1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

chrome jumping to wpkg.org

Discussion in 'Virus & Other Malware Removal' started by OregonFan, Apr 28, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. OregonFan

    OregonFan Thread Starter

    Joined:
    Mar 9, 2015
    Messages:
    18
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1, 64 bit
    Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
    Processor Count: 8
    RAM: 8075 Mb
    Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
    Hard Drives: C: Total - 704622 MB, Free - 573748 MB;
    Motherboard: Intel, PLCSF8
    Antivirus: Windows Defender, Disabled

    Recently when I use Chrome if I type in a website it will take me there and then in about one second it will jump me to wpkg.org. Before this problem I had never even heard of wpkg.org. I ran Malwarebytes and quarantined 3 files. Two of them were called PUP.Optional.GlobalUpdate.A and the other one was PUP.optional.BetterMarkIT.A. After I quaranteed them the problem still persisted. I also tried to run system restore, but when I did I got this: "System Restore failed while scanning the file system on the drive C:\ The drive might be corrupt. You might want to retry System Restore after running chkdsk /R on this disk. An unspecified error occurred while doing System Restore. (0x81000204)"

    At this point I thought I go to the experts. Help would be appreciated. Also I'm currently on firefox and it isn't giving me a problem.

    thanks
     
  2. OregonFan

    OregonFan Thread Starter

    Joined:
    Mar 9, 2015
    Messages:
    18
  3. OregonFan

    OregonFan Thread Starter

    Joined:
    Mar 9, 2015
    Messages:
    18
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello OregonFan and welcome.

    Continue as follows please:

    Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

    [​IMG] Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. [​IMG]
    Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

    [​IMG] Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. [​IMG] Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

    [​IMG] Internet Explorer - Click the Tools menu in the upper right-corner of the browser. [​IMG] Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

    Next,

    Follow the instructions in the following link to show hidden files:

    http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

    Next,

    Please open Malwarebytes Anti-Malware.

    • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
    • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
    • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • With some infections, you may see this message box.

      'Could not load DDA driver'
    • Click 'Yes' to this message, to allow the driver to load after a restart.
    • Allow the computer to restart. Continue with the rest of these instructions.
    • When the scan is complete, click Apply Actions.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    If Malwarebytes is not installed follow these instructions first:

    Download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish. Follow the instructions above....

    Next,

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    Let me see those logs in your reply....

    Thank you,

    Kevin...
     
  5. OregonFan

    OregonFan Thread Starter

    Joined:
    Mar 9, 2015
    Messages:
    18
    Thanks and here we go.

    Note I also attached them.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/3/2015
    Scan Time: 5:18:38 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.05.03.02
    Rootkit Database: v2015.04.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: David

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 357293
    Time Elapsed: 35 min, 58 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
    Ran by David (administrator) on GODUCKS on 03-05-2015 18:01:14
    Running from C:\Users\David\Desktop
    Loaded Profiles: David (Available profiles: David)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
    (中国电信) C:\Program Files (x86)\SepanderSoft\XBSafeBase.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    () C:\Program Files (x86)\iNode\iNode Client\AuthenMngService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
    () C:\Program Files (x86)\iNode\iNode Client\iNodeMon.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (SparkLabs) C:\Program Files\WiTopia\WiTopia.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
    (SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe
    () C:\Program Files (x86)\SepanderSoft\XbTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (SparkLabs) C:\Program Files\WiTopia\Resources\vpnc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-28] (SRS Labs, Inc.)
    HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
    HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisD9BE.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
    HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\Reg.exe [2085376 2012-07-10] (TODO: <&#20844;&#21496;&#21517;&#31281;>)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\Run: [WiTopia] => C:\Program Files\WiTopia\WiTopia.exe [814368 2014-06-06] (SparkLabs)
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\Run: [EPSON16A05F (Epson Stylus SX440)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [232448 2011-01-21] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\RunOnce: [Adobe Speed Launcher] => 1430449982
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\MountPoints2: {1f48534d-9eb4-11e3-bf3e-24ec99fa0948} - "D:\AutoRun.exe"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\MountPoints2: {fa2a58cf-8af3-11e3-bf2f-24ec99fa0948} - "D:\AutoRun.exe"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\MountPoints2: {fa2a5904-8af3-11e3-bf2f-24ec99fa0948} - "D:\AutoRun.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-03-29]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDriveSync.lnk [2014-02-21]
    ShortcutTarget: IDriveSync.lnk -> C:\Users\David\AppData\Roaming\IDriveSync\IDriveSyncTray.exe (No File)
    Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-15]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0001IDriveSyncExt4] -> {A30768B3-9C38-4810-AAC3-422B73A0B25C} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers: [001IDriveSyncExt2] -> {AE0642D6-F6D4-4443-9654-FE7252EDBC0C} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers: [001IDriveSyncExt3] -> {B5C11BA5-C82C-4D1F-A0B0-3E161B3F9E47} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers: [001IDriveSyncExt4] -> {906E4756-73EC-4A58-A3B1-461B759D8F7B} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers: [001IDriveSyncExt5] -> {5DF1669E-DBBC-4C36-918E-8E470774D7AF} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers-x32: [0001IDriveSyncExt4] -> {A30768B3-9C38-4810-AAC3-422B73A0B25C} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers-x32: [001IDriveSyncExt2] -> {AE0642D6-F6D4-4443-9654-FE7252EDBC0C} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers-x32: [001IDriveSyncExt3] -> {B5C11BA5-C82C-4D1F-A0B0-3E161B3F9E47} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers-x32: [001IDriveSyncExt4] -> {906E4756-73EC-4A58-A3B1-461B759D8F7B} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers-x32: [001IDriveSyncExt5] -> {5DF1669E-DBBC-4C36-918E-8E470774D7AF} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon.dll [2014-01-16] (Pro-Softnet Corporation, U.S.A)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U162
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba13.msn.com/?pc=TNJB
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-1250180184-3280715487-3860909446-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U162DF&PC=U162&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1250180184-3280715487-3860909446-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U162DF&PC=U162&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1250180184-3280715487-3860909446-1001 -> {678C3E9C-29A0-4BF0-97E2-7DD263F6BE2D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1250180184-3280715487-3860909446-1001 -> {F1913A6E-F02D-4BB8-8CC4-13C500CD745E} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
    DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2015-03-13] (Microsoft Corporation)
    Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2015-03-13] (Microsoft Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
    Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
    Tcpip\Parameters: [DhcpNameServer] 218.30.19.50 61.134.1.5
    Tcpip\..\Interfaces\{03D70B84-6C68-4B68-AAE4-9F03A7639053}: [NameServer] 156.154.70.22,156.154.71.22
    Tcpip\..\Interfaces\{33CC0528-5E5B-4736-BFF1-E7604F1BC552}: [NameServer] 10.118.0.1
    Tcpip\..\Interfaces\{F6D524C2-1EBC-4883-A453-D20E204B183F}: [NameServer] 10.118.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\uysx1q7t.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.0.9 -> C:\WINDOWS\system32\npSecEditCtl.BOC.x86.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-14] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1250180184-3280715487-3860909446-1001: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\David\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2013-12-03] ( )
    FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\uysx1q7t.default\user.js [2013-11-11]
    FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\uysx1q7t.default\searchplugins\zonealarm.xml [2013-11-06]
    FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://global.bing.com/?FORM=HPCNEN&setmkt=en-us&setlang=en-us
    CHR StartupUrls: Default -> "hxxp://global.bing.com/?FORM=HPCNEN&setmkt=en-us&setlang=en-us"
    CHR DefaultSearchKeyword: Default -> bing.com_
    CHR DefaultSearchURL: Default -> https://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
    CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab
    CHR DefaultSuggestURL: Default -> https://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
    CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-25]
    CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-25]
    CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-25]
    CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-25]
    CHR Extension: (BetaFish Adblocker) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-30]
    CHR Extension: (Bookmark Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-10-30]
    CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
    CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-25]
    CHR HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [imooohanopeeieejjcgioibkoejmdokj] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
    R2 INODE_SVR_MNG_SERVICE; C:\Program Files (x86)\iNode\iNode Client\AuthenMngService.exe [656800 2012-01-11] ()
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-04] (AVG Secure Search)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1728592 2015-02-03] (Microsoft Corporation)
    R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [70432 2014-06-06] (SparkLabs)
    R2 XBSafeSvc; C:\Program Files (x86)\SepanderSoft\XBSafeBase.exe [234832 2012-06-01] (&#20013;&#22269;&#30005;&#20449;)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-04-07] (AVG Technologies CZ, s.r.o.)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
    R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] ()
    R2 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [45624 2012-01-06] (Printing Communications Assoc., Inc. (PCAUSA))
    R2 PCASp50; C:\Windows\SysWOW64\Drivers\PCASp50.sys [35256 2012-01-06] (Printing Communications Assoc., Inc. (PCAUSA))
    R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
    R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-12] (Realtek Microelectronics)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-21] (Realtek Semiconductor Corporation )
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-11-01] (Windows (R) Win 7 DDK provider)
    R3 visctap0901; C:\Windows\system32\DRIVERS\visctap0901.sys [39048 2014-01-30] (The OpenVPN Project)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
    S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]
    S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
    S1 xkmodurl; \??\C:\Program Files (x86)\SepanderSoft\xkmodurl64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-03 18:01 - 2015-05-03 18:01 - 00025860 _____ () C:\Users\David\Desktop\FRST.txt
    2015-05-03 18:00 - 2015-05-03 18:01 - 00000000 ____D () C:\FRST
    2015-05-03 17:59 - 2015-05-03 18:00 - 02101248 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
    2015-04-28 13:56 - 2015-04-28 13:56 - 00000952 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
    2015-04-28 13:00 - 2015-04-28 13:00 - 00509440 _____ (Tech Support Guy System) C:\Users\David\Desktop\SysInfo.exe
    2015-04-27 08:44 - 2015-05-01 09:34 - 00000000 ____D () C:\Users\David\Desktop\April MRs
    2015-04-27 07:40 - 2015-04-27 07:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-04-22 09:10 - 2015-04-22 09:11 - 11417232 _____ (Bank Of China) C:\Users\David\Desktop\BOC_TotalPackage (1).exe
    2015-04-22 08:59 - 2015-04-22 08:59 - 01223392 _____ (CFCA) C:\Users\David\Desktop\SecEdit.BOC (2).exe
    2015-04-21 14:00 - 2015-04-27 12:32 - 00000000 ____D () C:\Users\David\Desktop\draft statements, codes
    2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
    2015-04-15 11:30 - 2015-04-23 17:01 - 00000000 ____D () C:\Users\David\Desktop\Oral Lesson Plans
    2015-04-15 07:57 - 2015-03-13 12:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-04-15 07:57 - 2015-03-13 12:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-04-15 07:57 - 2015-03-13 12:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-04-15 07:57 - 2015-03-13 11:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-04-15 07:57 - 2015-03-13 11:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-04-15 07:57 - 2015-03-13 11:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-04-15 07:57 - 2015-03-13 11:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-04-15 07:57 - 2015-03-13 11:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-04-15 07:57 - 2015-03-13 11:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-04-15 07:57 - 2015-03-13 11:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-04-15 07:57 - 2015-03-13 11:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-04-15 07:57 - 2015-03-13 11:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-04-15 07:57 - 2015-03-13 11:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-04-15 07:57 - 2015-03-13 11:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-04-15 07:57 - 2015-03-13 10:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-04-15 07:57 - 2015-03-13 10:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-04-15 07:57 - 2015-03-13 10:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-04-15 07:57 - 2015-03-13 10:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-04-15 07:57 - 2015-03-13 10:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-04-15 07:57 - 2015-03-13 10:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-04-15 07:57 - 2015-03-13 10:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-04-15 07:57 - 2015-03-13 10:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-04-15 07:57 - 2015-03-13 10:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-04-15 07:57 - 2015-03-13 10:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-04-15 07:53 - 2015-03-24 05:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-04-15 07:53 - 2015-03-24 05:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2015-04-15 07:53 - 2015-03-24 05:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
    2015-04-15 07:53 - 2015-03-24 05:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2015-04-15 07:53 - 2015-03-24 05:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
    2015-04-15 07:53 - 2015-03-20 12:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2015-04-15 07:53 - 2015-03-20 12:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2015-04-15 07:53 - 2015-03-20 12:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
    2015-04-15 07:53 - 2015-03-20 11:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
    2015-04-15 07:53 - 2015-03-20 10:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
    2015-04-15 07:53 - 2015-03-20 10:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2015-04-15 07:53 - 2015-03-20 10:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2015-04-15 07:53 - 2015-03-14 16:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2015-04-15 07:53 - 2015-03-14 16:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2015-04-15 07:52 - 2015-03-13 10:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2015-04-15 07:52 - 2015-03-13 10:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
    2015-04-15 07:52 - 2015-02-21 07:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
    2015-04-15 07:47 - 2015-03-14 16:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-04-15 07:47 - 2015-03-14 09:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2015-04-15 07:47 - 2015-03-14 09:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2015-04-15 07:47 - 2015-03-14 09:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
    2015-04-15 07:47 - 2015-03-14 09:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2015-04-15 07:47 - 2015-03-14 09:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2015-04-15 07:47 - 2015-03-14 08:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-04-15 07:47 - 2015-03-14 08:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2015-04-15 07:47 - 2015-03-14 08:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2015-04-15 07:47 - 2015-03-14 08:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2015-04-15 07:47 - 2015-03-14 08:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2015-04-15 07:47 - 2015-03-14 08:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2015-04-15 07:47 - 2015-03-14 08:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2015-04-15 07:47 - 2015-03-14 08:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2015-04-15 07:47 - 2015-03-14 08:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2015-04-15 07:47 - 2015-03-14 08:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2015-04-15 07:47 - 2015-03-14 07:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2015-04-15 07:47 - 2015-03-14 07:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2015-04-15 07:47 - 2015-03-04 18:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2015-04-15 07:47 - 2015-03-04 11:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
    2015-04-15 07:47 - 2015-03-04 10:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
    2015-04-15 07:47 - 2015-02-24 16:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2015-04-15 07:45 - 2015-03-23 06:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2015-04-15 07:45 - 2015-03-23 06:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2015-04-15 07:45 - 2015-03-23 06:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2015-04-15 07:45 - 2015-03-23 06:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2015-04-15 07:45 - 2015-03-23 06:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2015-04-15 07:45 - 2015-03-23 06:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2015-04-15 07:45 - 2015-03-23 06:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-04-14 07:13 - 2015-04-14 07:15 - 00000000 ___SD () C:\WINDOWS\system32\GWX
    2015-04-14 07:13 - 2015-04-14 07:13 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
    2015-04-13 11:00 - 2015-04-13 11:00 - 00016744 _____ () C:\Users\David\Desktop\My EndNote Library.enlx
    2015-04-13 10:00 - 2015-04-27 12:34 - 00012726 _____ () C:\Users\David\Desktop\My EndNote Library.enl
    2015-04-13 10:00 - 2015-04-13 10:00 - 00000000 ____D () C:\Users\David\Desktop\My EndNote Library.Data
    2015-04-09 14:11 - 2015-04-09 14:11 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
    2015-04-07 12:45 - 2015-04-13 10:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\EndNote
    2015-04-07 12:39 - 2015-04-07 12:39 - 00293856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys
    2015-04-07 11:15 - 2015-04-13 10:17 - 00000000 ____D () C:\Users\Public\Documents\EndNote
    2015-04-07 11:15 - 2015-04-13 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
    2015-04-07 11:15 - 2015-04-13 10:17 - 00000000 ____D () C:\Program Files (x86)\EndNote X7
    2015-04-07 11:14 - 2015-04-13 10:17 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
    2015-04-07 10:51 - 2015-04-07 11:11 - 82100224 _____ () C:\Users\David\Desktop\ENX7Inst.exe
    2015-04-03 09:34 - 2015-04-03 09:34 - 00137184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-03 18:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-05-03 17:59 - 2013-11-06 15:52 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0C100E13-F51E-4909-90D3-7EF169B5BC0A}
    2015-05-03 17:59 - 2013-03-29 12:31 - 00000000 ____D () C:\Program Files\Common Files\WiTopia
    2015-05-03 17:49 - 2015-01-08 20:25 - 01426679 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-05-03 17:19 - 2014-09-13 10:19 - 00001702 _____ () C:\WINDOWS\Tasks\DNOHWYCD.job
    2015-05-03 17:18 - 2014-09-16 07:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-05-03 17:17 - 2014-09-13 10:20 - 00001348 _____ () C:\WINDOWS\Tasks\HVR.job
    2015-05-03 17:10 - 2014-09-16 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-03 17:05 - 2013-09-22 08:19 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-03 17:04 - 2013-05-25 08:24 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-03 17:04 - 2013-05-25 08:24 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-03 16:52 - 2013-09-30 12:04 - 00338236 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-05-03 16:52 - 2013-02-04 08:55 - 00000000 ____D () C:\ProgramData\MFAData
    2015-05-03 08:59 - 2012-12-25 02:49 - 00000000 ____D () C:\Users\David\AppData\Local\Packages
    2015-05-02 15:46 - 2015-03-30 14:16 - 00000000 ____D () C:\Users\David\Desktop\Dillon
    2015-05-01 18:07 - 2012-12-25 02:59 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1250180184-3280715487-3860909446-1001
    2015-05-01 12:07 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-04-30 17:17 - 2014-02-22 18:42 - 00000000 ___DO () C:\Users\David\SkyDrive
    2015-04-30 17:15 - 2015-01-09 08:15 - 00015342 _____ () C:\WINDOWS\setupact.log
    2015-04-30 17:15 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-04-30 17:15 - 2013-03-26 16:18 - 00000000 ____D () C:\iNodeLog
    2015-04-30 17:14 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2015-04-30 17:13 - 2014-08-21 08:10 - 00000023 _____ () C:\model.bat
    2015-04-30 09:40 - 2014-10-30 12:34 - 00000000 ___RD () C:\Users\David\Google Drive
    2015-04-28 14:06 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2015-04-28 14:00 - 2015-02-28 02:55 - 00009072 _____ () C:\WINDOWS\PFRO.log
    2015-04-28 13:56 - 2014-11-12 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-04-28 13:56 - 2012-07-26 16:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
    2015-04-28 13:48 - 2013-11-11 12:20 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-04-28 13:48 - 2012-08-18 19:20 - 00000000 ____D () C:\Program Files (x86)\Toshiba
    2015-04-28 13:48 - 2012-08-18 19:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-28 12:44 - 2015-03-25 16:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-23 14:52 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppCompat
    2015-04-20 08:40 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
    2015-04-19 18:11 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
    2015-04-19 09:08 - 2014-12-12 16:26 - 00000000 ____D () C:\WINDOWS\system32\appraiser
    2015-04-19 09:08 - 2014-07-13 07:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2015-04-19 09:06 - 2013-07-21 22:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-04-19 08:57 - 2013-01-02 06:41 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-04-16 07:44 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-04-15 08:05 - 2013-09-22 08:19 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-04-15 07:45 - 2014-11-12 08:28 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
    2015-04-14 07:24 - 2014-11-12 10:32 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-04-14 07:24 - 2014-11-12 10:32 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-13 10:17 - 2013-11-06 14:35 - 00000000 ____D () C:\Users\David

    ==================== Files in the root of some directories =======

    2014-09-01 16:18 - 2014-09-01 16:18 - 0001248 _____ () C:\Users\David\AppData\Roaming\DNOHWYCD
    2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\David\AppData\Roaming\HVR
    2013-11-30 13:44 - 2014-06-20 14:22 - 0003584 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-10 19:49 - 2012-09-10 19:49 - 0001050 ____H () C:\Users\David\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
    2013-03-29 08:06 - 2015-02-06 07:53 - 0004594 _____ () C:\ProgramData\hpzinstall.log

    Some content of TEMP:
    ====================
    C:\Users\David\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\David\AppData\Local\Temp\Risweb32.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-30 20:55

    ==================== End Of Log ============================



    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
    Ran by David at 2015-05-03 18:02:17
    Running from C:\Users\David\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1250180184-3280715487-3860909446-500 - Administrator - Disabled)
    David (S-1-5-21-1250180184-3280715487-3860909446-1001 - Administrator - Enabled) => C:\Users\David
    Guest (S-1-5-21-1250180184-3280715487-3860909446-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1250180184-3280715487-3860909446-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
    Amazon Kindle (HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\Amazon Kindle) (Version: - Amazon)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
    AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
    Baseball Mogul 2009 (HKLM-x32\...\{9A3071D0-B51E-11DD-72AE-01EFE8642CD6}) (Version: 11.24 - Sports Mogul Inc.)
    Baseball Mogul 2015 (HKLM-x32\...\{D4A59790-C1A8-11E3-01EB-70F1B71F26E9}) (Version: 17.13 - Sports Mogul Inc.)
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Chinese Simplified Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DJ_AIO_04_F735_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.3.0.8536 - Thomson Reuters)
    EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version: - SEIKO EPSON Corporation)
    e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
    F735 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
    Fuze Meeting (HKLM-x32\...\{D2968FDC-A688-4784-89B3-5269E1470A81}) (Version: 13.12.3282 - Fuze Box, Inc.)
    GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
    Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
    Heroes of Might and Magic V Bundle (HKLM-x32\...\GOGPACKHOMM5_is1) (Version: 2.0.0.22 - GOG.com)
    Houlo Video Downloader (HKLM-x32\...\Houlo Video Downloader) (Version: - )
    HP Deskjet F735 All-in-one Driver Software 14.0 Rel. 6 (HKLM\...\{C1EBBC83-74C2-48FA-B4A6-4B42E9A74ED4}) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    I Love Math! (HKLM-x32\...\{AB067CB3-FBF0-45C8-8638-07DB60888D77}) (Version: 1.1 - Avanquest North America Inc.)
    iNode Intelligent Client (HKLM-x32\...\{2DBC9F17-9894-4220-9A9C-2CF7AA59E0FD}) (Version: 5.10.0301 - H3C)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Medal of Honor - Allied Assault War Chest (HKLM-x32\...\GOGPACKMEDALOFHONORPACK_is1) (Version: 2.0.0.21 - GOG.com)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft Office &#26657;&#23545;&#24037;&#20855; 2013 - &#31616;&#20307;&#20013;&#25991; (HKLM-x32\...\{90150000-001F-0804-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
    Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
    Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
    Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.28.2013.0912 - REALTEK Semiconductor Corp)
    Realtek Bluetooth Filter Driver Package (x32 Version: 12.28.2013.0912 - REALTEK Semiconductor Corp) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
    REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
    ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    SecEditCtl.BOC (only remove) (HKLM-x32\...\SecEditCtl.BOC01000009) (Version: - CFCA)
    Should I Remove It (HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
    Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
    Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
    Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
    Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.800 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124 - Toshiba Corporation)
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1479.1 - Microsoft Corporation) Hidden
    Update for Zip Opener (HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\DSite) (Version: - ) <==== ATTENTION
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WiTopia (HKLM\...\{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1) (Version: 2.1.9.178 - WiTopia)
    &#20013;&#22269;&#30005;&#20449;10000&#31649;&#23478; (HKLM-x32\...\SepanderSoft) (Version: 2.0 - ÖйúµçÐÅ)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    14-04-2015 07:11:49 Windows Update
    18-04-2015 09:56:32 Windows Update
    25-04-2015 20:10:17 Scheduled Checkpoint
    28-04-2015 12:39:46 Restore Operation

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0394DD17-CC75-42A4-BA87-BC98549A9655} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-24] ()
    Task: {18A988FC-A47A-401D-AA73-90A6E8D3C687} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {1AA6EFD7-26E1-445A-ACE6-65D9D0AD2CEA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {1F04A233-A2D5-4616-A0A2-87D42FF5ADCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
    Task: {282A04FB-1065-471E-951F-43444575FA99} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {36A567DD-4368-4D37-87FF-D7E3D7E5CA59} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
    Task: {3809A48B-3125-4AB9-8E17-8FCCB60D6776} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-13] (Piriform Ltd)
    Task: {3C46DDDC-A085-4750-A38D-7824923F9D29} - System32\Tasks\{41F06661-1259-44B0-BC5C-D30C55EBA295} => pcalua.exe -a "C:\Sports Mogul\Uninst_Baseball Mogul 2009.exe" -d "C:\Sports Mogul"
    Task: {3DEB2D6C-4D1D-498C-9529-3E5E428B7C96} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
    Task: {5CAE9D37-823D-4989-A6E1-10A22A5B3619} - System32\Tasks\{DE17CD5A-6B8F-4D5C-A9A1-D9970F6FB9A6} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{0CC0980D-811D-43B8-A455-8D150EB5BC0D}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
    Task: {685070F8-6027-48D1-844D-75A8CDF5EFE6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
    Task: {723C6C72-4449-4A61-AB4C-53EB776D06E6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {81A4BBA5-4A13-478A-89B4-D6EA6F91DD05} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {859CC442-3323-42CD-B989-D62A07D20AA3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {8AF46E83-AA64-44CC-AC24-93783EC60DA7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {90AE3266-FCB1-4590-8047-CA90230D96DA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
    Task: {94546F8B-7C07-4F4F-81E0-04535DC1A958} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
    Task: {A6A8D126-F3C5-4069-BF44-A371E1AD1EDE} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1250180184-3280715487-3860909446-1001
    Task: {B0D9FFC3-369F-41C3-899C-860BC2460B20} - System32\Tasks\DNOHWYCD => C:\Users\David\AppData\Roaming\DNOHWYCD.exe <==== ATTENTION
    Task: {B4EA0689-4225-485B-A8DD-61DCEBE1FE8E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {C815EB17-D305-4944-95A4-112932AFE249} - System32\Tasks\HVR => C:\Users\David\AppData\Roaming\HVR.exe <==== ATTENTION
    Task: {D76547F6-E479-4B30-90CF-BCE39FBC6778} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {F6328A0F-2274-4F34-BAEA-591BE4E6837E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {FD52B4E9-20B4-41A8-BA25-28F8A691304B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {FDEA6BED-873F-4F12-B76C-671A601E0B93} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DNOHWYCD.job => C:\Users\David\AppData\Roaming\DNOHWYCD.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HVR.job => C:\Users\David\AppData\Roaming\HVR.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2011-10-14 06:38 - 2011-10-14 06:38 - 00156672 _____ () C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
    2014-03-27 06:42 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-05-10 16:44 - 2012-01-11 10:00 - 00656800 _____ () C:\Program Files (x86)\iNode\iNode Client\AuthenMngService.exe
    2013-05-10 16:44 - 2012-01-11 10:01 - 00173472 _____ () C:\Program Files (x86)\iNode\iNode Client\iNodeMon.exe
    2015-03-15 08:38 - 2015-01-27 23:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2012-08-06 21:36 - 2012-08-06 21:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-08-03 10:01 - 2012-10-15 12:27 - 00345960 _____ () C:\Program Files (x86)\SepanderSoft\XbTray.exe
    2014-11-29 13:53 - 2014-11-29 12:26 - 00021864 _____ () C:\Program Files (x86)\SepanderSoft\AppShare.dll
    2013-05-10 16:44 - 2012-01-11 10:01 - 00718240 _____ () C:\Program Files (x86)\iNode\iNode Client\inode_utility.dll
    2013-05-10 16:44 - 2012-01-11 10:01 - 01627552 _____ () C:\Program Files (x86)\iNode\iNode Client\SecurityAuth.dll
    2013-05-10 16:44 - 2010-06-10 16:07 - 00157088 _____ () C:\Program Files (x86)\iNode\iNode Client\BDI_API.dll
    2013-05-10 16:44 - 2010-06-10 16:08 - 00087456 _____ () C:\Program Files (x86)\iNode\iNode Client\esfp_api.dll
    2013-05-10 16:44 - 2012-01-11 10:01 - 00576416 _____ () C:\Program Files (x86)\iNode\iNode Client\iNodeUtil.dll
    2013-05-10 16:44 - 2010-06-10 16:07 - 00062880 _____ () C:\Program Files (x86)\iNode\iNode Client\dmcryptlib.dll
    2013-05-10 16:44 - 2010-06-10 16:07 - 00886176 _____ () C:\Program Files (x86)\iNode\iNode Client\DMSSLEAY.dll
    2013-05-10 16:44 - 2012-01-11 10:02 - 00136608 _____ () C:\Program Files (x86)\iNode\iNode Client\X1Pt.dll
    2012-11-13 22:15 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2013-08-03 10:01 - 2012-06-01 12:49 - 01297256 _____ () C:\Program Files (x86)\SepanderSoft\floatnetmon.dll
    2014-11-29 13:53 - 2014-11-29 12:28 - 00150304 _____ () C:\Program Files (x86)\SepanderSoft\NetBackup.dll
    2014-11-29 13:53 - 2014-11-29 12:27 - 00041304 _____ () C:\Program Files (x86)\SepanderSoft\DLoader.dll
    2014-11-29 13:53 - 2014-11-29 12:27 - 00075624 _____ () C:\Program Files (x86)\SepanderSoft\json.dll
    2014-11-29 13:53 - 2014-11-29 12:29 - 00487784 _____ () C:\Program Files (x86)\SepanderSoft\nethelp\popui.dll
    2014-09-25 17:25 - 2014-11-13 08:52 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
    2014-09-12 17:43 - 2014-09-12 17:43 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
    2015-05-01 15:05 - 2015-04-28 10:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
    2015-05-01 15:05 - 2015-04-28 10:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
    2015-05-01 15:05 - 2015-04-28 10:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00459278 _____ () C:\Program Files\WiTopia\Resources\cyggcrypt-11.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00904221 _____ () C:\Program Files\WiTopia\Resources\cyggnutls-28.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00080910 _____ () C:\Program Files\WiTopia\Resources\cyggcc_s-1.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00014350 _____ () C:\Program Files\WiTopia\Resources\cyggpg-error-0.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00324622 _____ () C:\Program Files\WiTopia\Resources\cyggmp-3.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00159261 _____ () C:\Program Files\WiTopia\Resources\cyghogweed-2.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00179229 _____ () C:\Program Files\WiTopia\Resources\cygnettle-4.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00053774 _____ () C:\Program Files\WiTopia\Resources\cygp11-kit-0.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00067101 _____ () C:\Program Files\WiTopia\Resources\cygtasn1-6.dll
    2014-07-06 21:07 - 2014-06-06 02:17 - 00074269 _____ () C:\Program Files\WiTopia\Resources\cygz.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\David\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\David\SkyDrive.old:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\bankofchina.com -> hxxp://www.bankofchina.com
    IE trusted site: HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\boc.cn -> hxxps://ebs.boc.cn


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 10.118.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD"
    HKLM\...\StartupApproved\Run: => "TCrdMain"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\StartupApproved\StartupFolder: => "wandoujia_helper.lnk"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\StartupApproved\StartupFolder: => "IDriveSync.lnk"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\StartupApproved\Run: => "Boxcryptor.exe"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\StartupApproved\Run: => "GoogleDriveSync"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{F2079B00-7D8C-45F1-986A-E341A9884FD1}] => (Allow) C:\Program Files (x86)\WandouLabs\wandoujia2.exe
    FirewallRules: [{B7486603-7E8F-4CD3-B1F8-71516D90ED18}] => (Allow) C:\Program Files (x86)\WandouLabs\wandoujia2.exe
    FirewallRules: [{032DC518-B520-4C98-BE47-57843BA38FAB}] => (Allow) C:\Program Files (x86)\iNode\iNode Client\AuthenMngService.exe
    FirewallRules: [{E3CDD57E-79DD-4FDE-B6BA-EA5353AC75D6}] => (Allow) C:\Program Files (x86)\iNode\iNode Client\AuthenMngService.exe
    FirewallRules: [{C124FE7D-85A2-4EAF-8CCC-039643BC80F3}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{0127413B-11BC-4B18-9106-490E60BD99FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{9D633D27-7DCC-4479-B2A6-2462642474F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{6F857DFC-1E3C-47FA-8579-20B3EFDF2103}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{9CCAF301-1D66-47C2-8BD7-AD39F7EE3500}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{EABA575D-6013-4824-8EAD-6256C226E16A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{33018318-4D44-41CB-A855-CAA0F52A2275}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{4F5C5D4E-33B4-4718-8252-A2057B753FCE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{25A7A24C-5217-47EB-B9FF-CD4831F5F946}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{6F1500F1-7ED5-4794-B584-28890DDE1ADD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{357FB4C0-D107-42E4-81AF-D60092B584FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{DEF05447-EB06-4AC7-AB8F-3F946D5936A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{88186D65-F910-4DDA-8679-271689693384}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{E190DAD3-FC50-4701-BA2C-891E882C231F}] => (Allow) C:\Users\David\AppData\Local\Temp\7zS41CD\hppiw.exe
    FirewallRules: [{3DF14C71-5A62-4306-85EA-E53B6596450D}] => (Allow) C:\Users\David\AppData\Local\Temp\7zS41CD\hppiw.exe
    FirewallRules: [{7AD4F514-2CDD-4020-9F71-D242D5BFD76E}] => (Allow) LPort=9019
    FirewallRules: [{E0C97041-DB87-4319-A3E9-B0A123C8D2E7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    FirewallRules: [{CF306980-D066-4CF0-A992-87E4B9A18266}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    FirewallRules: [{59BB8528-E613-492A-B298-5AA67069F698}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{99D748D7-B919-477F-BB57-A6B8AFFDC9DB}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{8D61503D-49DA-4B9C-8F28-0F22E480EE88}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{074C9B8B-42AA-4CE0-AF07-026251728F1E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{EFF2DF73-FA81-49B1-8096-6B92309977B6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{09EF334F-6B43-4D35-9E21-678015D79834}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [TCP Query User{05C911CC-DF2A-47BC-BB4A-96D5D1907CA2}C:\gog games\medal of honor - allied assault war chest\mohaa.exe] => (Allow) C:\gog games\medal of honor - allied assault war chest\mohaa.exe
    FirewallRules: [UDP Query User{902267C4-9139-4176-BD67-677BDA421833}C:\gog games\medal of honor - allied assault war chest\mohaa.exe] => (Allow) C:\gog games\medal of honor - allied assault war chest\mohaa.exe
    FirewallRules: [{0690DD0D-2148-43CE-BB27-530B7594F301}] => (Block) C:\gog games\medal of honor - allied assault war chest\mohaa.exe
    FirewallRules: [{0148AFA7-B4F4-4C21-BBB4-1B314C6DA011}] => (Block) C:\gog games\medal of honor - allied assault war chest\mohaa.exe
    FirewallRules: [TCP Query User{16F05C6C-E58D-4E96-94FE-3DE4D38AAE51}C:\users\david\appdata\local\fuze box\fuze meeting\fuze_meeting.exe] => (Allow) C:\users\david\appdata\local\fuze box\fuze meeting\fuze_meeting.exe
    FirewallRules: [UDP Query User{02EFBFE5-B111-4DA1-8EC6-3ACA4BB539CD}C:\users\david\appdata\local\fuze box\fuze meeting\fuze_meeting.exe] => (Allow) C:\users\david\appdata\local\fuze box\fuze meeting\fuze_meeting.exe
    FirewallRules: [{610ABA49-B78A-4926-8A6C-E6207A3F741F}] => (Allow) C:\Users\David\AppData\Roaming\IDriveSync\IDriveSync_Service.exe
    FirewallRules: [{EF1FCE3D-EA66-46EE-BD35-A69FAC98F015}] => (Allow) C:\Users\David\AppData\Roaming\IDriveSync\IDriveSync_Service.exe
    FirewallRules: [{172EAA20-7864-49F5-AEEE-4420645834C5}] => (Allow) C:\Users\David\AppData\Roaming\IDriveSync\idevsutil.exe
    FirewallRules: [{0B7C54EB-4A3D-4E5A-91C2-D7363FC4763F}] => (Allow) C:\Users\David\AppData\Roaming\IDriveSync\idevsutil.exe
    FirewallRules: [{FB7C4493-C377-454D-B66F-F45C710E6811}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{AD8DD442-4F53-4965-9759-A7A47326442E}] => (Allow) LPort=2869
    FirewallRules: [{0BA29A9D-45DD-434C-BA41-55ACBBDF90F0}] => (Allow) LPort=1900
    FirewallRules: [{A64B6AD6-1CEB-4A88-88BF-124ABAEB0C0A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{99FA44F3-BF1A-4CB0-8D89-7BC09C5D8721}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{FF8B1720-A6D2-4838-8EE9-0E58D28F968A}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
    FirewallRules: [{3CCD7604-78CF-4C12-9F10-17351EE03E46}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
    FirewallRules: [{E221CDC4-670B-448B-BB1D-6BC67DB1DF58}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
    FirewallRules: [{765738E7-91AE-4843-930C-3009ADFBDABB}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
    FirewallRules: [{CFE2A06D-7C49-42A2-A7E5-CD4F6FBC0F64}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
    FirewallRules: [{C361D2F7-8C12-46E8-937C-CE29BB2DC576}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
    FirewallRules: [{D6103C84-B153-4E01-8E3E-B084D6376768}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
    FirewallRules: [{CA2B9A46-2768-46EC-BD1F-8F76131CB9DF}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
    FirewallRules: [{9DC36349-3C71-4D26-8DEA-D103D95C8222}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B5E6AC19-C8CE-4E04-A0CC-DD3B5A885B2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{D90AC436-A1EA-42F6-8FD9-5F3FA93B05F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{27CC2B38-9A90-4007-9DBC-3028EDDA977D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{77DD5580-1470-4E50-9701-DDDBFB45D06E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{97E91DD3-4D88-460D-BE28-E843C427FD0D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{25256A52-0706-4887-81AD-19280178F5BA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{343AB200-0AD5-4AE8-A580-559FF82E9AA8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{4012AFF1-72E8-43D5-95F8-BF69453B340E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{E4C6A0E4-1A7F-40F7-97C5-F921004BA75D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{1F4DDDBD-90E4-4207-B6D7-B6118DF54BFA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{0EA8058F-F3A8-4D0E-B208-7C0B22FF9934}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{4C6A284E-202B-4DD4-BAC9-A4A712266463}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: StorLib bus (virtual storages support)
    Description: StorLib bus (virtual storages support)
    Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
    Manufacturer: Synaptics
    Service: SSCBFS3
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/03/2015 04:32:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2174

    Start Time: 01d084e4cccde8b3

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 5bd73df5-f10a-11e4-bfe7-24ec99fa0948

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (05/03/2015 04:32:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1b08

    Start Time: 01d084e4ccce0fbd

    Termination Time: 4294967295

    Application Path: C:\WINDOWS\syswow64\wwahost.exe

    Report Id: 5d1b01b7-f10a-11e4-bfe7-24ec99fa0948

    Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

    Faulting package-relative application ID: App

    Error: (05/02/2015 09:59:42 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BB2K15.exe, version: 17.1.3.0, time stamp: 0x5387cdf0
    Faulting module name: BB2K15.exe, version: 17.1.3.0, time stamp: 0x5387cdf0
    Exception code: 0xc0000005
    Fault offset: 0x0013de39
    Faulting process id: 0x2694
    Faulting application start time: 0xBB2K15.exe0
    Faulting application path: BB2K15.exe1
    Faulting module path: BB2K15.exe2
    Report Id: BB2K15.exe3
    Faulting package full name: BB2K15.exe4
    Faulting package-relative application ID: BB2K15.exe5

    Error: (05/01/2015 01:50:56 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (05/01/2015 01:37:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2204

    Start Time: 01d083d02542014b

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 18adf1a0-efc4-11e4-bfe7-24ec99fa0948

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (05/01/2015 01:37:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1d54

    Start Time: 01d083d02559d8e4

    Termination Time: 4294967295

    Application Path: C:\WINDOWS\syswow64\wwahost.exe

    Report Id: 18725605-efc4-11e4-bfe7-24ec99fa0948

    Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

    Faulting package-relative application ID: App

    Error: (05/01/2015 01:34:11 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

    Error: (04/30/2015 09:25:19 PM) (Source: RasClient) (EventID: 20227) (User: )
    Description: CoId={7C5E60E0-2CF1-44F6-843B-177F7070B066}: The user SYSTEM dialed a connection named US - San Francisco which has failed. The error code returned on failure is 0.

    Error: (04/30/2015 05:55:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (04/30/2015 05:14:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GODUCKS)
    Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (05/01/2015 01:33:45 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (05/01/2015 01:32:41 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (05/01/2015 01:31:42 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (05/01/2015 01:30:39 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (05/01/2015 01:28:43 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (05/01/2015 01:27:41 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (05/01/2015 01:16:08 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (05/01/2015 01:16:04 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (05/01/2015 01:09:35 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (05/01/2015 01:08:34 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.


    Microsoft Office Sessions:
    =========================
    Error: (05/03/2015 04:32:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: LiveComm.exe17.5.9600.20689217401d084e4cccde8b34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe5bd73df5-f10a-11e4-bfe7-24ec99fa0948microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

    Error: (05/03/2015 04:32:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wwahost.exe6.3.9600.174151b0801d084e4ccce0fbd4294967295C:\WINDOWS\syswow64\wwahost.exe5d1b01b7-f10a-11e4-bfe7-24ec99fa0948Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

    Error: (05/02/2015 09:59:42 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BB2K15.exe17.1.3.05387cdf0BB2K15.exe17.1.3.05387cdf0c00000050013de39269401d0847b5b8958dbC:\Sports Mogul\Baseball Mogul 2015\BB2K15.exeC:\Sports Mogul\Baseball Mogul 2015\BB2K15.exee53bfd26-f06e-11e4-bfe7-24ec99fa0948

    Error: (05/01/2015 01:50:56 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files\CCleaner\CCleaner.exe

    Error: (05/01/2015 01:37:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: LiveComm.exe17.5.9600.20689220401d083d02542014b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe18adf1a0-efc4-11e4-bfe7-24ec99fa0948microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

    Error: (05/01/2015 01:37:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wwahost.exe6.3.9600.174151d5401d083d02559d8e44294967295C:\WINDOWS\syswow64\wwahost.exe18725605-efc4-11e4-bfe7-24ec99fa0948Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

    Error: (05/01/2015 01:34:11 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files\CCleaner\CCleaner.exe

    Error: (04/30/2015 09:25:19 PM) (Source: RasClient) (EventID: 20227) (User: )
    Description: {7C5E60E0-2CF1-44F6-843B-177F7070B066}SYSTEMUS - San Francisco0

    Error: (04/30/2015 05:55:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (04/30/2015 05:14:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GODUCKS)
    Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People-2144927141


    CodeIntegrity Errors:
    ===================================
    Date: 2014-11-29 11:24:59.413
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-29 11:14:01.409
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-29 10:18:45.190
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-29 10:03:29.788
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-29 09:50:21.033
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-29 09:34:49.573
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-11-29 08:44:17.079
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-28 19:50:35.948
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-28 19:33:22.518
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-28 19:24:47.161
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
    Percentage of memory in use: 40%
    Total physical RAM: 8075.22 MB
    Available physical RAM: 4811.16 MB
    Total Pagefile: 9931.22 MB
    Available Pagefile: 5892.42 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (TI10648300K) (Fixed) (Total:688.11 GB) (Free:560.26 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     

    Attached Files:

  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for those logs, continue as follows:

    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    Next,

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Scan
    • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
    • You will get a prompt asking to close all programs. Click OK.
    • Click OK again to reboot your computer.
    • A text file will open after the restart. Please post the content of that logfile in your reply.
    • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number

    Next,

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Next,

    Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
    Ensure to get the correct version for your system....
    32 Bit version:
    https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
    64 Bit version:
    https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

    Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.
    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\mrt.log

    Let me see those logs, also give an update on any remaining issues or concerns...

    Thank you,

    Kevin..
     

    Attached Files:

  7. OregonFan

    OregonFan Thread Starter

    Joined:
    Mar 9, 2015
    Messages:
    18
    Thanks, I appreciate it a lot. Here are the logs.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
    Ran by David at 2015-05-04 18:46:34 Run:1
    Running from C:\Users\David\Desktop
    Loaded Profiles: David (Available profiles: David)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\RunOnce: [Adobe Speed Launcher] => 1430449982
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\MountPoints2: {1f48534d-9eb4-11e3-bf3e-24ec99fa0948} - "D:\AutoRun.exe"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\MountPoints2: {fa2a58cf-8af3-11e3-bf2f-24ec99fa0948} - "D:\AutoRun.exe"
    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\...\MountPoints2: {fa2a5904-8af3-11e3-bf2f-24ec99fa0948} - "D:\AutoRun.exe"
    FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\uysx1q7t.default\user.js [2013-11-11]
    S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]
    S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
    S1 xkmodurl; \??\C:\Program Files (x86)\SepanderSoft\xkmodurl64.sys [X]
    C:\Users\David\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\David\AppData\Local\Temp\Risweb32.exe
    Task: {B0D9FFC3-369F-41C3-899C-860BC2460B20} - System32\Tasks\DNOHWYCD => C:\Users\David\AppData\Roaming\DNOHWYCD.exe <==== ATTENTION
    C:\Users\David\AppData\Roaming\DNOHWYCD.exe
    Task: {C815EB17-D305-4944-95A4-112932AFE249} - System32\Tasks\HVR => C:\Users\David\AppData\Roaming\HVR.exe <==== ATTENTION
    C:\Users\David\AppData\Roaming\HVR.exe
    Task: C:\WINDOWS\Tasks\DNOHWYCD.job => C:\Users\David\AppData\Roaming\DNOHWYCD.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\HVR.job => C:\Users\David\AppData\Roaming\HVR.exe <==== ATTENTION
    AlternateDataStreams: C:\Users\David\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\David\SkyDrive.old:ms-properties
    end



    *****************

    HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
    "HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f48534d-9eb4-11e3-bf3e-24ec99fa0948}" => Key deleted successfully.
    HKCR\CLSID\{1f48534d-9eb4-11e3-bf3e-24ec99fa0948} => Key not found.
    "HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa2a58cf-8af3-11e3-bf2f-24ec99fa0948}" => Key deleted successfully.
    HKCR\CLSID\{fa2a58cf-8af3-11e3-bf2f-24ec99fa0948} => Key not found.
    "HKU\S-1-5-21-1250180184-3280715487-3860909446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa2a5904-8af3-11e3-bf2f-24ec99fa0948}" => Key deleted successfully.
    HKCR\CLSID\{fa2a5904-8af3-11e3-bf2f-24ec99fa0948} => Key not found.
    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\uysx1q7t.default\user.js => Moved successfully.
    ew_hwusbdev => Service deleted successfully.
    huawei_cdcacm => Service deleted successfully.
    huawei_cdcecm => Service deleted successfully.
    huawei_enumerator => Service deleted successfully.
    huawei_ext_ctrl => Service deleted successfully.
    xkmodurl => Service deleted successfully.
    C:\Users\David\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\Risweb32.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0D9FFC3-369F-41C3-899C-860BC2460B20}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0D9FFC3-369F-41C3-899C-860BC2460B20}" => Key deleted successfully.
    C:\Windows\System32\Tasks\DNOHWYCD => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNOHWYCD" => Key deleted successfully.
    "C:\Users\David\AppData\Roaming\DNOHWYCD.exe" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C815EB17-D305-4944-95A4-112932AFE249}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C815EB17-D305-4944-95A4-112932AFE249}" => Key deleted successfully.
    C:\Windows\System32\Tasks\HVR => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HVR" => Key deleted successfully.
    "C:\Users\David\AppData\Roaming\HVR.exe" => File/Directory not found.
    C:\WINDOWS\Tasks\DNOHWYCD.job => Moved successfully.
    C:\WINDOWS\Tasks\HVR.job => Moved successfully.
    C:\Users\David\SkyDrive => ":ms-properties" ADS removed successfully.
    "C:\Users\David\SkyDrive.old" => ":ms-properties" ADS not found.

    ==== End of Fixlog 18:46:35 ====










    # AdwCleaner v2.306 - Logfile created 08/12/2013 at 16:58:37
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 8 (64 bits)
    # User : David - GODUCKS
    # Boot Mode : Normal
    # Running from : C:\Users\David\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : DefaultTabSearch
    Stopped & Deleted : DefaultTabUpdate

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\user.js
    File Deleted : C:\Users\David\AppData\Local\Temp\Uninstall.exe
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Common Files\spigot
    Folder Deleted : C:\Program Files (x86)\DefaultTab
    Folder Deleted : C:\Program Files (x86)\PricePeep
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Users\David\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Folder Deleted : C:\Users\David\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\David\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\David\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
    Folder Deleted : C:\Users\David\AppData\Roaming\DefaultTab
    Folder Deleted : C:\Users\David\AppData\Roaming\DSite

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
    Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\Software\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16537

    [OK] Registry is clean.

    -\\ Google Chrome v28.0.1500.95

    File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [11344 octets] - [12/08/2013 16:58:37]

    ########## EOF - C:\AdwCleaner[S1].txt - [11405 octets] ##########





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.6.7 (04.30.2015:1)
    OS: Windows 8.1 x64
    Ran by David on Mon 05/04/2015 at 19:39:07.65
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1250180184-3280715487-3860909446-1001
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1250180184-3280715487-3860909446-500
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-800098255-4063647713-633746628-500



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\WINDOWS\wininit.ini
    Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERDISPATCH.EXE-86147BFB.pf



    ~~~ Folders

    Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin



    ~~~ FireFox

    Successfully deleted the following from C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\uysx1q7t.default\prefs.js

    user_pref(extensions.zonealarm.hmpgUrl, hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=ea3ab1cbda1c428782391d319f6e7792&tu=10G9y00At2C01g0&sku=&tstsId=&ver=&);
    user_pref(extensions.zonealarm.kw_url, hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&gu=ea3ab1cbda1c428782391d319f6e7792&tu=10G9y00At2C01g0&sku=&tstsId=&ver
    user_pref(extensions.zonealarm.tlbrSrchUrl, hxxp://search.zonealarm.com/search?src=tb&tbid=goughGA&Lan={dfltLng}&gu=ea3ab1cbda1c428782391d319f6e7792&tu=10G9y00At2C01g0&sku=





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 05/04/2015 at 19:42:59.13
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~













     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for those logs, did you also run MRST; can I see that log. Also let me know if there are any remaining issues or concerns....

    Kevin...
     
  9. OregonFan

    OregonFan Thread Starter

    Joined:
    Mar 9, 2015
    Messages:
    18
    Here is that log attached. Everything seems fine. Many thanks again.
     

    Attached Files:

    • mrt.log
      File size:
      297.7 KB
      Views:
      1
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for the update, if no remaining issues or concerns continue as follows:

    Your Java [​IMG] is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    Go to http://java.com/en/ and click on "Do I have Java"
    It will check your current version and then offer to update to the latest version
    Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

    ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

    Next,

    Download "Delfix by Xplode" and save it to your desktop.

    Or use the following if first link is down:

    "Delfix link mirror"

    Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

    Make Sure the following items are checked:


    • Remove disinfection tools
    • Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
    • Reset system settings

    Now click on "Run" and wait patiently until the tool has completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Any remnant files/logs from tools we have used can be deleted…

    Next,

    Read the following link to fully understand PC security and best practices, you may find it useful....

    http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

    If no issues remain hit the "Mark Solved" tab at the top of the thread....

    Thank you,

    Kevin...
     
  11. OregonFan

    OregonFan Thread Starter

    Joined:
    Mar 9, 2015
    Messages:
    18
    thanks again
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    You`re very welcome, comeback anytime.......

    Take care and surf safe,

    Kevin....
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1147375

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice