\Users\omblg\Downloads\Addition.txt
    2015-04-13 07:43 - 2015-04-13 11:00 - 00000000 ____D () C:\FRST
    2015-04-13 07:43 - 2015-04-13 07:44 - 00030322 _____ () C:\Users\omblg\Downloads\FRST.txt
    2015-04-13 07:43 - 2015-04-13 07:43 - 01135616 _____ (Farbar) C:\Users\omblg\Downloads\FRST.exe
    2015-04-13 07:42 - 2015-04-13 07:42 - 00000820 _____ () C:\Users\omblg\Desktop\JRT.txt
    2015-04-13 07:40 - 2015-04-13 07:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OMJHM-3GC6BP1-Windows-7-Professional-(32-bit).dat
    2015-04-13 07:40 - 2015-04-13 07:40 - 00000000 ____D () C:\RegBackup
    2015-04-13 07:34 - 2015-04-13 07:34 - 02686959 _____ (Thisisu) C:\Users\omblg\Downloads\JRT.exe
    2015-04-10 13:57 - 2015-04-10 13:57 - 00509440 _____ (Tech Support Guy System) C:\Users\omblg\Downloads\SysInfo.exe
    2015-04-10 13:05 - 2015-04-10 13:05 - 00000000 ____D () C:\ProgramData\New folder
    2015-04-10 10:02 - 2015-04-13 10:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-10 10:02 - 2015-04-10 10:02 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-04-10 10:02 - 2015-04-10 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-10 10:02 - 2015-04-10 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-04-10 10:02 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-04-10 10:02 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-04-10 09:59 - 2015-04-10 10:02 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Malwarebytes
    2015-04-10 09:59 - 2015-04-10 09:59 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\SUPERAntiSpyware.com
    2015-04-10 09:58 - 2015-04-10 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2015-04-10 09:58 - 2015-04-10 09:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-04-10 09:58 - 2015-04-10 09:58 - 00001963 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-04-10 09:58 - 2015-04-10 09:58 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2015-04-10 09:58 - 2015-04-10 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-04-10 09:58 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-04-10 07:36 - 2015-04-10 12:44 - 00000020 _____ () C:\Users\omblg\AppData\Roaming\appdataFr3.bin
    2015-04-09 03:38 - 2015-04-09 03:38 - 00000000 ____D () C:\Program Files\TransferBigFilescom Gmail Extension
    2015-04-04 03:00 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-03-31 08:03 - 2015-03-31 08:04 - 05761024 _____ () C:\Users\omblg\Downloads\SafetyTargetFall Protection2008.ppt
    2015-03-31 07:57 - 2015-03-31 07:57 - 00000291 _____ () C:\Users\omblg\Downloads\fallprotect.wvx
    2015-03-31 07:54 - 2015-03-31 07:54 - 00000266 _____ () C:\Users\omblg\Downloads\tieoff.wvx
    2015-03-27 09:04 - 2015-03-27 09:04 - 01126489 _____ () C:\Users\omblg\Documents\Map 5 TCC.bak
    2015-03-27 07:46 - 2015-03-27 09:58 - 01181016 _____ () C:\Users\omblg\Documents\Map 5 TCC.dwg
    2015-03-25 00:06 - 2015-03-10 21:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-03-25 00:06 - 2015-03-10 21:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-03-25 00:06 - 2015-03-10 21:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-03-25 00:06 - 2015-03-10 21:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-03-24 11:56 - 2015-03-24 11:56 - 00009489 _____ () C:\Users\omblg\Downloads\Schedule43231-ALLCLUBHOMEExport.xls
    2015-03-20 13:35 - 2015-03-20 13:35 - 00026788 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (4).xls
    2015-03-20 08:17 - 2015-03-20 08:17 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Serif
    2015-03-20 08:09 - 2015-03-20 08:09 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PhotoPlus Starter Edition.lnk
    2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
    2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\Program Files\Serif
    2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
    2015-03-20 08:05 - 2015-03-20 08:05 - 118250544 _____ (Serif (Europe) Ltd., [email protected]) C:\Users\omblg\Downloads\ESDPK-HLX5-PhotoPlusSE_Downloader_Setup-EN-irnsrc3.exe
    2015-03-20 08:05 - 2015-03-20 08:05 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\0S1P1C1L1O
    2015-03-20 07:59 - 2015-03-20 08:16 - 00000000 ____D () C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}
    2015-03-20 07:57 - 2015-03-20 07:58 - 00842296 _____ ( ) C:\Users\omblg\Downloads\HLX5-PhotoPlus-SE-Installer-EN.exe
    2015-03-19 11:22 - 2015-03-19 11:22 - 00026752 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (3).xls
    2015-03-17 15:36 - 2015-03-17 15:36 - 00026066 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (2).xls
    2015-03-17 09:24 - 2015-03-17 09:24 - 00025887 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (1).xls
    2015-03-16 10:43 - 2015-03-16 10:43 - 00025887 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport.xls

