Help with browser hijack surfvox malware

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Alucard321

Thread Starter
Joined
Mar 13, 2015
Messages
4
Hi guys, I downloaded and accidentally ran a program that took over my browser & brought it to surfvox.com. I can't open my task manager or malwarebytes. In fact, a lot of attempts including msconfig won't open. I found this site on a google search from my cell, and downloaded rkill and Farbar recovery scan tool. I ran (as an administrator) Rkill. The DOS window popped open for a moment, and then ran the scan for Farbar. Below are the Rkill & FRST, logs. I also have additional log, but post was too long. Thanks in advance for any help!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4054 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1803 Mb
Hard Drives: C: Total - 476837 MB, Free - 97881 MB;
Motherboard: Dell Inc., 0P792H
Antivirus: Microsoft Security Essentials, Updated and Enabled

Rkill Log:
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/13/2015 09:31:47 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:





FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Frank (administrator) on FRANK-PC on 13-03-2015 21:33:15
Running from C:\Users\Frank\Desktop
Loaded Profiles: Frank (Available profiles: Frank)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\ProgramData\nvxasync\cvxasync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Core Temp\Core Temp.exe
() C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [271872 2008-04-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2001920 2014-04-04] (AimerSoft)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Run: [Google Update] => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-10] (Google Inc.)
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Run: [nvxasync] => C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe [142678528 2015-03-12] ()
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {0a91f398-0c2b-11e2-b0d7-002219db6ca7} - F:\setup.exe
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {0a91f3a8-0c2b-11e2-b0d7-002219db6ca7} - G:\INSTALL.EXE
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {3ffef42c-cc6d-11e1-9677-002219db6ca7} - E:\LaunchU3.exe
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {6aecfe5c-7114-11e4-ac3d-002219db6ca7} - G:\LaunchU3.exe -a
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {f20dbe7f-349e-11e2-a5ce-002219db6ca7} - E:\unlock.exe autoplay=true
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MountPoints2: {f20dbeb9-349e-11e2-a5ce-002219db6ca7} - E:\unlock.exe autoplay=true
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142678528 2015-03-12] () <==== ATTENTION
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-814339908-3232271935-3892857259-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
HKU\S-1-5-21-814339908-3232271935-3892857259-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-814339908-3232271935-3892857259-1000 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-814339908-3232271935-3892857259-1000 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-29] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-10-22] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2011-12-28] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-01] (Oracle Corporation)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2009-12-16] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\gsqb6iga.default
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2012-02-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-11-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-814339908-3232271935-3892857259-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Frank\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-814339908-3232271935-3892857259-1000: @talk.google.com/O1DPlugin -> C:\Users\Frank\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-814339908-3232271935-3892857259-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-814339908-3232271935-3892857259-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF user.js: detected! => C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\gsqb6iga.default\user.js [2015-03-12]
FF Plugin ProgramFiles/Appdata: C:\Users\Frank\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Frank\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\gsqb6iga.default\searchplugins\starter.xml [2015-03-12]
FF Extension: No Name - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\gsqb6iga.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.surfvox.com/
CHR StartupUrls: Default -> "hxxp://www.surfvox.com/"
CHR DefaultSearchKeyword: Default -> surfvox.com
CHR DefaultSearchURL: Default -> http://www.google.com/?cx=partner-pub-0900663996874144%3A6813731868&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.surfvox.com%2F&ref=&ss=
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
CHR Extension: (YouTube) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]
CHR Extension: (Google Search) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]
CHR Extension: (No Name) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
CHR HKU\S-1-5-21-814339908-3232271935-3892857259-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Frank\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-30]
CHR HKU\S-1-5-21-814339908-3232271935-3892857259-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
StartMenuInternet: Google Chrome - C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 QBCFMonitorService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2009-12-16] (Intuit) [File not signed]
S4 QBFCService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-10] (Duplex Secure Ltd.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R3 ALSysIO; \??\C:\Users\Frank\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 21:33 - 2015-03-13 21:34 - 00020339 _____ () C:\Users\Frank\Desktop\FRST.txt
2015-03-13 21:32 - 2015-03-13 21:33 - 00000000 ____D () C:\FRST
2015-03-13 21:27 - 2015-03-13 21:28 - 02095616 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2015-03-13 21:26 - 2015-03-13 21:31 - 00000948 _____ () C:\Users\Frank\Desktop\Rkill.txt
2015-03-13 21:26 - 2015-03-13 21:26 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill64.exe
2015-03-13 21:24 - 2015-03-13 21:25 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill.exe
2015-03-12 23:21 - 2015-03-13 21:16 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
2015-03-12 23:09 - 2015-03-12 23:10 - 00000000 ____D () C:\abe0b10a950915435c2cf79c
2015-03-12 23:06 - 2015-03-12 23:22 - 00000000 _RSHD () C:\Users\Frank\AppData\Roaming\nvxasync
2015-03-12 23:06 - 2015-03-12 23:06 - 00000000 _RSHD () C:\ProgramData\nvxasync
2015-03-12 14:24 - 2015-03-12 14:25 - 00000000 ____D () C:\Users\Frank\.freemind
2015-03-10 20:52 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:52 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 20:52 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 20:52 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 20:52 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 20:52 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 20:52 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 20:52 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 20:52 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 20:52 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 20:52 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 20:52 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 20:52 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 20:52 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 20:52 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 20:52 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 20:52 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 20:52 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 20:52 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 20:52 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 20:52 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 20:52 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 20:52 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 20:52 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 20:52 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 20:52 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 20:52 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 20:52 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 20:52 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 20:52 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 20:52 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 20:52 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 20:52 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 20:52 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 20:52 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 20:52 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 20:52 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 20:52 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 20:52 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 20:52 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 20:52 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 20:52 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 20:52 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 20:52 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 20:52 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 20:52 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 20:52 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 20:52 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 20:52 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 20:52 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 20:52 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 20:52 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 20:52 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 20:52 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 20:52 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 20:52 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 20:52 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 20:52 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:52 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 20:52 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:52 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 20:52 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:52 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-09 07:51 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-09 07:51 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-03 20:57 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 20:57 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 20:57 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 20:57 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-20 11:41 - 2015-02-20 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2015-02-20 11:41 - 2015-02-20 11:41 - 00000000 ____D () C:\Program Files (x86)\SqliteBrowser3
2015-02-13 19:29 - 2015-02-27 11:04 - 00000000 ____D () C:\Users\Frank\Documents\Health Insurance
2015-02-13 10:22 - 2014-10-17 22:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-13 10:22 - 2014-10-17 21:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-13 10:22 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-13 10:22 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-13 10:22 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-13 10:22 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-13 10:22 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-13 10:22 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-13 10:22 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-13 10:22 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-13 09:57 - 2015-01-15 04:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-13 09:57 - 2015-01-15 04:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-13 09:57 - 2015-01-15 04:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-13 09:57 - 2015-01-15 04:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-13 09:57 - 2015-01-15 04:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-13 09:57 - 2015-01-15 04:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-13 09:57 - 2015-01-15 04:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-13 09:57 - 2015-01-15 04:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-13 09:57 - 2015-01-15 04:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-13 09:57 - 2015-01-15 04:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-13 09:57 - 2015-01-15 04:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-13 09:57 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-13 09:57 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-13 09:57 - 2015-01-15 03:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-13 09:57 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-13 09:57 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-13 09:57 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-13 09:57 - 2015-01-15 00:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-13 09:57 - 2015-01-10 02:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-13 09:57 - 2015-01-10 02:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-13 09:57 - 2015-01-10 02:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-13 09:57 - 2015-01-10 02:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-13 09:57 - 2015-01-10 02:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-13 09:57 - 2015-01-10 02:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-13 09:57 - 2015-01-10 02:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-13 09:57 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-13 09:57 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-13 09:57 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-13 09:57 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-13 09:57 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-13 09:57 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-13 09:57 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-13 09:57 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 09:57 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 09:57 - 2014-11-10 21:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-13 09:57 - 2014-11-07 23:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-13 09:57 - 2014-11-07 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-13 09:57 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-13 09:57 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-13 09:56 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-13 09:56 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-13 09:56 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-13 09:56 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-13 09:56 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-13 09:56 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-13 09:56 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-13 09:56 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-13 09:56 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-13 09:56 - 2014-12-12 01:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-13 09:56 - 2014-12-12 01:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-13 09:56 - 2014-12-11 13:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-13 09:56 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-13 09:56 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-13 09:56 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-13 09:56 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 09:56 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-13 09:56 - 2014-10-03 22:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-13 09:56 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-13 09:56 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-13 09:56 - 2014-10-02 22:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-13 09:56 - 2014-10-02 22:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-13 09:56 - 2014-10-02 22:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-13 09:56 - 2014-10-02 22:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-13 09:56 - 2014-10-02 22:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-13 09:56 - 2014-10-02 21:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-13 09:56 - 2014-10-02 21:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-13 09:56 - 2014-10-02 21:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-13 09:56 - 2014-10-02 21:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-13 09:56 - 2014-10-02 21:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-13 09:56 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-13 09:56 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-13 09:56 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-13 09:56 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 20:33 - 2015-02-12 20:37 - 00000000 ____D () C:\Users\Frank\Desktop\S3
2015-02-12 19:57 - 2015-02-12 19:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-02-12 19:48 - 2015-02-12 19:48 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-02-12 19:47 - 2015-02-12 19:47 - 00000000 ____D () C:\Users\Frank\Documents\samsung
2015-02-12 19:46 - 2014-10-13 01:57 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2015-02-12 19:46 - 2014-10-13 01:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-02-12 19:46 - 2014-10-13 01:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-02-12 19:45 - 2015-02-12 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-02-12 19:45 - 2015-02-12 19:45 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2015-02-12 19:44 - 2013-12-30 11:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2015-02-12 19:44 - 2013-12-30 11:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-02-12 19:42 - 2015-02-12 20:03 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-12 19:41 - 2015-02-12 19:41 - 00000000 ____D () C:\Users\Frank\AppData\Local\Downloaded Installations
2015-02-12 14:41 - 2015-02-12 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 21:27 - 2012-02-09 22:34 - 01562027 _____ () C:\Windows\WindowsUpdate.log
2015-03-13 21:24 - 2009-07-14 00:45 - 00028336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-13 21:24 - 2009-07-14 00:45 - 00028336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-13 21:23 - 2009-07-14 01:13 - 00787402 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 21:16 - 2015-01-10 20:44 - 00005330 _____ () C:\Windows\setupact.log
2015-03-13 21:16 - 2013-08-14 11:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-13 21:16 - 2012-11-27 14:51 - 00000324 _____ () C:\Windows\Tasks\GlaryInitialize.job
2015-03-13 21:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-13 21:13 - 2015-01-10 20:43 - 00094150 _____ () C:\Windows\PFRO.log
2015-03-13 20:53 - 2012-02-09 22:52 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\vlc
2015-03-13 07:24 - 2013-08-14 11:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-13 07:24 - 2012-02-09 19:42 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000UA.job
2015-03-12 23:19 - 2009-07-14 00:45 - 04978392 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 23:10 - 2013-07-13 09:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 23:10 - 2012-02-10 10:41 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 23:04 - 2012-02-10 00:16 - 00000000 ____D () C:\Users\Frank\Desktop\Movies
2015-03-12 22:45 - 2012-02-09 22:58 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\uTorrent
2015-03-12 21:43 - 2012-02-23 23:38 - 00000000 ____D () C:\Users\Frank\Documents\Outlook Files
2015-03-12 21:41 - 2015-01-13 18:52 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\sidekick
2015-03-12 20:55 - 2012-02-09 19:42 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000Core.job
2015-03-12 15:49 - 2014-12-12 18:10 - 00000000 ____D () C:\Users\Frank\Documents\Ronnie
2015-03-12 15:48 - 2013-12-01 07:37 - 00000000 ____D () C:\Users\Frank\Documents\Reddit_Add-In-master
2015-03-12 14:24 - 2012-02-09 22:34 - 00000000 ____D () C:\Users\Frank
2015-03-12 14:22 - 2014-06-03 10:12 - 00000000 ____D () C:\Users\Frank\Documents\WDC
2015-03-09 20:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 23:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-27 18:37 - 2012-03-26 21:42 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-02-27 09:32 - 2012-02-09 22:04 - 00000000 ____D () C:\Users\Frank\Downloads\Applications
2015-02-20 11:41 - 2012-11-03 13:44 - 00000000 ____D () C:\Users\Frank\Desktop\Applications
2015-02-14 23:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 22:11 - 2012-02-12 22:17 - 00000000 ____D () C:\Users\Frank\Desktop\Games
2015-02-13 21:28 - 2012-02-17 10:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-13 10:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-13 10:24 - 2012-02-23 23:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 10:20 - 2012-02-09 22:06 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-13 10:20 - 2012-02-09 22:05 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-13 10:19 - 2012-04-29 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-13 10:19 - 2012-02-09 22:05 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 22:21 - 2014-01-01 11:52 - 00000000 ____D () C:\Users\Frank\Documents\Galaxy Backup
2015-02-12 20:03 - 2014-03-13 09:05 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\SAMSUNG
2015-02-12 20:03 - 2014-02-22 11:49 - 00000000 ____D () C:\Users\Frank\AppData\Local\SAMSUNG
2015-02-12 20:03 - 2014-02-22 11:49 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-02-12 20:03 - 2014-02-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-12 20:03 - 2012-08-04 20:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-12 12:41 - 2013-10-27 20:45 - 00000000 ____D () C:\Users\Frank\Documents\Pat
2015-02-11 14:36 - 2012-02-09 23:30 - 00000000 ____D () C:\Users\Frank\Documents\09 Taxes

==================== Files in the root of some directories =======

2014-03-02 00:34 - 2014-03-02 00:34 - 0003966 _____ () C:\Users\Frank\AppData\Local\recently-used.xbel
2012-08-07 19:03 - 2012-09-19 09:13 - 0007655 _____ () C:\Users\Frank\AppData\Local\Resmon.ResmonCfg
2013-10-31 09:17 - 2013-10-31 09:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-03-01 15:18 - 2012-03-01 15:52 - 0000341 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\SRLDetectionLibrary8867250137535785846.dll
C:\Users\Frank\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 23:01

==================== End Of Log ============================



Again, thanks in advance for any help! Please let me know if you need any more info from me.
Sincerely,
Alucard321
 

Alucard321

Thread Starter
Joined
Mar 13, 2015
Messages
4
Hi, here is the addition log as well:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Frank at 2015-03-13 21:35:10
Running from C:\Users\Frank\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Illustrator CS5.1 (HKLM-x32\...\{23767F5D-A80C-4264-B8EA-ED4085FC332A}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.2 64-bit (HKLM\...\{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}) (Version: 4.2.1 - Adobe)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version: - )
Aimersoft DVD Creator(Build 3.0.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Bitcasa version 0.9.14.1692 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.14.1692 - Bitcasa Inc.)
Blender (HKLM\...\Blender) (Version: 2.64a-release - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{CF3C170B-D713-4089-84FE-63285B424B95}) (Version: 0.9.0 - Kovid Goyal)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games)
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version: - )
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CrystalDiskInfo 5.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.0.5 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.5.1 - oldsch00l)
Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.104 - Alps Electric)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: - NCH Software)
Dropbox (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: - NCH Software)
Final Fantasy XIII-2 version 1.0.0 (HKLM-x32\...\Final Fantasy XIII-2_is1) (Version: 1.0.0 - Square Enix)
foobar2000 v1.1.17 (HKLM-x32\...\foobar2000) (Version: 1.1.17 - Peter Pawlowski)
Free Download Manager 3.8 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Freemake Video Converter version 4.1.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.0 - Ellora Assets Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Glary Utilities 2.50.0.1632 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.50.0.1632 - Glarysoft Ltd)
GnuCash 2.6.0 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team)
Google Chrome (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java SE Development Kit 7 Update 10 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170100}) (Version: 1.7.0.100 - Oracle)
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7252 - Memeo Inc.)
Memeo Send (HKLM-x32\...\{81784157-3D4D-4bc1-B988-B24C32A26DA8}) (Version: - Memeo Inc.)
Memeo Share (HKLM-x32\...\{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}) (Version: 3.1.0.3265 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 12.10.3002 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Mozilla Firefox 10.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 en-US)) (Version: 10.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\MyFreeCodec) (Version: - )
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.2 - )
OpenWith (Enhanced) (HKLM-x32\...\OpenWith Enhanced) (Version: 1.0 - Greg Frieger)
PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
QuickBooks (x32 Version: 20.0.4005.807 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2010 (HKLM-x32\...\{0700E22B-A424-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4005.807 - Intuit Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.4 r1678 - )
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scribus 1.4.1 (HKLM-x32\...\Scribus 1.4.1) (Version: 1.4.1 - The Scribus Team)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
Sidekick Outlook plugin (HKLM-x32\...\{EFC8C33C-110A-4C69-B66C-3D943E7180C8}) (Version: 1.1.7 - HubSpot, Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
Spotify (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
TagScanner 5.1.610 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (HKLM-x32\...\Runic Games Torchlight) (Version: 1.13 - Encore, Inc., A Navarre Corporation Company.)
Torchlight II (c) Runic Games version 1 (HKLM-x32\...\Torchlight II (c) Runic Games_is1) (Version: 1 - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.10-rev273 - Ubuntu)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.10 - NCH Software)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinX DVD Author 6.2 (HKLM-x32\...\WinX DVD Author_is1) (Version: - DigiartySoft, Inc.)
WinX DVD Ripper Platinum 7.0.0 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}) (Version: 16.0.9661 - WinZip Computing, S.L. )
XBMC (HKU\S-1-5-21-814339908-3232271935-3892857259-1000\...\XBMC) (Version: - Team XBMC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{11ACA4FC-1B4E-33F3-8AB9-38736DF54F00}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{201FA144-44F0-3659-98DD-3AB0D1BD024D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{397199AA-5DDB-3C82-98C7-FF1D8F70EE7A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{4624E5F2-C61C-3DCA-837F-87DB2A18E293}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{49533350-0FD2-3C2C-982D-3A2F99AC71F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{53FA69E3-F626-35EE-84DB-5B23B10EBCA8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{671704C9-6012-3C76-AB57-28736A0E7058}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{69DB8DD0-B42A-35CC-B8A0-65A54FEB671C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{770953D9-B32B-3E22-9D35-DF331703C76E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{7BF71DBB-1E3F-3A15-B278-335D041B090B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{898E9F16-A6FD-3B9F-845F-3808C6134FD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{9601F788-32E0-4513-998A-4C5346228657}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Sidekick\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{C8F22CFA-CA6F-3F54-B0ED-C58357B95E30}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{CA22F30E-4EE3-377D-B579-D43AB68BE34F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{D5B2A8D1-2BDC-33B9-B2D3-0E68E83CE3C4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{D8BBCF57-2598-32DA-A000-0E0CB7F12E33}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{DC5EDFBF-0E0A-3575-A981-07D3DCAF5EA2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{DCECC2BA-3324-33E7-A93C-F27F885A71EE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-814339908-3232271935-3892857259-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

17-02-2015 09:05:50 Windows Update
20-02-2015 10:02:37 Windows Update
23-02-2015 12:17:36 Windows Update
26-02-2015 20:58:40 Windows Update
02-03-2015 09:02:52 Windows Update
05-03-2015 21:01:32 Windows Update
09-03-2015 07:51:04 Windows Update
12-03-2015 09:07:09 Windows Update
12-03-2015 23:07:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-03-15 18:57 - 2012-11-03 13:32 - 00003250 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E754FCB-C48D-4F4A-8397-A339C7800E2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-14] (Google Inc.)
Task: {250F83A1-6B7C-4A03-8E76-483F5A801717} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2012-03-21] ()
Task: {2AB16E1B-AA6C-4486-B383-414E1F489CBC} - System32\Tasks\{C0A729FB-2008-455C-B9E0-8E161A01FB6A} => pcalua.exe -a "C:\Users\Frank\Desktop\Games\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch\Sims3_1.0.632.00002_from_1.0.631.00002.exe" -d "C:\Users\Frank\Desktop\Games\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch"
Task: {7165B29D-7115-4CE2-982A-6CA214161343} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
Task: {7CCA0F5F-277B-4B39-9840-940C405AE9A0} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-14] ()
Task: {7F2861B2-17CA-4A21-BF68-1D73EDFCFC2A} - System32\Tasks\Core Temp Autostart Frank => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {978D4443-8E5B-4E2B-BDA6-23D19B229570} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {9AA28C42-A2ED-4B67-85C8-4460D171F79E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000Core => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
Task: {AF01C5A8-6AC8-4375-9E99-5742BC845CB5} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {C54A0DBC-997D-47B6-A8C4-B2844FD921E8} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
Task: {CF1CDDB0-9CE2-476C-8014-4006B1631FCF} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
Task: {D05217CF-56DA-4188-87AA-B0FD872017B9} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2012-03-21] ()
Task: {D0B22E09-BCC6-4243-9359-B7ACC2A386AA} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-10-22] (Glarysoft Ltd)
Task: {DA084D56-A4EF-4B8A-9360-3DAA737E5AE1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E290AC15-CA4E-4A78-B4AF-C1BCC78A0523} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-14] (Google Inc.)
Task: {FF7E39A4-03B7-4FF8-AB09-533750168A0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000UA => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000Core.job => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814339908-3232271935-3892857259-1000UA.job => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-12 23:06 - 2015-03-12 23:06 - 142678528 __RSH () C:\ProgramData\nvxasync\cvxasync.exe
2012-08-30 16:41 - 2012-01-25 14:59 - 00848336 _____ () C:\Program Files\Core Temp\Core Temp.exe
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-12 23:06 - 2015-03-12 23:06 - 142678528 __RSH () C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe
2012-02-11 20:04 - 2011-10-26 18:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2012-02-11 20:04 - 2011-10-26 18:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-02-09 22:47 - 2012-02-09 22:47 - 00006144 _____ () C:\Users\Frank\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll
2012-02-09 22:47 - 2012-02-09 22:47 - 00008704 _____ () C:\Users\Frank\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll
2012-02-09 22:47 - 2012-02-09 22:47 - 00007680 _____ () C:\Users\Frank\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll
2014-12-17 17:12 - 2014-04-04 12:26 - 00371712 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2014-12-17 17:12 - 2013-07-24 10:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2015-03-11 08:58 - 2015-03-07 02:12 - 01174856 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-11 08:58 - 2015-03-07 02:12 - 00080200 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-11 08:58 - 2015-03-07 02:13 - 09279304 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\41.0.2272.89\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-814339908-3232271935-3892857259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AllShare Framework DMS => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DeviceMonitorService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MemeoBackgroundService => 2
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: Samsung Link Service => 2
MSCONFIG\Services: SeagateDashboardService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SplashtopRemoteService => 2
MSCONFIG\Services: SSUService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Seagate NA0ECN1Z Product Registration.lnk => C:\Windows\pss\Seagate NA0ECN1Z Product Registration.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bitcasa => C:\Program Files\Bitcasa\Bitcasa.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN365DXJV505KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
MSCONFIG\startupreg: Intuit SyncManager => c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Memeo AutoSync => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: Memeo Send => C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
MSCONFIG\startupreg: MotoCast => "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SkyDrive => "C:\Users\Frank\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Frank\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Accounts: =============================

Administrator (S-1-5-21-814339908-3232271935-3892857259-500 - Administrator - Disabled)
Frank (S-1-5-21-814339908-3232271935-3892857259-1000 - Administrator - Enabled) => C:\Users\Frank
Guest (S-1-5-21-814339908-3232271935-3892857259-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-814339908-3232271935-3892857259-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: HP LaserJet Professional P 1102w
Description: HP LaserJet Professional P 1102w
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart 5510 series
Description: Photosmart 5510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet 7300 series
Description: Officejet 7300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510g-m
Description: Officejet 4500 G510g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2015 09:17:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 09:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 07:47:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program nvxasync.exe because of this error.

Program: nvxasync.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxasync.exe, version: 0.0.0.0, time stamp: 0x54e0fc73
Faulting module name: nvxasync.exe, version: 0.0.0.0, time stamp: 0x54e0fc73
Exception code: 0xc0000096
Fault offset: 0x08811060
Faulting process id: 0x450
Faulting application start time: 0xnvxasync.exe0
Faulting application path: nvxasync.exe1
Faulting module path: nvxasync.exe2
Report Id: nvxasync.exe3

Error: (03/13/2015 07:46:19 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program cvxasync.exe because of this error.

Program: cvxasync.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/13/2015 07:46:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cvxasync.exe, version: 0.0.0.0, time stamp: 0x54e0fc73
Faulting module name: cvxasync.exe, version: 0.0.0.0, time stamp: 0x54e0fc73
Exception code: 0xc0000096
Fault offset: 0x08811060
Faulting process id: 0x428
Faulting application start time: 0xcvxasync.exe0
Faulting application path: cvxasync.exe1
Faulting module path: cvxasync.exe2
Report Id: cvxasync.exe3

Error: (03/12/2015 11:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 08:33:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa
Faulting module name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa
Exception code: 0xc0000005
Fault offset: 0x00018ac3
Faulting process id: 0x104c
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (03/09/2015 08:35:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/13/2015 09:16:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dragon Service service failed to start due to the following error:
%%2

Error: (03/13/2015 09:14:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
%%13

Error: (03/13/2015 09:14:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1115

Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:
%%1069

Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error:
%%1069

Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error:
%%1069

Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/13/2015 09:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error:
%%1069


Microsoft Office Sessions:
=========================
Error: (03/13/2015 09:17:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 09:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 07:47:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: nvxasync.exe000000000

Error: (03/13/2015 07:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvxasync.exe0.0.0.054e0fc73nvxasync.exe0.0.0.054e0fc73c00000960881106045001d05d83476751c6C:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exeC:\Users\Frank\AppData\Roaming\nvxasync\nvxasync.exe96c5b74f-c976-11e4-9a62-a1f53d33b18e

Error: (03/13/2015 07:46:19 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: cvxasync.exe000000000

Error: (03/13/2015 07:46:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cvxasync.exe0.0.0.054e0fc73cvxasync.exe0.0.0.054e0fc73c00000960881106042801d05d83406222d7C:\ProgramData\nvxasync\cvxasync.exeC:\ProgramData\nvxasync\cvxasync.exe901639ea-c976-11e4-9a62-a1f53d33b18e

Error: (03/12/2015 11:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 08:33:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE14.0.4734.10004b58fdfaOUTLOOK.EXE14.0.4734.10004b58fdfac000000500018ac3104c01d05b92e60848e7C:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXEC:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXE332ec123-c786-11e4-8ce5-002219db6ca7

Error: (03/09/2015 08:35:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 4054.89 MB
Available physical RAM: 2386.41 MB
Total Pagefile: 8107.08 MB
Available Pagefile: 5705.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:95.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A42546F1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
Hello Alucard321 and welcome to TSG.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply shortly.

Satchfan
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
Whilst I’m looking at your logs, please run another scan for me.


Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Satchfan
 

Alucard321

Thread Starter
Joined
Mar 13, 2015
Messages
4
Hi and thanks for your help.

Downloaded and ran CKscanner, here is the ckfiles.log:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\serviceinfo.plist
c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\url\crackle\servicecode.pys
c:\users\frank\desktop\applications\aimersoft dvd creator 3.0.0.8 + crack [karanpc]\aimer-dvd-creator_setup.exe
c:\users\frank\desktop\applications\aimersoft dvd creator 3.0.0.8 + crack [karanpc]\instruction.txt
c:\users\frank\desktop\applications\aimersoft dvd creator 3.0.0.8 + crack [karanpc]\crack\crack.exe
c:\users\frank\desktop\applications\aimersoft dvd creator 3.0.0.8 + crack [karanpc]\crack\karanpc.nfo
c:\users\frank\desktop\applications\gtopala siw 2012.10.04 technician's version\keygen\arcade.nfo
c:\users\frank\desktop\applications\gtopala siw 2012.10.04 technician's version\keygen\keygen.exe
c:\users\frank\desktop\applications\gtopala siw 2012.10.04 technician's version\keygen\siw.lic
c:\users\frank\desktop\applications\scrivener v1.7.2 + keygen-lz0- [mumbai-tpb]\readme.txt
c:\users\frank\desktop\applications\scrivener v1.7.2 + keygen-lz0- [mumbai-tpb]\scrivener-installer.exe
c:\users\frank\desktop\applications\scrivener v1.7.2 + keygen-lz0- [mumbai-tpb]\keygen by lz0\keygen.exe
c:\users\frank\desktop\applications\scrivener v1.7.2 + keygen-lz0- [mumbai-tpb]\keygen by lz0\keygen.rar
c:\users\frank\desktop\ebooks\torchlight.ii-reloaded\crack\steam_api.dll
c:\users\frank\desktop\ebooks\torchlight.ii-reloaded\crack\steam_rld.ini
c:\users\frank\desktop\ebooks\torchlight.ii-reloaded\crack\torchlight2.exe
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.data
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rdata
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.text
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.version
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\aok hd.exe
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\inf32dat
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\steam_api.dll
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\steam_api.ini
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\group_icon\appicon
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\1.ico
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\2.ico
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\3.ico
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\4.ico
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\5.ico
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\icon\6.ico
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\manifest\1
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\rcdata\steam_guidd
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\rcdata\steam_minstance
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\rcdata\steam_split_guid
c:\users\frank\desktop\games\age.of.empires.ii.hd-reloaded\crack\.rsrc\version\1
c:\users\frank\documents\pat\ps# crack instructions.txt
c:\users\frank\documents\pat\wii crack.txt
c:\users\frank\downloads\applications\fire sheep crack\firesheep-0.1-1.xpi
c:\users\frank\downloads\applications\hirens boot cd iso crack\hirens.bootcd.15.2.zip
c:\users\frank\downloads\applications\iso ophcrack 3.4.0\ophcrack-vista-livecd-3.4.0.iso
c:\users\frank\downloads\applications\reaver\reaver-1.4\src\cracker.c
c:\users\frank\downloads\applications\reaver\reaver-1.4\src\cracker.h
c:\users\frank\downloads\applications\reaver\reaver-1.4\src\wpscrack.c
c:\users\frank\downloads\applications\reaver\reaver-1.4\src\wpscrack.h
hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
scanner sequence 3.ZZ.11.MUNAVZ
----- EOF -----

Thanks again for all your help!
Alucard321
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
Hi Alucard321

You have a collection of illegal software on your system, which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it: continuing to help you could be viewed as supporting/condoning illegal software.

Therefore, if you require further help I need you to uninstall all the illegal software that you have downloaded and installed. When you have done this, run CKScanner again and post a new log. If I don’t hear back from you in 24 hours this thread will be closed and no more help will be offered.

Satchfan
 

Alucard321

Thread Starter
Joined
Mar 13, 2015
Messages
4
Hi Satchfan,
Sure, just let me know what's illegal, and I'll remove it. (I inherited this computer from a friend who's far more techie than I am)
Thanks again,
Alucard321
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
Your computer is "loaded" with illegal software.

You say that you have inherited this in all innocence from a "friend", and I sympathise with you but I don’t know if your version of Windows will even be genuine.

We are VERY busy here with helping genuine users and don’t help with those who “pirate” software.

If want to continue, please run the following scan:


  • Please download MGADiag by clicking here and save it to your desktop.
  • double click the
    icon on your desktop.
  • push
  • push
  • go to Start -> Run and type in "Notepad"
  • go to Edit -> Paste in notepad.
  • "x" out all of the numbers and letters in the line beginning with "Windows Product Key:"
  • Copy and paste that log here.

Satchfan
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
It has been several days since I sent my last post.

If I hear nothing within 24 hours I shall unsubscribe from this thread and you will have to post a new topic.

Satchfan
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top