1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help with browser hijack surfvox malware

Discussion in 'Virus & Other Malware Removal' started by Alucard321, Mar 13, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Alucard321

    Alucard321 Thread Starter

    Joined:
    Mar 13, 2015
    Messages:
    4
    Hi guys, I downloaded and accidentally ran a program that took over my browser & brought it to surfvox.com. I can't open my task manager or malwarebytes. In fact, a lot of attempts including msconfig won't open. I found this site on a google search from my cell, and downloaded rkill and Farbar recovery scan tool. I ran (as an administrator) Rkill. The DOS window popped open for a moment, and then ran the scan for Farbar. Below are the Rkill & FRST, logs. I also have additional log, but post was too long. Thanks in advance for any help!

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz, Intel64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 4054 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1803 Mb
    Hard Drives: C: Total - 476837 MB, Free - 97881 MB;
    Motherboard: Dell Inc., 0P792H
    Antivirus: Microsoft Security Essentials, Updated and Enabled

    Rkill Log:
    Rkill 2.7.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 03/13/2015 09:31:47 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:





    FRST Log:
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Frank (administrator) on FRANK-PC on 13-03-2015 21:33:15
    Running from C:\Users\Frank\Desktop
    Loaded Profiles: Frank (Available profiles: Frank)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    () C:\ProgramData\nvxasync\cvxasync.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    () C:\Program Files\Core Temp\Core Temp.exe
    () C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    () C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    (AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [271872 2008-04-30] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2001920 2014-04-04] (AimerSoft)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Run: [Google Update] => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-10] (Google Inc.)
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Run: [nvxasync] => C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe [142678528 2015-03-12] ()
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {0a91f398-0c2b-11e2-b0d7-002219db6ca7} - F:\setup.exe
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {0a91f3a8-0c2b-11e2-b0d7-002219db6ca7} - G:\INSTALL.EXE
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {3ffef42c-cc6d-11e1-9677-002219db6ca7} - E:\LaunchU3.exe
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {6aecfe5c-7114-11e4-ac3d-002219db6ca7} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {f20dbe7f-349e-11e2-a5ce-002219db6ca7} - E:\unlock.exe autoplay=true
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {f20dbeb9-349e-11e2-a5ce-002219db6ca7} - E:\unlock.exe autoplay=true
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142678528 2015-03-12] () <==== ATTENTION
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-814339908-3232271935-3892857259-1000 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
    SearchScopes: HKU\S-1-5-21-814339908-3232271935-3892857259-1000 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-29] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-29] (Oracle Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-01] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-10-22] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2011-12-28] ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-01] (Oracle Corporation)
    Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2009-12-16] (Intuit, Inc.)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\gsqb6iga.default
    FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-29] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-29] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2012-02-09] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-01] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-11-01] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-814339908-3232271935-3892857259-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Frank\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
    FF Plugin HKU\S-1-5-21-814339908-3232271935-3892857259-1000: @talk.google.com/O1DPlugin -> C:\Users\Frank\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
    FF Plugin HKU\S-1-5-21-814339908-3232271935-3892857259-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-814339908-3232271935-3892857259-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF user.js: detected! => C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\gsqb6iga.default\user.js [2015-03-12]
    FF Plugin ProgramFiles/Appdata: C:\Users\Frank\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Frank\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
    FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\gsqb6iga.default\searchplugins\starter.xml [2015-03-12]
    FF Extension: No Name - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\gsqb6iga.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [Not Found]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.surfvox.com/
    CHR StartupUrls: Default -> "hxxp://www.surfvox.com/"
    CHR DefaultSearchKeyword: Default -> surfvox.com
    CHR DefaultSearchURL: Default -> http://www.google.com/?cx=partner-pub-0900663996874144%3A6813731868&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.surfvox.com%2F&ref=&ss=
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
    CHR Extension: (Google Docs) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
    CHR Extension: (Google Drive) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
    CHR Extension: (YouTube) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]
    CHR Extension: (Google Search) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]
    CHR Extension: (No Name) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
    CHR Extension: (Skype Click to Call) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-12]
    CHR Extension: (Google Wallet) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (Gmail) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
    CHR HKU\S-1-5-21-814339908-3232271935-3892857259-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Frank\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-30]
    CHR HKU\S-1-5-21-814339908-3232271935-3892857259-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
    StartMenuInternet: Google Chrome - C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    S4 QBCFMonitorService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2009-12-16] (Intuit) [File not signed]
    S4 QBFCService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
    S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)
    R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
    R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-10] (Duplex Secure Ltd.)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    R3 ALSysIO; \??\C:\Users\Frank\AppData\Local\Temp\ALSysIO64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-13 21:33 - 2015-03-13 21:34 - 00020339 _____ () C:\Users\Frank\Desktop\FRST.txt
    2015-03-13 21:32 - 2015-03-13 21:33 - 00000000 ____D () C:\FRST
    2015-03-13 21:27 - 2015-03-13 21:28 - 02095616 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
    2015-03-13 21:26 - 2015-03-13 21:31 - 00000948 _____ () C:\Users\Frank\Desktop\Rkill.txt
    2015-03-13 21:26 - 2015-03-13 21:26 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill64.exe
    2015-03-13 21:24 - 2015-03-13 21:25 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill.exe
    2015-03-12 23:21 - 2015-03-13 21:16 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
    2015-03-12 23:09 - 2015-03-12 23:10 - 00000000 ____D () C:\abe0b10a950915435c2cf79c
    2015-03-12 23:06 - 2015-03-12 23:22 - 00000000 _RSHD () C:\Users\Frank\AppData\Roaming\nvxasync
    2015-03-12 23:06 - 2015-03-12 23:06 - 00000000 _RSHD () C:\ProgramData\nvxasync
    2015-03-12 14:24 - 2015-03-12 14:25 - 00000000 ____D () C:\Users\Frank\.freemind
    2015-03-10 20:52 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-10 20:52 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-10 20:52 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-10 20:52 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-10 20:52 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-10 20:52 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-10 20:52 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-10 20:52 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-10 20:52 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-10 20:52 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-10 20:52 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-10 20:52 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-10 20:52 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-10 20:52 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-10 20:52 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-10 20:52 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-10 20:52 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-10 20:52 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-10 20:52 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-10 20:52 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-10 20:52 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-10 20:52 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-10 20:52 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-10 20:52 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-10 20:52 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-10 20:52 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-10 20:52 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-10 20:52 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-10 20:52 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-10 20:52 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-10 20:52 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-10 20:52 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-10 20:52 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-10 20:52 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-10 20:52 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-10 20:52 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-10 20:52 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-10 20:52 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-10 20:52 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-10 20:52 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-10 20:52 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-10 20:52 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-10 20:52 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-10 20:52 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-10 20:52 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-10 20:52 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-10 20:52 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-10 20:52 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-10 20:52 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-10 20:52 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-10 20:52 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-10 20:52 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-10 20:52 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-10 20:52 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-10 20:52 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-10 20:52 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-10 20:52 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-10 20:52 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-10 20:52 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-10 20:52 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-10 20:52 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-10 20:52 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-10 20:52 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-09 07:51 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-03-09 07:51 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-03-03 20:57 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-03-03 20:57 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-03-03 20:57 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-03-03 20:57 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-20 11:41 - 2015-02-20 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
    2015-02-20 11:41 - 2015-02-20 11:41 - 00000000 ____D () C:\Program Files (x86)\SqliteBrowser3
    2015-02-13 19:29 - 2015-02-27 11:04 - 00000000 ____D () C:\Users\Frank\Documents\Health Insurance
    2015-02-13 10:22 - 2014-10-17 22:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-02-13 10:22 - 2014-10-17 21:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-02-13 10:22 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-02-13 10:22 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-02-13 10:22 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-02-13 10:22 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-02-13 10:22 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-02-13 10:22 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-02-13 10:22 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-02-13 10:22 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-02-13 09:57 - 2015-01-15 04:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-13 09:57 - 2015-01-15 04:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-13 09:57 - 2015-01-15 04:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-13 09:57 - 2015-01-15 04:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-13 09:57 - 2015-01-15 04:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-13 09:57 - 2015-01-15 04:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-13 09:57 - 2015-01-15 04:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-13 09:57 - 2015-01-15 04:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-13 09:57 - 2015-01-15 04:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-13 09:57 - 2015-01-15 04:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-13 09:57 - 2015-01-15 04:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-13 09:57 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-13 09:57 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-13 09:57 - 2015-01-15 03:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-13 09:57 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-13 09:57 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-13 09:57 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-13 09:57 - 2015-01-15 00:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-13 09:57 - 2015-01-10 02:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-13 09:57 - 2015-01-10 02:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-13 09:57 - 2015-01-10 02:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-13 09:57 - 2015-01-10 02:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-13 09:57 - 2015-01-10 02:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-13 09:57 - 2015-01-10 02:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-13 09:57 - 2015-01-10 02:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-13 09:57 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-13 09:57 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-13 09:57 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-13 09:57 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-13 09:57 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-13 09:57 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-13 09:57 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-13 09:57 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-13 09:57 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-13 09:57 - 2014-11-10 21:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-02-13 09:57 - 2014-11-07 23:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-02-13 09:57 - 2014-11-07 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-02-13 09:57 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2015-02-13 09:57 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2015-02-13 09:56 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-13 09:56 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-13 09:56 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-13 09:56 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-13 09:56 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-13 09:56 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-13 09:56 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-13 09:56 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-02-13 09:56 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-02-13 09:56 - 2014-12-12 01:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-13 09:56 - 2014-12-12 01:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-13 09:56 - 2014-12-11 13:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-02-13 09:56 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-02-13 09:56 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-02-13 09:56 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-02-13 09:56 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-13 09:56 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-13 09:56 - 2014-10-03 22:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-13 09:56 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-13 09:56 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2015-02-13 09:56 - 2014-10-02 22:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-02-13 09:56 - 2014-10-02 22:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2015-02-13 09:56 - 2014-10-02 22:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2015-02-13 09:56 - 2014-10-02 22:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2015-02-13 09:56 - 2014-10-02 22:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2015-02-13 09:56 - 2014-10-02 21:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2015-02-13 09:56 - 2014-10-02 21:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2015-02-13 09:56 - 2014-10-02 21:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2015-02-13 09:56 - 2014-10-02 21:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2015-02-13 09:56 - 2014-10-02 21:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2015-02-13 09:56 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-02-13 09:56 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-02-13 09:56 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-02-13 09:56 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-02-12 20:33 - 2015-02-12 20:37 - 00000000 ____D () C:\Users\Frank\Desktop\S3
    2015-02-12 19:57 - 2015-02-12 19:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2015-02-12 19:48 - 2015-02-12 19:48 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
    2015-02-12 19:47 - 2015-02-12 19:47 - 00000000 ____D () C:\Users\Frank\Documents\samsung
    2015-02-12 19:46 - 2014-10-13 01:57 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
    2015-02-12 19:46 - 2014-10-13 01:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
    2015-02-12 19:46 - 2014-10-13 01:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
    2015-02-12 19:45 - 2015-02-12 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
    2015-02-12 19:45 - 2015-02-12 19:45 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
    2015-02-12 19:44 - 2013-12-30 11:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
    2015-02-12 19:44 - 2013-12-30 11:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
    2015-02-12 19:42 - 2015-02-12 20:03 - 00000000 ____D () C:\Program Files (x86)\Samsung
    2015-02-12 19:41 - 2015-02-12 19:41 - 00000000 ____D () C:\Users\Frank\AppData\Local\Downloaded Installations
    2015-02-12 14:41 - 2015-02-12 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-13 21:27 - 2012-02-09 22:34 - 01562027 _____ () C:\Windows\WindowsUpdate.log
    2015-03-13 21:24 - 2009-07-14 00:45 - 00028336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-13 21:24 - 2009-07-14 00:45 - 00028336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-13 21:23 - 2009-07-14 01:13 - 00787402 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-13 21:16 - 2015-01-10 20:44 - 00005330 _____ () C:\Windows\setupact.log
    2015-03-13 21:16 - 2013-08-14 11:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-13 21:16 - 2012-11-27 14:51 - 00000324 _____ () C:\Windows\Tasks\GlaryInitialize.job
    2015-03-13 21:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-13 21:13 - 2015-01-10 20:43 - 00094150 _____ () C:\Windows\PFRO.log
    2015-03-13 20:53 - 2012-02-09 22:52 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\vlc
    2015-03-13 07:24 - 2013-08-14 11:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-13 07:24 - 2012-02-09 19:42 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000UA.job
    2015-03-12 23:19 - 2009-07-14 00:45 - 04978392 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-12 23:10 - 2013-07-13 09:54 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-12 23:10 - 2012-02-10 10:41 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-03-12 23:04 - 2012-02-10 00:16 - 00000000 ____D () C:\Users\Frank\Desktop\Movies
    2015-03-12 22:45 - 2012-02-09 22:58 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\uTorrent
    2015-03-12 21:43 - 2012-02-23 23:38 - 00000000 ____D () C:\Users\Frank\Documents\Outlook Files
    2015-03-12 21:41 - 2015-01-13 18:52 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\sidekick
    2015-03-12 20:55 - 2012-02-09 19:42 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000Core.job
    2015-03-12 15:49 - 2014-12-12 18:10 - 00000000 ____D () C:\Users\Frank\Documents\Ronnie
    2015-03-12 15:48 - 2013-12-01 07:37 - 00000000 ____D () C:\Users\Frank\Documents\Reddit_Add-In-master
    2015-03-12 14:24 - 2012-02-09 22:34 - 00000000 ____D () C:\Users\Frank
    2015-03-12 14:22 - 2014-06-03 10:12 - 00000000 ____D () C:\Users\Frank\Documents\WDC
    2015-03-09 20:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
    2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-02-28 23:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-02-27 18:37 - 2012-03-26 21:42 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
    2015-02-27 09:32 - 2012-02-09 22:04 - 00000000 ____D () C:\Users\Frank\Downloads\Applications
    2015-02-20 11:41 - 2012-11-03 13:44 - 00000000 ____D () C:\Users\Frank\Desktop\Applications
    2015-02-14 23:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-13 22:11 - 2012-02-12 22:17 - 00000000 ____D () C:\Users\Frank\Desktop\Games
    2015-02-13 21:28 - 2012-02-17 10:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-02-13 10:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-13 10:24 - 2012-02-23 23:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-13 10:20 - 2012-02-09 22:06 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-13 10:20 - 2012-02-09 22:05 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-13 10:19 - 2012-04-29 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2015-02-13 10:19 - 2012-02-09 22:05 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-12 22:21 - 2014-01-01 11:52 - 00000000 ____D () C:\Users\Frank\Documents\Galaxy Backup
    2015-02-12 20:03 - 2014-03-13 09:05 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\SAMSUNG
    2015-02-12 20:03 - 2014-02-22 11:49 - 00000000 ____D () C:\Users\Frank\AppData\Local\SAMSUNG
    2015-02-12 20:03 - 2014-02-22 11:49 - 00000000 ____D () C:\ProgramData\SAMSUNG
    2015-02-12 20:03 - 2014-02-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    2015-02-12 20:03 - 2012-08-04 20:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-12 12:41 - 2013-10-27 20:45 - 00000000 ____D () C:\Users\Frank\Documents\Pat
    2015-02-11 14:36 - 2012-02-09 23:30 - 00000000 ____D () C:\Users\Frank\Documents\09 Taxes

    ==================== Files in the root of some directories =======

    2014-03-02 00:34 - 2014-03-02 00:34 - 0003966 _____ () C:\Users\Frank\AppData\Local\recently-used.xbel
    2012-08-07 19:03 - 2012-09-19 09:13 - 0007655 _____ () C:\Users\Frank\AppData\Local\Resmon.ResmonCfg
    2013-10-31 09:17 - 2013-10-31 09:17 - 0000057 _____ () C:\ProgramData\Ament.ini
    2012-03-01 15:18 - 2012-03-01 15:52 - 0000341 _____ () C:\ProgramData\hpzinstall.log

    Some content of TEMP:
    ====================
    C:\Users\Frank\AppData\Local\Temp\SRLDetectionLibrary8867250137535785846.dll
    C:\Users\Frank\AppData\Local\Temp\vlc-2.1.5-win32.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-13 23:01

    ==================== End Of Log ============================



    Again, thanks in advance for any help! Please let me know if you need any more info from me.
    Sincerely,
    Alucard321
     
  2. Alucard321

    Alucard321 Thread Starter

    Joined:
    Mar 13, 2015
    Messages:
    4
    Hi, here is the addition log as well:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Frank at 2015-03-13 21:35:10
    Running from C:\Users\Frank\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
    4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
    4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
    4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
    Adobe Illustrator CS5.1 (HKLM-x32\...\{23767F5D-A80C-4264-B8EA-ED4085FC332A}) (Version: 15.1 - Adobe Systems Incorporated)
    Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 4.2 64-bit (HKLM\...\{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}) (Version: 4.2.1 - Adobe)
    Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
    Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
    Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version: - )
    Aimersoft DVD Creator(Build 3.0.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
    AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
    Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
    Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
    Bitcasa version 0.9.14.1692 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.14.1692 - Bitcasa Inc.)
    Blender (HKLM\...\Blender) (Version: 2.64a-release - Blender Foundation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    calibre (HKLM-x32\...\{CF3C170B-D713-4089-84FE-63285B424B95}) (Version: 0.9.0 - Kovid Goyal)
    Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games)
    Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version: - )
    Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    CrystalDiskInfo 5.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.0.5 - Crystal Dew World)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.5.1 - oldsch00l)
    Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.104 - Alps Electric)
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: - NCH Software)
    Dropbox (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
    Express Burn (HKLM-x32\...\ExpressBurn) (Version: - NCH Software)
    Final Fantasy XIII-2 version 1.0.0 (HKLM-x32\...\Final Fantasy XIII-2_is1) (Version: 1.0.0 - Square Enix)
    foobar2000 v1.1.17 (HKLM-x32\...\foobar2000) (Version: 1.1.17 - Peter Pawlowski)
    Free Download Manager 3.8 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
    Freemake Video Converter version 4.1.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.0 - Ellora Assets Corporation)
    FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
    Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
    GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
    Glary Utilities 2.50.0.1632 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.50.0.1632 - Glarysoft Ltd)
    GnuCash 2.6.0 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team)
    Google Chrome (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
    HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
    iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
    Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
    Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
    Java SE Development Kit 7 Update 10 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170100}) (Version: 1.7.0.100 - Oracle)
    JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
    Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7252 - Memeo Inc.)
    Memeo Send (HKLM-x32\...\{81784157-3D4D-4bc1-B988-B24C32A26DA8}) (Version: - Memeo Inc.)
    Memeo Share (HKLM-x32\...\{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}) (Version: 3.1.0.3265 - Memeo Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
    MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.4 - Motorola Mobility)
    Motorola Device Software Update (x32 Version: 12.10.3002 - Motorola Mobility) Hidden
    MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
    Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
    Mozilla Firefox 10.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 en-US)) (Version: 10.0.2 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MyFreeCodec) (Version: - )
    Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.2 - )
    OpenWith (Enhanced) (HKLM-x32\...\OpenWith Enhanced) (Version: 1.0 - Greg Frieger)
    PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
    Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
    QuickBooks (x32 Version: 20.0.4005.807 - Intuit Inc.) Hidden
    QuickBooks Premier Edition 2010 (HKLM-x32\...\{0700E22B-A424-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4005.807 - Intuit Inc.)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.4 r1678 - )
    Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
    Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Scribus 1.4.1 (HKLM-x32\...\Scribus 1.4.1) (Version: 1.4.1 - The Scribus Team)
    Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
    Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
    Sidekick Outlook plugin (HKLM-x32\...\{EFC8C33C-110A-4C69-B66C-3D943E7180C8}) (Version: 1.1.7 - HubSpot, Inc.)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
    Spotify (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
    TagScanner 5.1.610 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
    TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
    TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    Torchlight (HKLM-x32\...\Runic Games Torchlight) (Version: 1.13 - Encore, Inc., A Navarre Corporation Company.)
    Torchlight II (c) Runic Games version 1 (HKLM-x32\...\Torchlight II (c) Runic Games_is1) (Version: 1 - )
    TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
    Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
    Ubuntu (HKLM-x32\...\Wubi) (Version: 12.10-rev273 - Ubuntu)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.10 - NCH Software)
    VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinX DVD Author 6.2 (HKLM-x32\...\WinX DVD Author_is1) (Version: - DigiartySoft, Inc.)
    WinX DVD Ripper Platinum 7.0.0 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}) (Version: 16.0.9661 - WinZip Computing, S.L. )
    XBMC (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\XBMC) (Version: - Team XBMC)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{11ACA4FC-1B4E-33F3-8AB9-38736DF54F00}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{201FA144-44F0-3659-98DD-3AB0D1BD024D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{397199AA-5DDB-3C82-98C7-FF1D8F70EE7A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{4624E5F2-C61C-3DCA-837F-87DB2A18E293}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{49533350-0FD2-3C2C-982D-3A2F99AC71F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{53FA69E3-F626-35EE-84DB-5B23B10EBCA8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{671704C9-6012-3C76-AB57-28736A0E7058}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{69DB8DD0-B42A-35CC-B8A0-65A54FEB671C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{770953D9-B32B-3E22-9D35-DF331703C76E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{7BF71DBB-1E3F-3A15-B278-335D041B090B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{898E9F16-A6FD-3B9F-845F-3808C6134FD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{9601F788-32E0-4513-998A-4C5346228657}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Sidekick\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{C8F22CFA-CA6F-3F54-B0ED-C58357B95E30}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{CA22F30E-4EE3-377D-B579-D43AB68BE34F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{D5B2A8D1-2BDC-33B9-B2D3-0E68E83CE3C4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{D8BBCF57-2598-32DA-A000-0E0CB7F12E33}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{DC5EDFBF-0E0A-3575-A981-07D3DCAF5EA2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{DCECC2BA-3324-33E7-A93C-F27F885A71EE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    17-02-2015 09:05:50 Windows Update
    20-02-2015 10:02:37 Windows Update
    23-02-2015 12:17:36 Windows Update
    26-02-2015 20:58:40 Windows Update
    02-03-2015 09:02:52 Windows Update
    05-03-2015 21:01:32 Windows Update
    09-03-2015 07:51:04 Windows Update
    12-03-2015 09:07:09 Windows Update
    12-03-2015 23:07:31 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-03-15 18:57 - 2012-11-03 13:32 - 00003250 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0E754FCB-C48D-4F4A-8397-A339C7800E2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-14] (Google Inc.)
    Task: {250F83A1-6B7C-4A03-8E76-483F5A801717} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2012-03-21] ()
    Task: {2AB16E1B-AA6C-4486-B383-414E1F489CBC} - System32\Tasks\{C0A729FB-2008-455C-B9E0-8E161A01FB6A} => pcalua.exe -a "C:\Users\Frank\Desktop\Games\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch\Sims3_1.0.632.00002_from_1.0.631.00002.exe" -d "C:\Users\Frank\Desktop\Games\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch"
    Task: {7165B29D-7115-4CE2-982A-6CA214161343} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
    Task: {7CCA0F5F-277B-4B39-9840-940C405AE9A0} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-14] ()
    Task: {7F2861B2-17CA-4A21-BF68-1D73EDFCFC2A} - System32\Tasks\Core Temp Autostart Frank => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
    Task: {978D4443-8E5B-4E2B-BDA6-23D19B229570} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {9AA28C42-A2ED-4B67-85C8-4460D171F79E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000Core => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
    Task: {AF01C5A8-6AC8-4375-9E99-5742BC845CB5} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
    Task: {C54A0DBC-997D-47B6-A8C4-B2844FD921E8} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
    Task: {CF1CDDB0-9CE2-476C-8014-4006B1631FCF} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
    Task: {D05217CF-56DA-4188-87AA-B0FD872017B9} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2012-03-21] ()
    Task: {D0B22E09-BCC6-4243-9359-B7ACC2A386AA} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-10-22] (Glarysoft Ltd)
    Task: {DA084D56-A4EF-4B8A-9360-3DAA737E5AE1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {E290AC15-CA4E-4A78-B4AF-C1BCC78A0523} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-14] (Google Inc.)
    Task: {FF7E39A4-03B7-4FF8-AB09-533750168A0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000UA => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
    Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000Core.job => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000UA.job => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-03-12 23:06 - 2015-03-12 23:06 - 142678528 __RSH () C:\ProgramData\nvxasync\cvxasync.exe
    2012-08-30 16:41 - 2012-01-25 14:59 - 00848336 _____ () C:\Program Files\Core Temp\Core Temp.exe
    2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-03-12 23:06 - 2015-03-12 23:06 - 142678528 __RSH () C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe
    2012-02-11 20:04 - 2011-10-26 18:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
    2012-02-11 20:04 - 2011-10-26 18:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
    2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
    2012-02-09 22:47 - 2012-02-09 22:47 - 00006144 _____ () C:\Users\Frank\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll
    2012-02-09 22:47 - 2012-02-09 22:47 - 00008704 _____ () C:\Users\Frank\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll
    2012-02-09 22:47 - 2012-02-09 22:47 - 00007680 _____ () C:\Users\Frank\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll
    2014-12-17 17:12 - 2014-04-04 12:26 - 00371712 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
    2014-12-17 17:12 - 2013-07-24 10:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
    2015-03-11 08:58 - 2015-03-07 02:12 - 01174856 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
    2015-03-11 08:58 - 2015-03-07 02:12 - 00080200 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\41.0.2272.89\libegl.dll
    2015-03-11 08:58 - 2015-03-07 02:13 - 09279304 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\41.0.2272.89\pdf.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-814339908-3232271935-3892857259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AllShare Framework DMS => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: DeviceMonitorService => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MemeoBackgroundService => 2
    MSCONFIG\Services: Motorola Device Manager => 2
    MSCONFIG\Services: PST Service => 2
    MSCONFIG\Services: QBCFMonitorService => 2
    MSCONFIG\Services: QBFCService => 3
    MSCONFIG\Services: Samsung Link Service => 2
    MSCONFIG\Services: SeagateDashboardService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: SplashtopRemoteService => 2
    MSCONFIG\Services: SSUService => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: SwitchBoard => 3
    MSCONFIG\Services: TeamViewer7 => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Seagate NA0ECN1Z Product Registration.lnk => C:\Windows\pss\Seagate NA0ECN1Z Product Registration.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: Bitcasa => C:\Program Files\Bitcasa\Bitcasa.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    MSCONFIG\startupreg: Google Update => "C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN365DXJV505KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    MSCONFIG\startupreg: Intuit SyncManager => c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Memeo AutoSync => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
    MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    MSCONFIG\startupreg: Memeo Send => C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
    MSCONFIG\startupreg: MotoCast => "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
    MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
    MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    MSCONFIG\startupreg: SkyDrive => "C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Frank\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
    MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    ==================== Accounts: =============================

    Administrator (S-1-5-21-814339908-3232271935-3892857259-500 - Administrator - Disabled)
    Frank (S-1-5-21-814339908-3232271935-3892857259-1000 - Administrator - Enabled) => C:\Users\Frank
    Guest (S-1-5-21-814339908-3232271935-3892857259-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-814339908-3232271935-3892857259-1002 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: HP LaserJet Professional P 1102w
    Description: HP LaserJet Professional P 1102w
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: Hewlett-Packard
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Officejet Pro 8600
    Description: Officejet Pro 8600
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Officejet Pro 8600
    Description: Officejet Pro 8600
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Officejet Pro 8600
    Description: Officejet Pro 8600
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Photosmart 5510 series
    Description: Photosmart 5510 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Canon MX860 ser Network
    Description: Canon MX860 ser Network
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Canon
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Officejet 4500 G510n-z
    Description: Officejet 4500 G510n-z
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: HP
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Officejet 4500 G510n-z
    Description: Officejet 4500 G510n-z
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Photosmart D110 series
    Description: Photosmart D110 series
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Officejet 7300 series
    Description: Officejet 7300 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Officejet 4500 G510g-m
    Description: Officejet 4500 G510g-m
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/13/2015 09:17:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/13/2015 09:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/13/2015 07:47:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program nvxasync.exe because of this error.

    Program: nvxasync.exe
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (03/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: nvxasync.exe, version: 0.0.0.0, time stamp: 0x54e0fc73
    Faulting module name: nvxasync.exe, version: 0.0.0.0, time stamp: 0x54e0fc73
    Exception code: 0xc0000096
    Fault offset: 0x08811060
    Faulting process id: 0x450
    Faulting application start time: 0xnvxasync.exe0
    Faulting application path: nvxasync.exe1
    Faulting module path: nvxasync.exe2
    Report Id: nvxasync.exe3

    Error: (03/13/2015 07:46:19 AM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program cvxasync.exe because of this error.

    Program: cvxasync.exe
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (03/13/2015 07:46:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cvxasync.exe, version: 0.0.0.0, time stamp: 0x54e0fc73
    Faulting module name: cvxasync.exe, version: 0.0.0.0, time stamp: 0x54e0fc73
    Exception code: 0xc0000096
    Fault offset: 0x08811060
    Faulting process id: 0x428
    Faulting application start time: 0xcvxasync.exe0
    Faulting application path: cvxasync.exe1
    Faulting module path: cvxasync.exe2
    Report Id: cvxasync.exe3

    Error: (03/12/2015 11:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/10/2015 08:33:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa
    Faulting module name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa
    Exception code: 0xc0000005
    Fault offset: 0x00018ac3
    Faulting process id: 0x104c
    Faulting application start time: 0xOUTLOOK.EXE0
    Faulting application path: OUTLOOK.EXE1
    Faulting module path: OUTLOOK.EXE2
    Report Id: OUTLOOK.EXE3

    Error: (03/09/2015 08:35:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (03/13/2015 09:16:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Dragon Service service failed to start due to the following error:
    %%2

    Error: (03/13/2015 09:14:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Server service terminated with the following error:
    %%13

    Error: (03/13/2015 09:14:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Computer Browser service terminated with the following error:
    %%1115

    Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:
    %%1069

    Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    %%1352

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IPsec Policy Agent service failed to start due to the following error:
    %%1069

    Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:
    %%1352

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IPsec Policy Agent service failed to start due to the following error:
    %%1069

    Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:
    %%1352

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IPsec Policy Agent service failed to start due to the following error:
    %%1069


    Microsoft Office Sessions:
    =========================
    Error: (03/13/2015 09:17:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/13/2015 09:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/13/2015 07:47:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1005) (User: )
    Description: nvxasync.exe000000000

    Error: (03/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: nvxasync.exe0.0.0.054e0fc73nvxasync.exe0.0.0.054e0fc73c00000960881106045001d05d83476751c6C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exeC:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe96c5b74f-c976-11e4-9a62-a1f53d33b18e

    Error: (03/13/2015 07:46:19 AM) (Source: Application Error) (EventID: 1005) (User: )
    Description: cvxasync.exe000000000

    Error: (03/13/2015 07:46:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cvxasync.exe0.0.0.054e0fc73cvxasync.exe0.0.0.054e0fc73c00000960881106042801d05d83406222d7C:\ProgramData\nvxasync\cvxasync.exeC:\ProgramData\nvxasync\cvxasync.exe901639ea-c976-11e4-9a62-a1f53d33b18e

    Error: (03/12/2015 11:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/10/2015 08:33:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: OUTLOOK.EXE14.0.4734.10004b58fdfaOUTLOOK.EXE14.0.4734.10004b58fdfac000000500018ac3104c01d05b92e60848e7C:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXEC:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXE332ec123-c786-11e4-8ce5-002219db6ca7

    Error: (03/09/2015 08:35:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
    Percentage of memory in use: 41%
    Total physical RAM: 4054.89 MB
    Available physical RAM: 2386.41 MB
    Total Pagefile: 8107.08 MB
    Available Pagefile: 5705.82 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:95.96 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A42546F1)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  3. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Hello Alucard321 and welcome to TSG.

    My name is Satchfan and I would be glad to help you with your computer problem.

    Please read the following guidelines which will help to make cleaning your machine easier:

    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

    IMPORTANT:

    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested

    I am looking at your logs now and will reply shortly.

    Satchfan
     
  4. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Whilst I’m looking at your logs, please run another scan for me.


    Run CKScanner

    Download CKScanner by askey127 from here & save it to your Desktop.

    • double-click CKScanner.exe then click Search For Files
    • when the cursor hourglass disappears, click Save List To File
    • a message box will verify the file saved
    • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

    Satchfan
     
  5. Alucard321

    Alucard321 Thread Starter

    Joined:
    Mar 13, 2015
    Messages:
    4
    Hi and thanks for your help.

    Downloaded and ran CKscanner, here is the ckfiles.log:

    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
    c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\serviceinfo.plist
    c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\url\crackle\servicecode.pys
    c:\users\frank\desktop\applications\aimersoft dvd creator 3.0.0.8 + crack [karanpc]\aimer-dvd-creator_setup.exe
    c:\users\frank\desktop\applications\aimersoft dvd creator 3.0.0.8 + crack [karanpc]\instruction.txt
    c:\users\frank\desktop\applications\aimersoft dvd creator 3.0.0.8 + crack [karanpc]\crack\crack.exe
    c:\users\frank\desktop\applications\aimersoft dvd creator 3.0.0.8 + crack [karanpc]\crack\karanpc.nfo
    c:\users\frank\desktop\applications\gtopala siw 2012.10.04 technician's version\keygen\arcade.nfo
    c:\users\frank\desktop\applications\gtopala siw 2012.10.04 technician's version\keygen\keygen.exe
    c:\users\frank\desktop\applications\gtopala siw 2012.10.04 technician's version\keygen\siw.lic
    c:\users\frank\desktop\applications\scrivener v1.7.2 + keygen-lz0- [mumbai-tpb]\readme.txt
    c:\users\frank\desktop\applications\scrivener v1.7.2 + keygen-lz0- [mumbai-tpb]\scrivener-installer.exe
    c:\users\frank\desktop\applications\scrivener v1.7.2 + keygen-lz0- [mumbai-tpb]\keygen by lz0\keygen.exe
    c:\users\frank\desktop\applications\scrivener v1.7.2 + keygen-lz0- [mumbai-tpb]\keygen by lz0\keygen.rar
    c:\users\frank\desktop\ebooks\torchlight.ii-reloaded\crack\steam_api.dll
    c:\users\frank\desktop\ebooks\torchlight.ii-reloaded\crack\steam_rld.ini
    c:\users\frank\desktop\ebooks\torchlight.ii-reloaded\crack\torchlight2.exe
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.data
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rdata
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.text
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.version
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\aok hd.exe
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\inf32dat
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\steam_api.dll
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\steam_api.ini
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\group_icon\appicon
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\1.ico
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\2.ico
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\3.ico
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\4.ico
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\5.ico
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\6.ico
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\manifest\1
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\rcdata\steam_guidd
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\rcdata\steam_minstance
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\rcdata\steam_split_guid
    c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\version\1
    c:\users\frank\documents\pat\ps# crack instructions.txt
    c:\users\frank\documents\pat\wii crack.txt
    c:\users\frank\downloads\applications\fire sheep crack\firesheep-0.1-1.xpi
    c:\users\frank\downloads\applications\hirens boot cd iso crack\hirens.bootcd.15.2.zip
    c:\users\frank\downloads\applications\iso ophcrack 3.4.0\ophcrack-vista-livecd-3.4.0.iso
    c:\users\frank\downloads\applications\reaver\reaver-1.4\src\cracker.c
    c:\users\frank\downloads\applications\reaver\reaver-1.4\src\cracker.h
    c:\users\frank\downloads\applications\reaver\reaver-1.4\src\wpscrack.c
    c:\users\frank\downloads\applications\reaver\reaver-1.4\src\wpscrack.h
    hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
    hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
    hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
    hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
    scanner sequence 3.ZZ.11.MUNAVZ
    ----- EOF -----

    Thanks again for all your help!
    Alucard321
     
  6. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Hi Alucard321

    You have a collection of illegal software on your system, which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

    This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it: continuing to help you could be viewed as supporting/condoning illegal software.

    Therefore, if you require further help I need you to uninstall all the illegal software that you have downloaded and installed. When you have done this, run CKScanner again and post a new log. If I don’t hear back from you in 24 hours this thread will be closed and no more help will be offered.

    Satchfan
     
  7. Alucard321

    Alucard321 Thread Starter

    Joined:
    Mar 13, 2015
    Messages:
    4
    Hi Satchfan,
    Sure, just let me know what's illegal, and I'll remove it. (I inherited this computer from a friend who's far more techie than I am)
    Thanks again,
    Alucard321
     
  8. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Your computer is "loaded" with illegal software.

    You say that you have inherited this in all innocence from a "friend", and I sympathise with you but I don’t know if your version of Windows will even be genuine.

    We are VERY busy here with helping genuine users and don’t help with those who “pirate” software.

    If want to continue, please run the following scan:


    • Please download MGADiag by clicking here and save it to your desktop.
    • double click the [​IMG] icon on your desktop.
    • push [​IMG]
    • push [​IMG]
    • go to Start -> Run and type in "Notepad"
    • go to Edit -> Paste in notepad.
    • "x" out all of the numbers and letters in the line beginning with "Windows Product Key:"
    • Copy and paste that log here.

    Satchfan
     
  9. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    It has been several days since I sent my last post.

    If I hear nothing within 24 hours I shall unsubscribe from this thread and you will have to post a new topic.

    Satchfan
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144738

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice