1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mozilla Firefox Adds

Discussion in 'Virus & Other Malware Removal' started by z0rkny, Apr 16, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. z0rkny

    z0rkny Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    79
    It seems as if I've gone and caught a virus. Mozilla Firefox keeps on popping up annoying adds. Malware Antibytes isn't killing it, and I cannot seem to make sense of the HJT Log to identify what it is. I am no expert, but not a novice either when it comes to these things. Enclosed please find my system info and the hijackthis log:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: AMD FX(tm)-6100 Six-Core Processor, AMD64 Family 21 Model 1 Stepping 2
    Processor Count: 6
    RAM: 16365 Mb
    Graphics Card: AMD Radeon HD 7700 Series, 1024 Mb
    Hard Drives: C: Total - 114370 MB, Free - 22544 MB; E: Total - 476936 MB, Free - 261221 MB;
    Motherboard: Gigabyte Technology Co., Ltd., GA-970A-UD3
    Antivirus: Symantec Endpoint Protection, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:35:37 PM, on 4/16/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17728)
    Boot mode: Normal

    Running processes:
    C:\Windows\vsnp2uvc.exe
    E:\Program Files\HTC Sync Manager\HTC Sync\adb.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    E:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    E:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    C:\Users\Dan\AppData\Roaming\Spotify\SpotifyCrashService.exe
    C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe
    C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe
    C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
    E:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "E:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [updateMgr] "E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
    O4 - HKCU\..\Run: [PeerBlock] E:\Program Files\PeerBlock\peerblock.exe
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_31FA44FE943CF384B13C12A03C90A9AD] "C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    O4 - Startup: Dropbox.lnk = Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {A16CE6E3-6BA2-4CD6-8AFA-135D06BCB8BE} (kCura.EDDS.WebClientManager.WebClientManager) - https://relativity.omega-caci.com/Relativity/ActiveX/webclientmanager.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://safe.ftc.gov/dana-cached/sc/JuniperSetupClient.cab
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - E:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - E:\Program Files\BitComet\tools\BitCometService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HTCMonitorService - Nero AG - E:\Program Files\HTC Sync Manager\HSMServiceEntry.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - E:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\ASUS\USB-N53 Utility\RaRegistry.exe
    O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\ASUS\USB-N53 Utility\RaRegistry64.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
    O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Windows Activation Technologies Service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 18368 bytes
     
  2. z0rkny

    z0rkny Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    79
    Bumping this back up. I originally solved the mozilla issue, but I am not having some root issues and the box is very slow to start up. I went from taking about 90 seconds to 12 minutes for start up. Not sure if its a root error or a hardware error. I am reposting a fresh HJT and SYSlog.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: AMD FX(tm)-6100 Six-Core Processor, AMD64 Family 21 Model 1 Stepping 2
    Processor Count: 6
    RAM: 16365 Mb
    Graphics Card: AMD Radeon HD 7700 Series, 1024 Mb
    Hard Drives: C: Total - 114370 MB, Free - 18162 MB; E: Total - 476936 MB, Free - 260063 MB;
    Motherboard: Gigabyte Technology Co., Ltd., GA-970A-UD3
    Antivirus: Symantec Endpoint Protection, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:35:22 AM, on 5/11/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17728)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    C:\Windows\vsnp2uvc.exe
    E:\Program Files\HTC Sync Manager\HTC Sync\adb.exe
    C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    E:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    E:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe
    C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    E:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "E:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
    O4 - HKCU\..\Run: [updateMgr] "E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
    O4 - HKCU\..\Run: [PeerBlock] E:\Program Files\PeerBlock\peerblock.exe
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    O4 - Startup: Dropbox.lnk = Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {A16CE6E3-6BA2-4CD6-8AFA-135D06BCB8BE} (kCura.EDDS.WebClientManager.WebClientManager) - https://relativity.omega-caci.com/Relativity/ActiveX/webclientmanager.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://safe.ftc.gov/dana-cached/sc/JuniperSetupClient.cab
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - E:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - E:\Program Files\BitComet\tools\BitCometService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HTCMonitorService - Nero AG - E:\Program Files\HTC Sync Manager\HSMServiceEntry.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - E:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\ASUS\USB-N53 Utility\RaRegistry.exe
    O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\ASUS\USB-N53 Utility\RaRegistry64.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
    O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Windows Activation Technologies Service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 17179 bytes
     