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-13 11:00 - 2011-01-25 17:50 - 00797150 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-13 10:57 - 2015-01-21 12:16 - 00000125 ___SH () C:\ProgramData\.zreglib
    2015-04-13 10:57 - 2014-01-07 09:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-13 10:56 - 2011-02-02 07:45 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-04-13 10:56 - 2011-02-01 14:51 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-04-13 10:55 - 2014-11-13 11:30 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-04-13 10:55 - 2014-11-13 11:30 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-04-13 10:55 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-13 10:55 - 2009-07-13 22:39 - 00046730 _____ () C:\Windows\setupact.log
    2015-04-13 10:54 - 2012-09-22 03:18 - 00009572 _____ () C:\Windows\TMFilter.log
    2015-04-13 10:54 - 2009-07-13 22:55 - 02066908 _____ () C:\Windows\WindowsUpdate.log
    2015-04-13 10:54 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-04-13 10:50 - 2014-06-11 09:53 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Adobe
    2015-04-13 10:50 - 2011-02-02 10:05 - 00000000 ____D () C:\ProgramData\Adobe
    2015-04-13 10:48 - 2013-07-30 10:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-04-13 10:48 - 2013-07-30 10:09 - 00000000 ____D () C:\Program Files\Adobe
    2015-04-13 10:22 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-13 10:22 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-13 10:19 - 2014-01-07 09:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-13 04:53 - 2013-01-28 13:10 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-04-10 13:11 - 2011-01-25 19:40 - 00215384 _____ () C:\Windows\PFRO.log
    2015-04-10 12:59 - 2014-11-13 11:31 - 00000000 ____D () C:\Users\omblg\AppData\Local\LogMeInIgnition
    2015-04-10 11:54 - 2014-06-11 09:53 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Real
    2015-04-10 11:54 - 2014-01-07 09:32 - 00000000 ____D () C:\ProgramData\Real
    2015-04-10 09:58 - 2012-08-30 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-04-10 09:47 - 2013-01-28 13:10 - 00000000 ____D () C:\Program Files\LogMeIn
    2015-04-06 13:46 - 2014-11-11 09:50 - 00000000 ____D () C:\Users\omblg\Documents\Personal
    2015-04-03 10:20 - 2014-01-07 09:37 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-02 15:51 - 2014-12-18 16:58 - 00000931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-04-02 15:51 - 2014-12-18 16:58 - 00000919 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-04-02 15:51 - 2014-12-18 16:58 - 00000000 ____D () C:\Program Files\TeamViewer
    2015-03-30 18:41 - 2012-05-01 08:50 - 00010932 __RSH () C:\Users\omblg\ntuser.pol
    2015-03-30 18:41 - 2012-05-01 08:50 - 00000000 ____D () C:\Users\omblg
    2015-03-28 03:35 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-03-28 03:24 - 2014-11-11 10:18 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\TeamViewer
    2015-03-27 09:59 - 2014-11-11 09:41 - 00001589 _____ () C:\Users\omblg\Documents\plot.log
    2015-03-25 03:15 - 2014-12-11 04:35 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-03-25 03:15 - 2014-09-02 13:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-03-24 13:01 - 2015-03-02 10:48 - 00000000 ____D () C:\Users\omblg\AppData\Local\WinZip

    ==================== Files in the root of some directories =======

    2015-04-10 07:36 - 2015-04-10 12:44 - 0000020 _____ () C:\Users\omblg\AppData\Roaming\appdataFr3.bin
    2015-01-21 12:16 - 2015-04-13 10:57 - 0000125 ___SH () C:\ProgramData\.zreglib
    2012-04-12 10:09 - 2012-04-12 10:09 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    ZeroAccess:
    C:\Windows\Installer\{36e98b7d-841b-f0c5-0ecb-4d9390dd1f73}

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-2090123917-190833012-3475663718-1672\$36e98b7d841bf0c50ecb4d9390dd1f73

    ZeroAccess:
    C:\Users\omjhm\AppData\Local\{36e98b7d-841b-f0c5-0ecb-4d9390dd1f73}

    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\MSN8CB6.exe
    C:\Users\omblg\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
    C:\Users\omblg\AppData\Local\Temp\Quarantine.exe
    C:\Users\omblg\AppData\Local\Temp\sqlite3.dll
    C:\Users\omblg\AppData\Local\Temp\supoptsetup.exe
    C:\Users\omjhm\AppData\Local\Temp\2jfuweif.exe
    C:\Users\omjhm\AppData\Local\Temp\AcDeltree.exe
    C:\Users\omjhm\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\omjhm\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
    C:\Users\omjhm\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
    C:\Users\omjhm\AppData\Local\Temp\lowproc.exe
    C:\Users\omjhm\AppData\Local\Temp\nss1723.tmp.tbProd.dll
    C:\Users\omjhm\AppData\Local\Temp\SearchWithGoogleUpdate.exe
    C:\Users\omjhm\AppData\Local\Temp\setup.exe
    C:\Users\omjhm\AppData\Local\Temp\stubhelper.dll
    C:\Users\omjke\AppData\Local\Temp\FNP_ACT_InstallerCA.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


    LastRegBack: 2015-04-04 00:10

    ==================== End Of Log ============================


    Followed all of your directions. This machine is a work machine. Is that an inappropriate use of the forum or why do you ask?
     
    BG08, Apr 13, 2015
    #6
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    BG08,
    You will need to run TDSSKiller on the machine. It has some defects related to a ZeroAccess infection.

    Sorry, but I will not be allowed to help further, by forum policy.
    Note here: http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html
    askey127
     
    askey127, Apr 13, 2015
    #7
  9. BG08

    BG08 Thread Starter

    Joined:
    Mar 4, 2008
    Messages:
    19
    askey,

    Thanks for your help. I actually read that sticky before posting but totally looked right over the bold type about corporate computers. I appreciate your knowledge and help. My IT department is more of a replace rather than repair. I apologize for violating the rules.
     
    BG08, Apr 13, 2015
    #8
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    Since we can't help any further on this computer I'm closing this thread.
     
    Cookiegal, Apr 13, 2015
    #9

  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - AppSave Adware
  1. TheSuccMaster

    In Progress I have Adware on my computer how do I remove it?

    TheSuccMaster, Nov 1, 2019, in forum: Virus & Other Malware Removal
    Replies:
    1
    Views:
    556
    iMacg3
    Nov 1, 2019
  2. kbtechhelp

    In Progress Adware (possibly) on Android phone

    kbtechhelp, Oct 8, 2019, in forum: Virus & Other Malware Removal
    Replies:
    3
    Views:
    416
    iMacg3
    Oct 9, 2019
  3. vinaybirhman

    In Progress Adware Adware:JS/InjectorAd.A

    vinaybirhman, Sep 3, 2019, in forum: Virus & Other Malware Removal
    Replies:
    12
    Views:
    1,753
    iMacg3
    Sep 6, 2019
  4. nekoshoyo

    In Progress Google adware

    nekoshoyo, Jul 9, 2019, in forum: Virus & Other Malware Removal
    Replies:
    17
    Views:
    2,141
    iMacg3
    Jul 27, 2019
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1146377

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice