AppSave Ads Adware

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
B

BG08

Thread Starter
Joined
Mar 4, 2008
Messages
19
Not sure how this got on my system but it make use of google chrome impossible. BHO takes over everything. Puts link on all keywords and displays Ads by AppSave. Redirects user to call a tech site because computer is infected, only way to close windows is through task manager. Local IT in my company ran latest updates of Malwarebytes and Super Anti Spyware. Found some objects, quarantined them, but problem still exists. Local IT is no more help, wants to format hard drive. Thanks for your help.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: Intel(R) Core (TM)2 Quad CPU Q9400 @ 2.66GHz, x64 Family 6
Model 23 Stepping 10
Processor Count: 4
RAM: 3709 Mb
Graphics Card: NVIDIA Quadro NVS 420, 256 Mb
Hard Drives: C: Total - 237626 MB, Free - 97833 MB;
Motherboard: Dell Inc., 0F428D
Antivirus: Trend Micro OfficeScan Antivirus, Updated: Yes, On-Demand
Scanner: Enabled
 
askey127

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
Hi BG08,
-------------------------------------------------------------
Run Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.
  • Shut down/disable your antivirus now to avoid potential conflicts. Usually you can do this by right clicking the Antivirus icon in the System Tray (lower right corner of screen).
  • Run the tool by double-clicking it. If you are using Vista, Win7, or Win8, right-click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient, as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply.
-----------------------------------------------------------
Download and Run the Farbar Scan Tool
  • Download FRST and save to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST.exe
Feel free to use separate replies if it's more convenient.

askey127
 
B

BG08

Thread Starter
Joined
Mar 4, 2008
Messages
19
While waiting for a response, I was able to run ADW Cleaner and Avast Browser Cleanup. This seemed to take care of the problem. However, when I saw your response, I ran the two tools that you mentioned. The text files are below.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Professional x86
Ran by OMBLG on Mon 04/13/2015 at 7:40:19.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/13/2015 at 7:42:04.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by OMBLG (administrator) on OMJHM-3GC6BP1 on 13-04-2015 07:43:38
Running from C:\Users\omblg\Downloads
Loaded Profiles: OMBLG (Available profiles: OXBBKP & OMJKE & OMBLG & OMTJH & OMJHM & OMDAS & OMSDW & WPMDK & COCRP & WPJEM & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(DameWare Development LLC) C:\Windows\System32\DWRCS.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(DameWare Development) C:\Windows\System32\DWRCST.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Intel Corporation) C:\Program Files\Intel\AMT\lms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [702072 2007-05-07] (Trend Micro Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\system32\DWRCST.exe [78848 2009-02-04] (DameWare Development)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist Corporate\1055\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-01-15] (SlySoft, Inc.)
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4617600 2012-01-20] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\MountPoints2: {235d9465-bdc2-11e4-b72e-bc305bd13ea7} - E:\LaunchU3.exe -a
Startup: C:\Users\omblg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizer.lnk
ShortcutTarget: SuperOptimizer.lnk -> C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}\SuperOptimizer.exe (Super PC Tools Ltd)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
SearchScopes: HKLM -> {E35F80B1-62BC-4064-A7AE-E6F8F8F8C32B} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2090123917-190833012-3475663718-1662 -> {E35F80B1-62BC-4064-A7AE-E6F8F8F8C32B} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-27] (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-27] (Sun Microsystems, Inc.)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://boctmc.oxbow.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://boctmc.oxbow.com:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://boctmc.oxbow.com:4343/officescan/console/html/root/AtxEnc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/event/ieatgpc1.cab
Handler: WSIEChrome - No CLSID Value - []
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 10.253.68.30 10.5.2.39

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\system32\npdeployJava1.dll [2012-04-27] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-04-27] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2090123917-190833012-3475663718-1662: @citrixonline.com/appdetectorplugin -> C:\Users\omblg\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-13] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\omblg\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-12-10] (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (YouTube) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Google Search) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (Cisco WebEx Extension) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR Extension: (Gmail) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKLM\...\Chrome\Extension: [nedmkhahhppfofnniinaggmabnngddjk] - C:\Program Files\LinkiDoo\nedmkhahhppfofnniinaggmabnngddjk.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 DWMRCS; C:\Windows\SYSTEM32\DWRCS.EXE [234496 2009-02-04] (DameWare Development LLC) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-04-12] (Flexera Software, Inc.)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2014-11-13] (Citrix Online, a division of Citrix Systems, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-02-08] (Hewlett-Packard) [File not signed]
S2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [771704 2007-05-07] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-02-08] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [796280 2007-05-07] (Trend Micro Inc.)
S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [205328 2008-05-02] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36368 2008-05-02] (Trend Micro Inc.)
S2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1169240 2008-05-02] (Trend Micro Inc.)
S4 LMIRfsClientNP; No ImagePath
S0 PBADRV; system32\DRIVERS\PBADRV.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 07:43 - 2015-04-13 07:44 - 00018535 _____ () C:\Users\omblg\Downloads\FRST.txt
2015-04-13 07:43 - 2015-04-13 07:43 - 01135616 _____ (Farbar) C:\Users\omblg\Downloads\FRST.exe
2015-04-13 07:43 - 2015-04-13 07:43 - 00000000 ____D () C:\FRST
2015-04-13 07:42 - 2015-04-13 07:42 - 00000820 _____ () C:\Users\omblg\Desktop\JRT.txt
2015-04-13 07:40 - 2015-04-13 07:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OMJHM-3GC6BP1-Windows-7-Professional-(32-bit).dat
2015-04-13 07:40 - 2015-04-13 07:40 - 00000000 ____D () C:\RegBackup
2015-04-13 07:34 - 2015-04-13 07:34 - 02686959 _____ (Thisisu) C:\Users\omblg\Downloads\JRT.exe
2015-04-10 13:57 - 2015-04-10 13:57 - 00509440 _____ (Tech Support Guy System) C:\Users\omblg\Downloads\SysInfo.exe
2015-04-10 13:05 - 2015-04-10 13:05 - 00000000 ____D () C:\ProgramData\New folder
2015-04-10 10:02 - 2015-04-13 06:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-10 10:02 - 2015-04-10 10:02 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-10 10:02 - 2015-04-10 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-10 10:02 - 2015-04-10 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-10 10:02 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-10 10:02 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-10 09:59 - 2015-04-10 10:02 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Malwarebytes
2015-04-10 09:59 - 2015-04-10 09:59 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\SUPERAntiSpyware.com
2015-04-10 09:58 - 2015-04-10 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-04-10 09:58 - 2015-04-10 09:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-10 09:58 - 2015-04-10 09:58 - 00001963 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-10 09:58 - 2015-04-10 09:58 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-10 09:58 - 2015-04-10 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-10 09:58 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 07:36 - 2015-04-10 12:44 - 00000020 _____ () C:\Users\omblg\AppData\Roaming\appdataFr3.bin
2015-04-09 03:38 - 2015-04-09 03:38 - 00000000 ____D () C:\Program Files\TransferBigFilescom Gmail Extension
2015-04-04 03:00 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 08:03 - 2015-03-31 08:04 - 05761024 _____ () C:\Users\omblg\Downloads\SafetyTargetFall Protection2008.ppt
2015-03-31 07:57 - 2015-03-31 07:57 - 00000291 _____ () C:\Users\omblg\Downloads\fallprotect.wvx
2015-03-31 07:54 - 2015-03-31 07:54 - 00000266 _____ () C:\Users\omblg\Downloads\tieoff.wvx
2015-03-27 09:04 - 2015-03-27 09:04 - 01126489 _____ () C:\Users\omblg\Documents\Map 5 TCC.bak
2015-03-27 07:46 - 2015-03-27 09:58 - 01181016 _____ () C:\Users\omblg\Documents\Map 5 TCC.dwg
2015-03-25 00:06 - 2015-03-10 21:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 00:06 - 2015-03-10 21:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 00:06 - 2015-03-10 21:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 11:56 - 2015-03-24 11:56 - 00009489 _____ () C:\Users\omblg\Downloads\Schedule43231-ALLCLUBHOMEExport.xls
2015-03-20 13:35 - 2015-03-20 13:35 - 00026788 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (4).xls
2015-03-20 08:17 - 2015-03-20 08:17 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Serif
2015-03-20 08:09 - 2015-03-20 08:09 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PhotoPlus Starter Edition.lnk
2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\Program Files\Serif
2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2015-03-20 08:05 - 2015-03-20 08:05 - 118250544 _____ (Serif (Europe) Ltd., [email protected]) C:\Users\omblg\Downloads\ESDPK-HLX5-PhotoPlusSE_Downloader_Setup-EN-irnsrc3.exe
2015-03-20 08:05 - 2015-03-20 08:05 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\0S1P1C1L1O
2015-03-20 07:59 - 2015-03-20 08:16 - 00000000 ____D () C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}
2015-03-20 07:57 - 2015-03-20 07:58 - 00842296 _____ ( ) C:\Users\omblg\Downloads\HLX5-PhotoPlus-SE-Installer-EN.exe
2015-03-19 11:22 - 2015-03-19 11:22 - 00026752 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (3).xls
2015-03-17 15:36 - 2015-03-17 15:36 - 00026066 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (2).xls
2015-03-17 09:24 - 2015-03-17 09:24 - 00025887 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (1).xls
2015-03-16 10:43 - 2015-03-16 10:43 - 00025887 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 07:19 - 2014-01-07 09:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 07:17 - 2009-07-13 22:55 - 02045268 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 05:56 - 2011-02-01 14:51 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-13 04:53 - 2013-01-28 13:10 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-04-13 00:19 - 2014-01-07 09:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 11:01 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 11:01 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 14:40 - 2011-01-25 17:50 - 00797150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 14:37 - 2015-01-21 12:16 - 00000125 ___SH () C:\ProgramData\.zreglib
2015-04-10 14:36 - 2014-11-13 11:30 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-04-10 14:36 - 2014-11-13 11:30 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-04-10 14:35 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 14:35 - 2009-07-13 22:39 - 00046618 _____ () C:\Windows\setupact.log
2015-04-10 14:34 - 2012-09-22 03:18 - 00009506 _____ () C:\Windows\TMFilter.log
2015-04-10 13:11 - 2011-01-25 19:40 - 00215384 _____ () C:\Windows\PFRO.log
2015-04-10 12:59 - 2014-11-13 11:31 - 00000000 ____D () C:\Users\omblg\AppData\Local\LogMeInIgnition
2015-04-10 11:54 - 2014-06-11 09:53 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Real
2015-04-10 11:54 - 2014-01-07 09:32 - 00000000 ____D () C:\ProgramData\Real
2015-04-10 09:58 - 2012-08-30 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-10 09:47 - 2013-01-28 13:10 - 00000000 ____D () C:\Program Files\LogMeIn
2015-04-06 13:46 - 2014-11-11 09:50 - 00000000 ____D () C:\Users\omblg\Documents\Personal
2015-04-03 10:20 - 2014-01-07 09:37 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 15:51 - 2014-12-18 16:58 - 00000931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-02 15:51 - 2014-12-18 16:58 - 00000919 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-02 15:51 - 2014-12-18 16:58 - 00000000 ____D () C:\Program Files\TeamViewer
2015-03-30 18:41 - 2012-05-01 08:50 - 00010932 __RSH () C:\Users\omblg\ntuser.pol
2015-03-30 18:41 - 2012-05-01 08:50 - 00000000 ____D () C:\Users\omblg
2015-03-28 03:35 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-28 03:24 - 2014-11-11 10:18 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\TeamViewer
2015-03-27 09:59 - 2014-11-11 09:41 - 00001589 _____ () C:\Users\omblg\Documents\plot.log
2015-03-25 03:15 - 2014-12-11 04:35 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:15 - 2014-09-02 13:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 13:01 - 2015-03-02 10:48 - 00000000 ____D () C:\Users\omblg\AppData\Local\WinZip

==================== Files in the root of some directories =======

2015-04-10 07:36 - 2015-04-10 12:44 - 0000020 _____ () C:\Users\omblg\AppData\Roaming\appdataFr3.bin
2015-01-21 12:16 - 2015-04-10 14:37 - 0000125 ___SH () C:\ProgramData\.zreglib
2012-04-12 10:09 - 2012-04-12 10:09 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

ZeroAccess:
C:\Windows\Installer\{36e98b7d-841b-f0c5-0ecb-4d9390dd1f73}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2090123917-190833012-3475663718-1672\$36e98b7d841bf0c50ecb4d9390dd1f73

ZeroAccess:
C:\Users\omjhm\AppData\Local\{36e98b7d-841b-f0c5-0ecb-4d9390dd1f73}

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\MSN8CB6.exe
C:\Users\omblg\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\omblg\AppData\Local\Temp\Quarantine.exe
C:\Users\omblg\AppData\Local\Temp\sqlite3.dll
C:\Users\omblg\AppData\Local\Temp\supoptsetup.exe
C:\Users\omjhm\AppData\Local\Temp\2jfuweif.exe
C:\Users\omjhm\AppData\Local\Temp\AcDeltree.exe
C:\Users\omjhm\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\omjhm\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\omjhm\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\omjhm\AppData\Local\Temp\lowproc.exe
C:\Users\omjhm\AppData\Local\Temp\nss1723.tmp.tbProd.dll
C:\Users\omjhm\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\omjhm\AppData\Local\Temp\setup.exe
C:\Users\omjhm\AppData\Local\Temp\stubhelper.dll
C:\Users\omjke\AppData\Local\Temp\FNP_ACT_InstallerCA.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2015-04-04 00:10

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2015
Ran by OMBLG at 2015-04-13 07:44:19
Running from C:\Users\omblg\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 13.1.1 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.5.7.0 - SlySoft)
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
BioAPI Framework (HKLM\...\{AF7E4468-E364-4991-BC2A-6E8293E1055B}) (Version: 1.0.1 - Dell Inc.)
Brother's Keeper 6.6 (HKLM\...\Brother's Keeper 6.6) (Version: - )
Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 11.1.0.1055 - Citrix Online, a division of Citrix Systems, Inc.)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Network Connections 15.2.89.0 (HKLM\...\PROSetDX) (Version: 15.2.89.0 - Dell)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Java(TM) 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
LogMeIn (HKLM\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
MacX DVD Ripper Pro For Windows 7.6.4 (HKLM\...\MacX DVD Ripper Pro For Windows_is1) (Version: - Digiarty Software, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.00 - NVIDIA Corporation)
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PhotoPlus Starter Edition Packages (HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\PhotoPlus Starter Edition Packages) (Version: - ) <==== ATTENTION
PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Serif PhotoPlus Starter Edition 3 (HKLM\...\{5DF61899-B4D4-4CD5-9F3D-78ADBBF7DC2A}) (Version: 3.0.0.008 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Trend Micro OfficeScan Client (HKLM\...\OfficeScanNT) (Version: - )
UPEK TouchChip Fingerprint Reader (HKLM\...\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}) (Version: 1.2.0 - Dell Inc.)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinX DVD Ripper 5.6.0 (HKLM\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2090123917-190833012-3475663718-1662_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2090123917-190833012-3475663718-1662_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2090123917-190833012-3475663718-1662_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

20-03-2015 08:07:44 Installed Serif PhotoPlus Starter Edition 3
24-03-2015 02:49:33 Windows Update
25-03-2015 03:00:12 Windows Update
28-03-2015 03:00:15 Windows Update
03-04-2015 02:21:23 Windows Update
04-04-2015 03:00:14 Windows Update
10-04-2015 02:21:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {008054AE-2332-44E0-BE3D-744397CC4B5D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2090123917-190833012-3475663718-1672 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1CEE4AD7-8D30-4CBD-8369-9B3935C3D895} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {43265A3B-0499-4C9D-8E7C-1FD181FF329E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2090123917-190833012-3475663718-1672 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5E120666-5FC4-4301-8DCF-20DCD0C8CD83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {941965E3-99E4-4802-8484-9F8491FEB683} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {A51F6398-EA19-40C8-9395-B7E2FDE9E4D6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EF6DD827-A1D8-4ED2-9CCE-C8C2D0934E20} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F753EA49-C9D6-4067-8DE0-DE6838BD44EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {FBE29A8D-9157-4F2B-B5F1-B0CFA497D7E8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-04-03 10:20 - 2015-03-30 15:07 - 01174856 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 10:20 - 2015-03-30 15:07 - 00080200 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 10:20 - 2015-03-30 15:07 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\ahbnlgvg.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\alscwwjs.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\avoxiuxj.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\avvqdonk.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\blqjrscj.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\bnmenzpg.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ccwetpxz.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\dnerbkmo.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\dxibwdgd.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\evlxjdri.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\gfbgcafy.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ggzzfdsn.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\gmdtuoma.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\gnwomxjv.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\gwwubkmd.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\hmahlzmv.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ibgasucc.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ikynyidu.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\iselpbvz.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\iwudvajj.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\jghacamt.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\jhnekwke.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\jhphdzpd.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\jkcmglai.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\kyyqjank.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\lcaczqhl.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\lusiyczm.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\mdntzmig.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\momznddd.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ngojzaur.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\niajyyjh.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\nvqtzzir.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\osbqvzpv.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\phpvrlpv.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\piqahlxj.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\pjaebock.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\pkhfbcse.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\pnyxknhr.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\qizvxbue.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\qjrwcusk.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\qnbvwjxh.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\qvtmlsgj.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\revtgjhv.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\rhvbkcwn.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\rszqyoee.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\rwhlhlfg.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\sthwhxox.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\tritubnu.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ttsxiznr.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\urlvnbxz.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\urxncmjn.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\vgjhcrdu.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\vsnenzwp.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\vugfarqv.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\vuuicamr.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\wfhncouo.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\wjryhzhd.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\wqgfpuzu.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\xkrjamou.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\xoatwmzi.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\xzjvaiwv.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\ysuxhghn.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\zeeweeth.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\zmaumofr.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\zsisnyoc.sys:changelist

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Control Panel\Desktop\\Wallpaper -> C:\Users\omblg\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.253.68.30 - 10.5.2.39

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DameWare MRC Agent => C:\Windows\system32\DWRCST.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: picon => "C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe" -startup
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-319076873-3345597711-2242175296-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-319076873-3345597711-2242175296-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 39%
Total physical RAM: 3709.59 MB
Available physical RAM: 2247.82 MB
Total Pagefile: 7417.48 MB
Available Pagefile: 5798.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.57 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.06 GB) (Free:94.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
askey127

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
BG08,
------------------------------------------------
Remove A Program Using Control Panel
From Start, Control Panel, click on Programs and Features
Click this Entry, if it exists, choose Uninstall, and give permission to Continue:

Java(TM) 6 Update 32
Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
You may want to read here before you decide whether to keep Java on your system:
http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

If You Decide to Keep it, Download and Install the latest version of Java Runtime Environment from here :
http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html, and install it to your computer.
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform jre-8u40-windows-i586.exe for 32-bit, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
(I don't have any Java on my system).
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files
There are security vulnerabilities in earlier versions of both Reader and Acrobat Pro. All versions numbered lower than 11.0.10 are vulnerable.
Go HERE to download the Installer AdbeRdr11008_en_US.exe .
Save the file to your desktop and run it to install the latest version of Adobe Reader.
Always be careful to UNCHECK any offer for toolbars, helpers or other "partner" Free programs
After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category
Uncheck Automatically trust sites from my Win OS security zones, and under Protected View, click on Files from potentially unsafe locations.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.
-----------------------------------------------------------
Run a New Scan With the Farbar Scan Tool
  • Double click FRST.exe on your desktop to launch it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
  • Please post the contents in your next reply.
This machine kinda looks like a work machine. Any comments about that?
askey127
 
B

BG08

Thread Starter
Joined
Mar 4, 2008
Messages
19
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-04-2015
Ran by OMBLG at 2015-04-13 10:54:04 Run:1
Running from C:\Users\omblg\Desktop
Loaded Profiles: OMBLG (Available profiles: OXBBKP & OMJKE & OMBLG & OMTJH & OMJHM & OMDAS & OMSDW & WPMDK & COCRP & WPJEM & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Program Files\Common Files\Wondershare

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DelaypluginInstall => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2090123917-190833012-3475663718-1662\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"C:\Program Files\Common Files\Wondershare" directory move:

Could not move "C:\Program Files\Common Files\Wondershare" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-13 10:57:27)<=

C:\Program Files\Common Files\Wondershare => Is moved successfully.

==== End of Fixlog 10:57:27 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by OMBLG (administrator) on OMJHM-3GC6BP1 on 13-04-2015 11:00:19
Running from C:\Users\omblg\Desktop
Loaded Profiles: OMBLG (Available profiles: OXBBKP & OMJKE & OMBLG & OMTJH & OMJHM & OMDAS & OMSDW & WPMDK & COCRP & WPJEM & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(DameWare Development LLC) C:\Windows\System32\DWRCS.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Trend Micro Inc.) C:\Windows\Temp\PT4E7.EXE
(DameWare Development) C:\Windows\System32\DWRCST.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Super PC Tools Ltd) C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}\SuperOptimizer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\AMT\lms.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Farbar) C:\Users\omblg\Desktop\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [702072 2007-05-07] (Trend Micro Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\system32\DWRCST.exe [78848 2009-02-04] (DameWare Development)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist Corporate\1055\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-01-15] (SlySoft, Inc.)
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4617600 2012-01-20] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\...\MountPoints2: {235d9465-bdc2-11e4-b72e-bc305bd13ea7} - E:\LaunchU3.exe -a
Startup: C:\Users\omblg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizer.lnk
ShortcutTarget: SuperOptimizer.lnk -> C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}\SuperOptimizer.exe (Super PC Tools Ltd)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
HKU\S-1-5-21-2090123917-190833012-3475663718-1662\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
SearchScopes: HKLM -> {E35F80B1-62BC-4064-A7AE-E6F8F8F8C32B} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2090123917-190833012-3475663718-1662 -> {E35F80B1-62BC-4064-A7AE-E6F8F8F8C32B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://boctmc.oxbow.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://boctmc.oxbow.com:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://boctmc.oxbow.com:4343/officescan/console/html/root/AtxEnc.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/event/ieatgpc1.cab
Handler: WSIEChrome - No CLSID Value - []
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 10.253.68.30 10.5.2.39

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\system32\npdeployJava1.dll [2012-04-27] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2090123917-190833012-3475663718-1662: @citrixonline.com/appdetectorplugin -> C:\Users\omblg\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-13] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\omblg\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-12-10] (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (YouTube) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Google Search) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (Cisco WebEx Extension) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR Extension: (Gmail) - C:\Users\omblg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKLM\...\Chrome\Extension: [nedmkhahhppfofnniinaggmabnngddjk] - C:\Program Files\LinkiDoo\nedmkhahhppfofnniinaggmabnngddjk.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 DWMRCS; C:\Windows\SYSTEM32\DWRCS.EXE [234496 2009-02-04] (DameWare Development LLC) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-04-12] (Flexera Software, Inc.)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2014-11-13] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-02-08] (Hewlett-Packard) [File not signed]
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [771704 2007-05-07] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-02-08] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [796280 2007-05-07] (Trend Micro Inc.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-04-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [205328 2008-05-02] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36368 2008-05-02] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1169240 2008-05-02] (Trend Micro Inc.)
S4 LMIRfsClientNP; No ImagePath
S0 PBADRV; system32\DRIVERS\PBADRV.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 10:48 - 2015-04-13 10:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-13 10:48 - 2015-04-13 10:48 - 00001991 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-04-13 10:21 - 2015-04-13 10:21 - 01135616 _____ (Farbar) C:\Users\omblg\Desktop\FRST (1).exe
2015-04-13 08:32 - 2015-04-13 08:32 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-13 08:28 - 2015-04-13 08:28 - 00907848 _____ () C:\Users\omblg\Downloads\players.xls
2015-04-13 07:45 - 2015-04-13 11:00 - 00018944 _____ () C:\Users\omblg\Desktop\FRST.txt
2015-04-13 07:45 - 2015-04-13 07:45 - 00022152 _____ () C:\Users\omblg\Desktop\Addition.txt
2015-04-13 07:44 - 2015-04-13 07:44 - 00022152 _____ () C:\Users\omblg\Downloads\Addition.txt
2015-04-13 07:43 - 2015-04-13 11:00 - 00000000 ____D () C:\FRST
2015-04-13 07:43 - 2015-04-13 07:44 - 00030322 _____ () C:\Users\omblg\Downloads\FRST.txt
2015-04-13 07:43 - 2015-04-13 07:43 - 01135616 _____ (Farbar) C:\Users\omblg\Downloads\FRST.exe
2015-04-13 07:42 - 2015-04-13 07:42 - 00000820 _____ () C:\Users\omblg\Desktop\JRT.txt
2015-04-13 07:40 - 2015-04-13 07:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OMJHM-3GC6BP1-Windows-7-Professional-(32-bit).dat
2015-04-13 07:40 - 2015-04-13 07:40 - 00000000 ____D () C:\RegBackup
2015-04-13 07:34 - 2015-04-13 07:34 - 02686959 _____ (Thisisu) C:\Users\omblg\Downloads\JRT.exe
2015-04-10 13:57 - 2015-04-10 13:57 - 00509440 _____ (Tech Support Guy System) C:\Users\omblg\Downloads\SysInfo.exe
2015-04-10 13:05 - 2015-04-10 13:05 - 00000000 ____D () C:\ProgramData\New folder
2015-04-10 10:02 - 2015-04-13 10:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-10 10:02 - 2015-04-10 10:02 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-10 10:02 - 2015-04-10 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-10 10:02 - 2015-04-10 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-10 10:02 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-10 10:02 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-10 09:59 - 2015-04-10 10:02 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Malwarebytes
2015-04-10 09:59 - 2015-04-10 09:59 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\SUPERAntiSpyware.com
2015-04-10 09:58 - 2015-04-10 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-04-10 09:58 - 2015-04-10 09:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-10 09:58 - 2015-04-10 09:58 - 00001963 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-10 09:58 - 2015-04-10 09:58 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-10 09:58 - 2015-04-10 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-10 09:58 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 07:36 - 2015-04-10 12:44 - 00000020 _____ () C:\Users\omblg\AppData\Roaming\appdataFr3.bin
2015-04-09 03:38 - 2015-04-09 03:38 - 00000000 ____D () C:\Program Files\TransferBigFilescom Gmail Extension
2015-04-04 03:00 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 08:03 - 2015-03-31 08:04 - 05761024 _____ () C:\Users\omblg\Downloads\SafetyTargetFall Protection2008.ppt
2015-03-31 07:57 - 2015-03-31 07:57 - 00000291 _____ () C:\Users\omblg\Downloads\fallprotect.wvx
2015-03-31 07:54 - 2015-03-31 07:54 - 00000266 _____ () C:\Users\omblg\Downloads\tieoff.wvx
2015-03-27 09:04 - 2015-03-27 09:04 - 01126489 _____ () C:\Users\omblg\Documents\Map 5 TCC.bak
2015-03-27 07:46 - 2015-03-27 09:58 - 01181016 _____ () C:\Users\omblg\Documents\Map 5 TCC.dwg
2015-03-25 00:06 - 2015-03-10 21:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 00:06 - 2015-03-10 21:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 00:06 - 2015-03-10 21:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 00:06 - 2015-03-10 21:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 11:56 - 2015-03-24 11:56 - 00009489 _____ () C:\Users\omblg\Downloads\Schedule43231-ALLCLUBHOMEExport.xls
2015-03-20 13:35 - 2015-03-20 13:35 - 00026788 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (4).xls
2015-03-20 08:17 - 2015-03-20 08:17 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Serif
2015-03-20 08:09 - 2015-03-20 08:09 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PhotoPlus Starter Edition.lnk
2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\Program Files\Serif
2015-03-20 08:09 - 2015-03-20 08:09 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2015-03-20 08:05 - 2015-03-20 08:05 - 118250544 _____ (Serif (Europe) Ltd., [email protected]) C:\Users\omblg\Downloads\ESDPK-HLX5-PhotoPlusSE_Downloader_Setup-EN-irnsrc3.exe
2015-03-20 08:05 - 2015-03-20 08:05 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\0S1P1C1L1O
2015-03-20 07:59 - 2015-03-20 08:16 - 00000000 ____D () C:\ProgramData\{3bd42a53-4d84-2f8f-3bd4-42a534d8a94d}
2015-03-20 07:57 - 2015-03-20 07:58 - 00842296 _____ ( ) C:\Users\omblg\Downloads\HLX5-PhotoPlus-SE-Installer-EN.exe
2015-03-19 11:22 - 2015-03-19 11:22 - 00026752 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (3).xls
2015-03-17 15:36 - 2015-03-17 15:36 - 00026066 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (2).xls
2015-03-17 09:24 - 2015-03-17 09:24 - 00025887 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport (1).xls
2015-03-16 10:43 - 2015-03-16 10:43 - 00025887 _____ () C:\Users\omblg\Downloads\Schedule43232-ALLCLUBHOMEExport.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 11:00 - 2011-01-25 17:50 - 00797150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 10:57 - 2015-01-21 12:16 - 00000125 ___SH () C:\ProgramData\.zreglib
2015-04-13 10:57 - 2014-01-07 09:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 10:56 - 2011-02-02 07:45 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-04-13 10:56 - 2011-02-01 14:51 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-13 10:55 - 2014-11-13 11:30 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-04-13 10:55 - 2014-11-13 11:30 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-04-13 10:55 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 10:55 - 2009-07-13 22:39 - 00046730 _____ () C:\Windows\setupact.log
2015-04-13 10:54 - 2012-09-22 03:18 - 00009572 _____ () C:\Windows\TMFilter.log
2015-04-13 10:54 - 2009-07-13 22:55 - 02066908 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 10:54 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-13 10:50 - 2014-06-11 09:53 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Adobe
2015-04-13 10:50 - 2011-02-02 10:05 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-13 10:48 - 2013-07-30 10:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-13 10:48 - 2013-07-30 10:09 - 00000000 ____D () C:\Program Files\Adobe
2015-04-13 10:22 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 10:22 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 10:19 - 2014-01-07 09:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 04:53 - 2013-01-28 13:10 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-04-10 13:11 - 2011-01-25 19:40 - 00215384 _____ () C:\Windows\PFRO.log
2015-04-10 12:59 - 2014-11-13 11:31 - 00000000 ____D () C:\Users\omblg\AppData\Local\LogMeInIgnition
2015-04-10 11:54 - 2014-06-11 09:53 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\Real
2015-04-10 11:54 - 2014-01-07 09:32 - 00000000 ____D () C:\ProgramData\Real
2015-04-10 09:58 - 2012-08-30 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-10 09:47 - 2013-01-28 13:10 - 00000000 ____D () C:\Program Files\LogMeIn
2015-04-06 13:46 - 2014-11-11 09:50 - 00000000 ____D () C:\Users\omblg\Documents\Personal
2015-04-03 10:20 - 2014-01-07 09:37 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 15:51 - 2014-12-18 16:58 - 00000931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-02 15:51 - 2014-12-18 16:58 - 00000919 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-02 15:51 - 2014-12-18 16:58 - 00000000 ____D () C:\Program Files\TeamViewer
2015-03-30 18:41 - 2012-05-01 08:50 - 00010932 __RSH () C:\Users\omblg\ntuser.pol
2015-03-30 18:41 - 2012-05-01 08:50 - 00000000 ____D () C:\Users\omblg
2015-03-28 03:35 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-28 03:24 - 2014-11-11 10:18 - 00000000 ____D () C:\Users\omblg\AppData\Roaming\TeamViewer
2015-03-27 09:59 - 2014-11-11 09:41 - 00001589 _____ () C:\Users\omblg\Documents\plot.log
2015-03-25 03:15 - 2014-12-11 04:35 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:15 - 2014-09-02 13:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 13:01 - 2015-03-02 10:48 - 00000000 ____D () C:\Users\omblg\AppData\Local\WinZip

==================== Files in the root of some directories =======

2015-04-10 07:36 - 2015-04-10 12:44 - 0000020 _____ () C:\Users\omblg\AppData\Roaming\appdataFr3.bin
2015-01-21 12:16 - 2015-04-13 10:57 - 0000125 ___SH () C:\ProgramData\.zreglib
2012-04-12 10:09 - 2012-04-12 10:09 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

ZeroAccess:
C:\Windows\Installer\{36e98b7d-841b-f0c5-0ecb-4d9390dd1f73}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2090123917-190833012-3475663718-1672\$36e98b7d841bf0c50ecb4d9390dd1f73

ZeroAccess:
C:\Users\omjhm\AppData\Local\{36e98b7d-841b-f0c5-0ecb-4d9390dd1f73}

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\MSN8CB6.exe
C:\Users\omblg\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\omblg\AppData\Local\Temp\Quarantine.exe
C:\Users\omblg\AppData\Local\Temp\sqlite3.dll
C:\Users\omblg\AppData\Local\Temp\supoptsetup.exe
C:\Users\omjhm\AppData\Local\Temp\2jfuweif.exe
C:\Users\omjhm\AppData\Local\Temp\AcDeltree.exe
C:\Users\omjhm\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\omjhm\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\omjhm\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\omjhm\AppData\Local\Temp\lowproc.exe
C:\Users\omjhm\AppData\Local\Temp\nss1723.tmp.tbProd.dll
C:\Users\omjhm\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\omjhm\AppData\Local\Temp\setup.exe
C:\Users\omjhm\AppData\Local\Temp\stubhelper.dll
C:\Users\omjke\AppData\Local\Temp\FNP_ACT_InstallerCA.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2015-04-04 00:10

==================== End Of Log ============================


Followed all of your directions. This machine is a work machine. Is that an inappropriate use of the forum or why do you ask?
 
askey127

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
BG08,
You will need to run TDSSKiller on the machine. It has some defects related to a ZeroAccess infection.

Sorry, but I will not be allowed to help further, by forum policy.
Note here: http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html
IMPORTANT NOTE REGARDING CORPORATE/COMPANY OWNED COMPUTERS
Please do not request assistance for corporate/company owned computers. Many changes/deletions are made during the cleanup process, some of which may involve uninstalling programs, deleting folders/files, changing settings and/or removing policies etc. As we have no way of knowing for sure if these are actually needed for company operations, malware issues in these cases should be handled by your own IT Departments in order to avoid any undesirable results.
Click to expand...
askey127
 
B

BG08

Thread Starter
Joined
Mar 4, 2008
Messages
19
askey,

Thanks for your help. I actually read that sticky before posting but totally looked right over the bold type about corporate computers. I appreciate your knowledge and help. My IT department is more of a replace rather than repair. I apologize for violating the rules.
 
Cookiegal

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,033
Since we can't help any further on this computer I'm closing this thread.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 499 (members: 5, guests: 494)
Top