  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi z0rkny,
    HijackThis is not very good with 64 bit systems.
    Let's see what's on there.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  4. z0rkny

    z0rkny Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    79
    As requested, I have attached the two logs
     

    Attached Files:

  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    z0rkny,
    Symantec Endpoint is not designed to be installed or maintained in home computers
    It's for Corporate use with contract maintenance. The license doesn't belong to you.
    I will not help with whatever difficulty you may have with either Endpoint or the Adobe programs.
    -----------------------------------------------
    It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Bittorrent, BitComet, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
    There are NO Safe ones.
    Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
    Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    BitComet
    Coupon Printer for Windows
    Idle Crawler
    Java 7 Update 51
    PassShow

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ---------------------------------------------
    Run CKScanner
    Download CKScanner from HERE
    Important - Save it to your desktop.
    Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
    After a couple minutes or less, when some text appears in the box, click Save List To File.
    A message box will verify the file saved. It is important that you run the program just once..
    Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    So we are looking for the CKScanner log, and the Fix log from FRST.
    Just paste the contents. Don't attach unless logs are too large to post.

    askey127
     

    Attached Files:

  6. z0rkny

    z0rkny Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    79
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
    Ran by Dan at 2015-05-12 09:03:10 Run:2
    Running from C:\Users\Dan\Desktop
    Loaded Profiles: Dan (Available profiles: Dan)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-533264183-1890375580-901914935-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Dan\AppData\Roaming\lection\gendaqof.dll No File <==== ATTENTION
    Task: {13E03EEE-E659-46CA-B77B-300A5FA9B844} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E7484A1D-E626-4DCB-9CDC-813A33BD9D73}.exe
    Task: {3AAF0A44-64DF-4009-B832-5E1F4490313F} - \Runner for IC No Task File <==== ATTENTION
    Task: {40BC3D6C-4843-4E82-84DC-CE773F021A36} - \gtaUpt No Task File <==== ATTENTION
    Task: {BDA20C7A-12EE-4BF6-9FF4-27EE586C22CF} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
    Task: {C0B35D6E-65DB-40D7-B9CE-125BBB82A378} - \CloudHIDEAWAY No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E7484A1D-E626-4DCB-9CDC-813A33BD9D73}.exe <==== ATTENTION
    Task: {EB366280-3F6B-470D-9D12-917A00ACA355} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => %LOCALAPPDATA%\458EC58B-7FB4-E64F-9420-CCB2BB71B796\Runner.exe <==== ATTENTION
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E7484A1D-E626-4DCB-9CDC-813A33BD9D73}.exe <==== ATTENTION
    FirewallRules: [{7D7DE707-DD72-4AD5-9679-789339D85FF4}] => (Allow) E:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{E788F99F-4E60-47E6-B94A-9255235A3E06}] => (Allow) E:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{F4CA3F52-C4DB-46DD-BE32-4016D7C006DA}] => (Allow) E:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{BEA7CD68-7503-43AF-91C0-5A337545B51C}] => (Allow) E:\Program Files\BitComet\BitComet.exe
    SearchScopes: HKU\S-1-5-21-533264183-1890375580-901914935-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17C69216-665E-4DF8-8F1D-C4CA61503AE1}&mid=2cde66aaea3e47d0970d416272f72ce4-2eb8523d55c77eeab84be3d9b7cce12e5681e2ae&lang=en&ds=AVG&pr=fr&d=2012-10-04 23:12:47&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-533264183-1890375580-901914935-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17C69216-665E-4DF8-8F1D-C4CA61503AE1}&mid=2cde66aaea3e47d0970d416272f72ce4-2eb8523d55c77eeab84be3d9b7cce12e5681e2ae&lang=en&ds=AVG&pr=fr&d=2012-10-04 23:12:47&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17C69216-665E-4DF8-8F1D-C4CA61503AE1}&mid=2cde66aaea3e47d0970d416272f72ce4-2eb8523d55c77eeab84be3d9b7cce12e5681e2ae&lang=en&ds=AVG&pr=fr&d=2012-10-04 23:12:47&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17C69216-665E-4DF8-8F1D-C4CA61503AE1}&mid=2cde66aaea3e47d0970d416272f72ce4-2eb8523d55c77eeab84be3d9b7cce12e5681e2ae&lang=en&ds=AVG&pr=fr&d=2012-10-04 23:12:47&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-17] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-533264183-1890375580-901914935-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Toolbar: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    FF HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi
    FF HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi
    S3 BITCOMET_HELPER_SERVICE; E:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
    E:\Program Files\BitComet
    2015-05-11 12:50 - 2013-06-09 13:23 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    EmptyTemp:
    Cmd: ipconfig /flushdns


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13E03EEE-E659-46CA-B77B-300A5FA9B844} => Key not found.
    C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AAF0A44-64DF-4009-B832-5E1F4490313F} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner for IC => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40BC3D6C-4843-4E82-84DC-CE773F021A36} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gtaUpt => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDA20C7A-12EE-4BF6-9FF4-27EE586C22CF} => Key not found.
    C:\Windows\System32\Tasks\LaunchPreSignup not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0B35D6E-65DB-40D7-B9CE-125BBB82A378} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CloudHIDEAWAY => Key not found.
    C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB366280-3F6B-470D-9D12-917A00ACA355} => Key not found.
    C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Updater for IC => Key not found.
    C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D7DE707-DD72-4AD5-9679-789339D85FF4} => Value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E788F99F-4E60-47E6-B94A-9255235A3E06} => Value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4CA3F52-C4DB-46DD-BE32-4016D7C006DA} => Value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BEA7CD68-7503-43AF-91C0-5A337545B51C} => Value not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key not found.
    HKCR\Wow6432Node\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
    HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
    HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
    HKCR\CLSID\Toolbar: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\Software\Mozilla\Firefox\Extensions\\{8492baab-62ca-4e2c-983b-dfef7cae8082} => Value not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Firefox\Extensions\\{8492baab-62ca-4e2c-983b-dfef7cae8082} => Value not found.
    BITCOMET_HELPER_SERVICE => Service not found.
    "E:\Program Files\BitComet" => File/Directory not found.
    "C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job" => File/Directory not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 877 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 09:03:29 ====


    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
    hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
    scanner sequence 3.ED.11.SUNAUZ
    ----- EOF -----
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Let's try that Fix again.
    This time, please be sure to right click FRST64.exe, and "Run as administrator". Then click FIX
    Sometimes, if it's not run that way, it fails to do the prescribed corrections.
     
  8. z0rkny

    z0rkny Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    79
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
    Ran by Dan at 2015-05-12 10:44:35 Run:3
    Running from C:\Users\Dan\Desktop
    Loaded Profiles: Dan (Available profiles: Dan)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-533264183-1890375580-901914935-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Dan\AppData\Roaming\lection\gendaqof.dll No File <==== ATTENTION
    Task: {13E03EEE-E659-46CA-B77B-300A5FA9B844} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E7484A1D-E626-4DCB-9CDC-813A33BD9D73}.exe
    Task: {3AAF0A44-64DF-4009-B832-5E1F4490313F} - \Runner for IC No Task File <==== ATTENTION
    Task: {40BC3D6C-4843-4E82-84DC-CE773F021A36} - \gtaUpt No Task File <==== ATTENTION
    Task: {BDA20C7A-12EE-4BF6-9FF4-27EE586C22CF} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
    Task: {C0B35D6E-65DB-40D7-B9CE-125BBB82A378} - \CloudHIDEAWAY No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E7484A1D-E626-4DCB-9CDC-813A33BD9D73}.exe <==== ATTENTION
    Task: {EB366280-3F6B-470D-9D12-917A00ACA355} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => %LOCALAPPDATA%\458EC58B-7FB4-E64F-9420-CCB2BB71B796\Runner.exe <==== ATTENTION
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E7484A1D-E626-4DCB-9CDC-813A33BD9D73}.exe <==== ATTENTION
    FirewallRules: [{7D7DE707-DD72-4AD5-9679-789339D85FF4}] => (Allow) E:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{E788F99F-4E60-47E6-B94A-9255235A3E06}] => (Allow) E:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{F4CA3F52-C4DB-46DD-BE32-4016D7C006DA}] => (Allow) E:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{BEA7CD68-7503-43AF-91C0-5A337545B51C}] => (Allow) E:\Program Files\BitComet\BitComet.exe
    SearchScopes: HKU\S-1-5-21-533264183-1890375580-901914935-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17C69216-665E-4DF8-8F1D-C4CA61503AE1}&mid=2cde66aaea3e47d0970d416272f72ce4-2eb8523d55c77eeab84be3d9b7cce12e5681e2ae&lang=en&ds=AVG&pr=fr&d=2012-10-04 23:12:47&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-533264183-1890375580-901914935-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17C69216-665E-4DF8-8F1D-C4CA61503AE1}&mid=2cde66aaea3e47d0970d416272f72ce4-2eb8523d55c77eeab84be3d9b7cce12e5681e2ae&lang=en&ds=AVG&pr=fr&d=2012-10-04 23:12:47&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17C69216-665E-4DF8-8F1D-C4CA61503AE1}&mid=2cde66aaea3e47d0970d416272f72ce4-2eb8523d55c77eeab84be3d9b7cce12e5681e2ae&lang=en&ds=AVG&pr=fr&d=2012-10-04 23:12:47&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17C69216-665E-4DF8-8F1D-C4CA61503AE1}&mid=2cde66aaea3e47d0970d416272f72ce4-2eb8523d55c77eeab84be3d9b7cce12e5681e2ae&lang=en&ds=AVG&pr=fr&d=2012-10-04 23:12:47&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-17] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-533264183-1890375580-901914935-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Toolbar: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    FF HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi
    FF HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi
    S3 BITCOMET_HELPER_SERVICE; E:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
    E:\Program Files\BitComet
    2015-05-11 12:50 - 2013-06-09 13:23 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    EmptyTemp:
    Cmd: ipconfig /flushdns


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13E03EEE-E659-46CA-B77B-300A5FA9B844} => Key not found.
    C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AAF0A44-64DF-4009-B832-5E1F4490313F} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner for IC => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40BC3D6C-4843-4E82-84DC-CE773F021A36} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gtaUpt => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDA20C7A-12EE-4BF6-9FF4-27EE586C22CF} => Key not found.
    C:\Windows\System32\Tasks\LaunchPreSignup not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0B35D6E-65DB-40D7-B9CE-125BBB82A378} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CloudHIDEAWAY => Key not found.
    C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB366280-3F6B-470D-9D12-917A00ACA355} => Key not found.
    C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Updater for IC => Key not found.
    C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D7DE707-DD72-4AD5-9679-789339D85FF4} => Value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E788F99F-4E60-47E6-B94A-9255235A3E06} => Value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4CA3F52-C4DB-46DD-BE32-4016D7C006DA} => Value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BEA7CD68-7503-43AF-91C0-5A337545B51C} => Value not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key not found.
    HKCR\Wow6432Node\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
    HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
    HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
    HKCR\CLSID\Toolbar: HKU\S-1-5-21-533264183-1890375580-901914935-1000-{{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\Software\Mozilla\Firefox\Extensions\\{8492baab-62ca-4e2c-983b-dfef7cae8082} => Value not found.
    HKU\S-1-5-21-533264183-1890375580-901914935-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Firefox\Extensions\\{8492baab-62ca-4e2c-983b-dfef7cae8082} => Value not found.
    BITCOMET_HELPER_SERVICE => Service not found.
    "E:\Program Files\BitComet" => File/Directory not found.
    "C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job" => File/Directory not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 58.8 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 10:44:45 ====
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    OK.
    The reason it doidn't show anything was because it had already been fixed.
    Let's see what we have for leftovers
    -----------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST64.exe on your desktop to launch it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
    • Please post the contents in your next reply.

    Tell me whether you are still seeing the ads.
     
  10. z0rkny

    z0rkny Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    79
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
    Ran by Dan (administrator) on DAN-PC on 12-05-2015 22:39:02
    Running from C:\Users\Dan\Desktop
    Loaded Profiles: Dan (Available profiles: Dan)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Adobe Systems Incorporated) E:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Nero AG) E:\Program Files\HTC Sync Manager\HSMServiceEntry.exe
    (Malwarebytes Corporation) E:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) E:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\ASUS\USB-N53 Utility\RaRegistry.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\ASUS\USB-N53 Utility\RaRegistry64.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    () E:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Malwarebytes Corporation) E:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Sonix) C:\Windows\vsnp2uvc.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () E:\Program Files\HTC Sync Manager\HTC Sync\adb.exe
    (Spotify Ltd) C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Spotify Ltd) C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe
    (ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\USB-N53 Utility\WlanMgr.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Dropbox, Inc.) C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Adobe Sytems Incorporated) E:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    (Adobe Systems Inc.) E:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    (Spotify Ltd) C:\Users\Dan\AppData\Roaming\Spotify\SpotifyCrashService.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    (Spotify Ltd) C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (Spotify Ltd) C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Version Cue CS2] => E:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
    HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\Run: [updateMgr] => "E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\Run: [PeerBlock] => E:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\Run: [Facebook Update] => C:\Users\Dan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-27] (Facebook Inc.)
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\Run: [Spotify Web Helper] => C:\Users\Dan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-12] (Spotify Ltd)
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\Run: [Spotify] => C:\Users\Dan\AppData\Roaming\Spotify\Spotify.exe [7320120 2015-05-12] (Spotify Ltd)
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\Run: [Google Update] => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-11] (Google Inc.)
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\MountPoints2: {3df514d7-3f2c-11e4-a2d2-902b3413c517} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\MountPoints2: {8fadb36d-5f53-11e3-9f08-902b3413c517} - F:\TL-Bootstrap.exe
    HKU\S-1-5-21-533264183-1890375580-901914935-1000\...\MountPoints2: {8fadb381-5f53-11e3-9f08-902b3413c517} - F:\HTC_Sync_Manager_PC.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012-07-18]
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-12-19]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-08-08]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-533264183-1890375580-901914935-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
    BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
    BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
    BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL [2012-11-03] (Symantec Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
    DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    DPF: HKLM-x32 {A16CE6E3-6BA2-4CD6-8AFA-135D06BCB8BE} https://relativity.omega-caci.com/Relativity/ActiveX/webclientmanager.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://safe.ftc.gov/dana-cached/sc/JuniperSetupClient.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\r9777qau.default-1429389830215
    FF DefaultSearchEngine.US: Google Default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @Citrix.com/npagee64,version=10.1.124.1308 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll [2014-03-28] (Citrix Systems, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Citrix.com/npagee,version=10.1.124.1308 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2014-03-28] (Citrix Systems, Inc.)
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-01-05] (GARMIN Corp.)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-28] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> E:\Program Files\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> E:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-533264183-1890375580-901914935-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
    FF Plugin HKU\S-1-5-21-533264183-1890375580-901914935-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-533264183-1890375580-901914935-1000: @talk.google.com/O1DPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-533264183-1890375580-901914935-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-11] (Google Inc.)
    FF Plugin HKU\S-1-5-21-533264183-1890375580-901914935-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-11] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npagee.dll [2014-03-28] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npagee64.dll [2014-03-28] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF SearchPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\r9777qau.default-1429389830215\searchplugins\google-default.xml [2015-05-04]
    FF Extension: Ghostery - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\r9777qau.default-1429389830215\Extensions\[email protected] [2015-04-18]
    FF Extension: Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\r9777qau.default-1429389830215\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-18]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - E:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - E:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-14]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - E:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-07-18] (Adobe Systems) [File not signed]
    R2 Adobe Version Cue CS2; E:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
    R2 HTCMonitorService; E:\Program Files\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
    R2 MBAMScheduler; E:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; E:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 RalinkRegistryWriter; C:\Program Files (x86)\ASUS\USB-N53 Utility\RaRegistry.exe [375872 2011-03-30] (Ralink Technology, Corp.)
    R2 RalinkRegistryWriter64; C:\Program Files (x86)\ASUS\USB-N53 Utility\RaRegistry64.exe [454208 2011-03-30] (Ralink Technology, Corp.)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
    R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
    R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
    S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20150501.011\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
    R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
    S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [159232 2012-01-30] (HTC Corporation)
    R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20150510.011\IDSvia64.sys [671448 2015-04-06] (Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-05-12] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150511.034\ENG64.SYS [129752 2015-01-27] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150511.034\EX64.SYS [2137304 2015-01-27] (Symantec Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
    S3 rt70x64; C:\Windows\System32\DRIVERS\netr7064.sys [388448 2010-04-27] (Ralink Technology Corp.)
    S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3531136 2009-08-20] ()
    R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation)
    S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [34352 2012-11-03] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-03-06] (Symantec Corporation)
    R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation)
    R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation)
    R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [154904 2013-03-06] (Symantec Corporation)
    R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [95616 2012-11-03] (Symantec Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2010-12-13] (Windows (R) Codename Longhorn DDK provider)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-12 08:55 - 2015-05-12 08:55 - 00001583 _____ () C:\Users\Dan\Desktop\ckfiles.txt
    2015-05-12 08:53 - 2015-05-12 08:53 - 00468480 _____ () C:\Users\Dan\Desktop\CKScanner.exe
    2015-05-12 07:38 - 2015-05-12 22:39 - 00029350 _____ () C:\Users\Dan\Desktop\FRST.txt
    2015-05-12 07:38 - 2015-05-12 07:39 - 00048676 _____ () C:\Users\Dan\Desktop\Addition.txt
    2015-05-12 07:37 - 2015-05-12 07:37 - 02102784 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
    2015-05-11 18:06 - 2015-05-12 11:11 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-533264183-1890375580-901914935-1000UA.job
    2015-05-11 18:06 - 2015-05-11 18:11 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-533264183-1890375580-901914935-1000Core.job
    2015-05-11 18:06 - 2015-05-11 18:06 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-533264183-1890375580-901914935-1000UA
    2015-05-11 18:06 - 2015-05-11 18:06 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-533264183-1890375580-901914935-1000Core
    2015-05-11 18:05 - 2015-05-11 18:06 - 00880208 _____ (Google Inc.) C:\Users\Dan\Downloads\GoogleVoiceAndVideoSetup.exe
    2015-05-11 07:36 - 2015-05-11 07:36 - 00509440 _____ (Tech Support Guy System) C:\Users\Dan\Downloads\SysInfo.exe
    2015-05-11 07:35 - 2015-05-11 07:35 - 00017181 _____ () C:\Users\Dan\Desktop\hijackthis.log
    2015-05-05 09:18 - 2015-05-05 09:18 - 00000000 ____D () C:\Users\Dan\AppData\OICE_15_974FA576_32C1D314_331A
    2015-05-04 10:03 - 2015-05-04 10:03 - 00000462 _____ () C:\Users\Dan\Desktop\url.htm
    2015-05-02 17:06 - 2015-05-02 17:06 - 00000000 ____D () C:\Users\Dan\AppData\OICE_15_974FA576_32C1D314_18B5
    2015-05-01 14:21 - 2015-05-01 14:21 - 00026217 _____ () C:\Users\Dan\Desktop\imgres.htm
    2015-04-30 23:12 - 2015-04-30 23:13 - 00000000 ____D () C:\Users\Dan\Documents\My Kindle Content
    2015-04-30 23:12 - 2015-04-30 23:12 - 00002215 _____ () C:\Users\Dan\Desktop\Kindle.lnk
    2015-04-30 23:12 - 2015-04-30 23:12 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
    2015-04-30 23:11 - 2015-04-30 23:12 - 00000000 ____D () C:\Users\Dan\AppData\Local\Amazon
    2015-04-27 17:15 - 2015-04-27 17:15 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-04-27 17:15 - 2015-04-27 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-04-27 17:15 - 2015-04-27 17:15 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-04-27 17:15 - 2015-04-27 17:15 - 00000000 ____D () C:\Program Files\iTunes
    2015-04-27 17:15 - 2015-04-27 17:15 - 00000000 ____D () C:\Program Files\iPod
    2015-04-27 17:15 - 2015-04-27 17:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-04-27 10:42 - 2015-04-27 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-04-22 23:01 - 2015-04-22 23:02 - 00000000 ____D () C:\Users\Dan\AppData\OICE_15_974FA576_32C1D314_145A
    2015-04-21 14:47 - 2015-04-21 14:47 - 00002075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7 64-bit.lnk
    2015-04-21 14:47 - 2015-04-21 14:47 - 00002055 _____ () C:\Users\Public\Desktop\Lightroom 5.7 64-bit.lnk
    2015-04-21 14:46 - 2015-04-21 14:46 - 00000000 ____D () C:\Program Files\Adobe
    2015-04-21 00:34 - 2015-04-21 00:34 - 00000000 ____D () C:\Users\Dan\Desktop\Adobe
    2015-04-18 16:43 - 2015-04-18 16:43 - 00000000 ____D () C:\Users\Dan\Desktop\Old Firefox Data
    2015-04-18 16:39 - 2015-04-28 08:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-18 16:39 - 2015-04-18 16:39 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-04-18 16:39 - 2015-04-18 16:39 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-04-14 23:06 - 2015-04-14 23:06 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-04-14 23:06 - 2015-04-14 23:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-04-14 23:06 - 2015-04-14 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-04-14 21:54 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-14 21:54 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-14 21:54 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-14 21:54 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-04-14 21:54 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-14 21:54 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-14 21:54 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-14 21:54 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-14 21:54 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-14 21:54 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-14 21:54 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-14 21:54 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-04-14 21:54 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-04-14 21:54 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-04-14 21:54 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-04-14 21:54 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-04-14 21:54 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-04-14 21:54 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-04-14 21:54 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-04-14 21:54 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-04-14 21:54 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-04-14 21:54 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-04-14 21:54 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-04-14 21:54 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-04-14 21:54 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-14 21:54 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-04-14 21:54 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-04-14 21:54 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-14 21:54 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-04-14 21:54 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-04-14 21:54 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-04-14 21:54 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-04-14 21:54 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-04-14 21:54 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-04-14 21:54 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-04-14 21:54 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-04-14 21:54 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-04-14 21:54 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-04-14 21:54 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-04-14 21:54 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-04-14 21:54 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-04-14 21:54 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-04-14 21:54 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-04-14 21:54 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-04-14 21:54 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-04-14 21:54 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-04-14 21:54 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-04-14 21:54 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-04-14 21:54 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-04-14 21:54 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-04-14 21:54 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-04-14 21:54 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-04-14 21:54 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-04-14 21:54 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-04-14 21:54 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-04-14 21:54 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-04-14 21:54 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-04-14 21:54 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-04-14 21:54 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-04-14 21:54 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-04-14 21:54 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-04-14 21:54 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-14 21:54 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-04-14 21:54 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-04-14 21:54 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-04-14 21:54 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-14 21:54 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-04-14 21:53 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-04-14 21:53 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-04-14 21:53 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-14 21:53 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-04-14 21:53 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-04-14 21:53 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-04-14 21:53 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-14 21:53 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-04-14 21:53 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-04-14 21:53 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-14 21:53 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-04-14 21:53 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-14 21:53 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-04-14 21:53 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-14 21:53 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-14 21:53 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-04-14 21:53 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-04-14 21:53 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-14 21:53 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-04-14 21:53 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-04-14 21:53 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-04-14 21:53 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-14 21:53 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-04-14 21:53 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-04-14 21:53 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-04-14 21:53 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-04-14 21:53 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-04-14 21:53 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-04-14 21:53 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-14 21:53 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-04-14 21:53 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-14 21:53 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-04-14 21:53 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-04-14 21:53 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-04-14 21:53 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-04-14 21:53 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-04-14 21:53 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-04-14 21:53 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-04-14 21:53 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-14 21:53 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-04-14 21:53 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-14 21:53 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-04-14 21:53 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-04-14 21:53 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-14 21:53 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-04-14 21:53 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-04-14 21:53 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-04-14 21:53 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-04-14 21:53 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-14 21:53 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-04-14 21:53 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-04-14 21:53 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-04-14 21:53 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-04-14 21:53 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-14 21:53 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-04-14 21:53 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-04-14 21:53 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-04-14 21:53 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-04-14 21:53 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-14 21:53 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-14 21:53 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-04-14 21:53 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-12 22:39 - 2014-06-25 21:05 - 00000000 ____D () C:\FRST
    2015-05-12 22:34 - 2012-11-15 21:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-12 22:25 - 2009-07-14 00:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-12 22:25 - 2009-07-14 00:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-12 22:22 - 2014-03-09 17:22 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Spotify
    2015-05-12 22:22 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-12 22:20 - 2014-04-14 22:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-12 22:18 - 2014-03-09 17:23 - 00000000 ____D () C:\Users\Dan\AppData\Local\Spotify
    2015-05-12 22:18 - 2013-12-08 23:03 - 00000000 ____D () C:\Users\Dan\AppData\Local\HTC MediaHub
    2015-05-12 22:18 - 2012-08-08 20:41 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Dropbox
    2015-05-12 22:17 - 2012-11-15 21:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-12 22:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-12 22:17 - 2009-07-14 00:51 - 00309849 _____ () C:\Windows\setupact.log
    2015-05-12 11:22 - 2012-06-09 16:16 - 01306113 _____ () C:\Windows\WindowsUpdate.log
    2015-05-12 11:11 - 2013-03-06 09:42 - 00000000 ____D () C:\ProgramData\Symantec
    2015-05-12 09:45 - 2012-09-22 00:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-12 09:21 - 2013-11-27 16:16 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533264183-1890375580-901914935-1000UA.job
    2015-05-12 09:04 - 2010-11-20 23:47 - 00319792 _____ () C:\Windows\PFRO.log
    2015-05-12 08:50 - 2012-08-08 20:43 - 00001009 _____ () C:\Users\Dan\Desktop\Dropbox.lnk
    2015-05-12 08:50 - 2012-08-08 20:41 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-05-11 18:06 - 2012-06-11 20:09 - 00000000 ____D () C:\Users\Dan\AppData\Local\Google
    2015-05-11 15:21 - 2013-11-27 16:16 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533264183-1890375580-901914935-1000Core.job
    2015-05-04 13:15 - 2013-12-13 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-05-04 13:14 - 2013-11-28 23:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-04-27 17:15 - 2013-03-31 20:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-04-21 15:34 - 2015-04-09 10:18 - 00000000 ____D () C:\Program Files (x86)\clean2PC
    2015-04-15 11:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2015-04-15 11:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-15 09:47 - 2013-04-14 11:23 - 00000000 ____D () C:\Windows\system32\appmgmt
    2015-04-15 09:45 - 2012-09-22 00:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-04-15 09:45 - 2012-09-22 00:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-15 09:45 - 2012-09-22 00:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-15 09:13 - 2014-12-10 12:18 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-04-15 09:13 - 2014-05-07 01:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-04-14 23:07 - 2013-11-29 09:27 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-04-14 23:06 - 2013-07-11 23:08 - 00000000 ____D () C:\Windows\system32\MRT
    2015-04-14 23:06 - 2013-06-02 20:18 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-14 23:04 - 2012-06-09 16:16 - 00000000 ____D () C:\Users\Dan
    2015-04-14 23:02 - 2012-06-29 14:00 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-04-14 22:19 - 2013-08-19 23:14 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\vlc

    ==================== Files in the root of some directories =======

    2013-12-21 17:13 - 2014-12-08 19:44 - 0007602 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg

    Some content of TEMP:
    ====================
    C:\Users\Dan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzrfvcy.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-04 13:04

    ==================== End Of Log ============================
     
  11. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    z0rkny,
    That is the log we wanted.
    You should be in pretty good shape. You may still get some adware annoyances from Skype.
    Unless you see something requiring us to look deeper, I think we are done.
    Let me know.
    askey127
     
  12. z0rkny

    z0rkny Thread Starter

    Joined:
    Aug 1, 2007
    Messages:
    79
    Thanks, Askey127 for all your help!

    Best.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1146692

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice