1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Things runing in the background

Discussion in 'Virus & Other Malware Removal' started by Gulfdiver, Jan 29, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Gulfdiver

    Gulfdiver Thread Starter

    Joined:
    May 12, 2013
    Messages:
    72
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\Downloads\HijackThis.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    There are split second windows popping up in window and all of these are running in the process tree. If I end the process they jus reappear. I am missing icons in the windows bar and the cpu usage is running constantly. The description list Google Crome next to it and there is no Google Crome in my add and remove programs menu.
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:42:14 PM, on 1/29/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17496)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE
    C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Program Files (x86)\bfgclient\bfggameservices.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\Downloads\HijackThis.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure Hoster (46680)] "C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe" -app -hosterid:1
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [abtieem] regsvr32.exe /s "C:\Users\John\AppData\Local\Nikon\abtieem.dll"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
    O4 - Startup: Dropbox.lnk = John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
    O16 - DPF: {0FADB9AA-6955-4319-B538-BB1461E11A28} (NTR Plugin 1.2.4.2) - https://secure.nsnconnect.com/main/mod/setup/beta/ntrplugin1242v_2.cab
    O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
    O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EDD8DF0B-A160-45DF-A26E-67C390A57B18} (SurveillanceCtrl Control) - http://192.168.1.9:85/webrec.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs:
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 12428 bytes
     
  2. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Hi GulfDiver,

    Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
    • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
    • All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
    • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
    • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
    • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
    • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
    • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

      - Save ALL Tools to your Desktop-
      All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

      Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
      [​IMG]Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.[​IMG] Choose Settings. at the bottom of the screen click the
      "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
      [​IMG]Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. [​IMG] Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
      and the click the "Select Folder" button. Click OK to get out of the Options menu.
      [​IMG]Internet Explorer - Click the Tools menu in the upper right-corner of the browser. [​IMG] Select View downloads. Select the Options link in the lower left of the window. Click Browse and
      select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
      NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
    Let's get started....


    Tech Support Guy asks that you supply the scan from this post; the TSG SysInfo utility is available here ----> Everyone MUST read this BEFORE posting for help in this forum.


    Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

    • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • If an update is available, the program will inform you and download the update. Allow it do this please.
    • Once the tool shows "The tool is ready to use." message, please press the Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  3. Gulfdiver

    Gulfdiver Thread Starter

    Joined:
    May 12, 2013
    Messages:
    72
    Thanks for the fast reply,
    I am out of town for the weekend. I will be able to address this on Sunday when I get back.
    I appreciate your help
    J
     
  4. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Have a good trip / time until then and I will look for your reply then.
     
  5. Gulfdiver

    Gulfdiver Thread Starter

    Joined:
    May 12, 2013
    Messages:
    72
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
    Ran by John (administrator) on JOHN-PC on 01-02-2015 19:52:41
    Running from C:\Users\John\Desktop
    Loaded Profiles: John (Available profiles: John)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    () C:\Users\John\Downloads\CoreTemp64\Core Temp.exe
    (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    (ATK) C:\Program Files\P4G\BatteryLife.exe
    () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Dropbox, Inc.) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\VirtualSearchHost.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSHDLL64.EXE
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fssm32.exe
    (asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
    (Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-05] (Synaptics Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
    HKLM-x32\...\Run: [F-Secure Hoster (46680)] => C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
    HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2010-05-26] (ASUS)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Run: [abtieem] => regsvr32.exe /s "C:\Users\John\AppData\Local\Nikon\abtieem.dll" <===== ATTENTION
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: D - D:\LaunchU3.exe -a
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530e3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530f3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {ef673efb-682e-11e0-a0e2-485b397be4fa} - D:\MI.exe
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://asus.msn.com
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
    DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: HKLM-x32 {0FADB9AA-6955-4319-B538-BB1461E11A28} https://secure.nsnconnect.com/main/mod/setup/beta/ntrplugin1242v_2.cab
    DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
    DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} http://192.168.1.9:85/webrec.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
    FireFox:
    ========
    FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\r12ofno8.default-1368986637823
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-355417517-4124742512-337856535-1000: @nsroblox.roblox.com/launcher -> C:\Users\John\AppData\Local\Roblox\Versions\version-c2a7e6748ad54a86\\NPRobloxProxy.dll ( ROBLOX Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
    Chrome:
    =======
    CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]
    CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]
    CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]
    CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]
    CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20]
    CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - No Path
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-05-26] (Creative Labs) [File not signed]
    S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-05-26] (Creative Labs) [File not signed]
    R2 fshoster; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
    R3 FSMA; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
    R2 FSORSPClient; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe [61176 2012-08-06] (F-Secure Corporation)
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
    R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R3 F-Secure Gatekeeper; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [207400 2014-11-18] (F-Secure Corporation)
    R1 F-Secure HIPS; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
    R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-01-15] ()
    R3 fsni; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-10] (F-Secure Corporation)
    R1 fsvista; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
    S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R3 ALSysIO; \??\C:\Users\John\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
    U3 tmlwf; No ImagePath
    U3 tmwfp; No ImagePath
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-02-01 19:52 - 2015-02-01 19:54 - 00019340 _____ () C:\Users\John\Desktop\FRST.txt
    2015-02-01 19:52 - 2015-02-01 19:52 - 00000000 ____D () C:\FRST
    2015-02-01 19:45 - 2015-02-01 19:51 - 02131456 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
    2015-01-29 23:05 - 2015-02-01 18:24 - 00000168 _____ () C:\Windows\setupact.log
    2015-01-29 23:05 - 2015-01-29 23:05 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-29 23:04 - 2015-01-29 23:04 - 00001180 _____ () C:\Windows\PFRO.log
    2015-01-29 21:42 - 2015-01-29 21:42 - 00012430 _____ () C:\Users\John\Downloads\hijackthis1
    2015-01-28 20:51 - 2015-01-28 20:51 - 00000776 _____ () C:\Users\John\Desktop\JRT.txt
    2015-01-20 18:11 - 2015-01-20 18:41 - 00014248 _____ () C:\Users\John\Documents\Tax Summary 2014.xlsx
    2015-01-14 22:51 - 2015-01-20 18:11 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2015-01-14 22:51 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2015-01-14 19:32 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 19:32 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 19:32 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 19:32 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 19:32 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 19:32 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 19:32 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-13 18:15 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 18:15 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 18:15 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 18:15 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 18:14 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 18:01 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 14:24 - 2015-01-13 14:24 - 00002435 _____ () C:\Users\John\Desktop\Microsoft Office 2010.lnk
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-07-24 21:24 - 2011-07-10 10:31 - 00000000 ____D () C:\Users\John\Downloads\Guru3D.com
    2015-02-01 19:43 - 2013-01-26 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-01 19:42 - 2010-09-04 08:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-01 19:41 - 2010-05-26 15:27 - 01493600 _____ () C:\Windows\WindowsUpdate.log
    2015-02-01 18:32 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-01 18:32 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-01 18:31 - 2014-02-19 16:46 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F80B639C-2F72-4C7F-9EB5-686A1DB5385D}
    2015-02-01 18:26 - 2014-12-28 11:37 - 00003424 _____ () C:\Windows\System32\Tasks\Scheduled scanning task
    2015-02-01 18:26 - 2014-12-28 11:37 - 00000650 _____ () C:\Windows\Tasks\Scheduled scanning task.job
    2015-02-01 18:26 - 2014-08-24 20:10 - 00000000 ___RD () C:\Users\John\Dropbox
    2015-02-01 18:25 - 2014-08-24 20:08 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
    2015-02-01 18:24 - 2010-09-04 08:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-01 18:24 - 2010-09-01 23:26 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
    2015-02-01 18:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-29 21:09 - 2010-08-31 08:46 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-01-27 20:08 - 2011-02-10 22:47 - 00000000 ____D () C:\Users\John\AppData\Local\Nikon
    2015-01-15 03:10 - 2013-08-14 20:05 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 03:01 - 2010-09-25 10:33 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-13 14:21 - 2010-08-31 10:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-01-10 23:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-05 21:59 - 2010-11-17 13:32 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment
    2015-01-04 09:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-01-02 11:14 - 2009-07-14 00:13 - 00787374 _____ () C:\Windows\system32\PerfStringBackup.INI
    ==================== Files in the root of some directories =======
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Internet Services
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Iterate Items
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Jazz
    2011-09-05 17:45 - 2011-10-17 17:17 - 0010752 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-06-05 12:35 - 2014-06-03 06:27 - 0007637 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
    2011-10-01 20:06 - 2011-10-01 20:06 - 0000000 _____ () C:\Users\John\AppData\Local\{0437CACC-AF19-417C-AAA6-F1F9A991F49A}
    2012-01-06 22:57 - 2012-01-06 22:57 - 0000000 _____ () C:\Users\John\AppData\Local\{16F5DC2C-B194-4134-A01C-7B44DA213EBC}
    2011-09-13 16:40 - 2011-09-13 16:40 - 0000000 _____ () C:\Users\John\AppData\Local\{24B2E4A7-4C67-410F-BC09-CA5D2EE752A3}
    2011-08-23 16:21 - 2011-08-23 16:21 - 0000000 _____ () C:\Users\John\AppData\Local\{27417F90-5037-47E1-91B2-8A3577C29DBF}
    2011-06-01 05:24 - 2011-06-01 05:24 - 0000000 _____ () C:\Users\John\AppData\Local\{4AA1BE57-D0C9-49EB-BA10-E319ED6D6246}
    2011-09-18 13:11 - 2011-09-18 13:11 - 0000000 _____ () C:\Users\John\AppData\Local\{54A6FC3B-933D-49B7-AD97-69D3504994C3}
    2011-06-18 09:46 - 2011-06-18 09:46 - 0000000 _____ () C:\Users\John\AppData\Local\{6818F0EB-0292-4015-AF51-40F22581D663}
    2011-11-20 08:56 - 2011-11-20 08:56 - 0000000 _____ () C:\Users\John\AppData\Local\{7EB45318-20B5-4508-A7AF-D232D9BA6E2A}
    2011-12-18 20:02 - 2011-12-18 20:02 - 0000000 _____ () C:\Users\John\AppData\Local\{9373FD65-C6BF-43FC-BD58-E8D193D390A1}
    2011-12-26 20:21 - 2011-12-26 20:21 - 0000000 _____ () C:\Users\John\AppData\Local\{9D72C211-E3EC-4067-BBEE-C35A31692DAD}
    2014-05-29 07:30 - 2014-05-29 07:30 - 0000000 _____ () C:\Users\John\AppData\Local\{9E92FCA2-027D-466A-975F-52689A8A44D2}
    2011-06-04 13:48 - 2011-06-04 13:48 - 0000000 _____ () C:\Users\John\AppData\Local\{AAB950EA-58A7-454E-A2EC-FFDBEAB832C0}
    2011-09-04 19:16 - 2011-09-04 19:16 - 0000000 _____ () C:\Users\John\AppData\Local\{AEE8173F-7E03-4FA9-91B0-85C46F0E73D4}
    2011-11-27 09:31 - 2011-11-27 09:31 - 0000000 _____ () C:\Users\John\AppData\Local\{BAE5E04A-3ABD-4EB3-AD7D-6EBF03BBB3D9}
    2011-08-25 20:30 - 2011-08-25 20:30 - 0000000 _____ () C:\Users\John\AppData\Local\{C50733FF-8870-4602-B899-C9EE68F63395}
    2011-08-05 17:37 - 2011-08-05 17:37 - 0000000 _____ () C:\Users\John\AppData\Local\{CDBE16D1-DC3B-4B29-A93E-770B8CC34B1D}
    2012-02-04 20:38 - 2012-02-04 20:38 - 0000000 _____ () C:\Users\John\AppData\Local\{D76ABF8A-071F-4B0F-B5AB-CA2BB9F7D688}
    2011-06-02 05:30 - 2011-06-02 05:30 - 0000000 _____ () C:\Users\John\AppData\Local\{D87F1E69-08A1-405B-BECF-2BC35D6C4B3A}
    2011-06-13 08:53 - 2011-06-13 08:53 - 0000000 _____ () C:\Users\John\AppData\Local\{D8918207-3175-4EAA-A497-8FEDEA799CA9}
    2012-07-20 09:43 - 2012-07-20 09:43 - 0000057 _____ () C:\ProgramData\Ament.ini
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Jingles
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Kernel Extension
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Keyboard Layouts
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
    2011-02-10 16:25 - 2011-03-26 15:56 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
    2011-02-10 16:25 - 2011-03-26 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
    2010-05-26 15:25 - 2010-05-26 15:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-05-26 15:24 - 2010-05-26 15:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    Files to move or delete:
    ====================
    C:\Users\Public\AlexaNSISPlugin.1664.dll

    Some content of TEMP:
    ====================
    C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzqlm44.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-01-27 00:00
    ==================== End Of Log ============================
     
  6. Gulfdiver

    Gulfdiver Thread Starter

    Joined:
    May 12, 2013
    Messages:
    72
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
    Ran by John at 2015-02-01 19:54:37
    Running from C:\Users\John\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
    AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Akamai NetSession Interface (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
    Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
    ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
    ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.28 - ASUS)
    ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
    ATI AVIVO64 Codecs (Version: 10.12.0.41217 - ATI Technologies Inc.) Hidden
    ATI Catalyst Install Manager (HKLM\...\{D87D65E0-B704-9861-F836-5A310B41F153}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
    Backyard Skateboarding GOTY (HKLM-x32\...\{A85D902C-3451-44EA-8D5A-3C3B98E02EE0}) (Version: 1.00.000 - )
    Best Buy Software Installer (HKLM-x32\...\Best Buy Software Installer) (Version: 2.3.0.1 - Best Buy)
    Best Buy Software Installer (Version: 2.3.0.1 - Best Buy) Hidden
    Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.1.46 - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    ccc-core-static (x32 Version: 2009.1217.1632.29627 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
    CenturyLink Online Security (HKLM-x32\...\F-Secure ServiceEnabler 46680) (Version: 1.83.311.0 - F-Secure Corporation)
    CenturyLink Online Security (x32 Version: 1.83.311.0 - F-Secure Corporation) Hidden
    Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
    Computer Security 12.83.104.0 (release) (x32 Version: 12.83.104.0 - F-Secure Corporation) Hidden
    ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.7 - ASUS)
    Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
    Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
    Dropbox (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.2.13.38 - DeviceVM, Inc.)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
    Federal Premium 2012 Ammunition (HKLM-x32\...\Federal Premium 2012 Ammunition) (Version: - )
    F-Secure CCF Reputation (x32 Version: 1.0.25.1877 - F-Secure) Hidden
    F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
    F-Secure Network CCF 1.02.128 (x32 Version: 1.02.128.1 - F-Secure Corporation) Hidden
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
    Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
    Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
    Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
    Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
    Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version: - Valve)
    Half-Life: Source (HKLM-x32\...\Steam App 280) (Version: - Valve)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Ice Land 2 (HKLM-x32\...\Ice Land 2_is1) (Version: - )
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
    iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Kubota-PAD_V1.3 (HKLM-x32\...\{AB2D8781-B724-43D2-A68B-E8351E2382AC}) (Version: 100.000.00000 - Kubota Corp.)
    Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    LEGO Fever (HKLM-x32\...\BFG-LEGO Fever) (Version: - )
    LEGO® Indiana Jones&#8482; 2 (x32 Version: 1.00.0000 - LucasArts) Hidden
    LEGO® Indiana Jones&#8482; 2: The Adventure Continues (HKLM-x32\...\InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}) (Version: 1.00.0000 - LucasArts)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
    Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden
    Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Nikon File Uploader 2 (HKLM-x32\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.0.2 - Nikon)
    Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
    Online Safety 2.83.1346.10 (x32 Version: 2.83.1346.10 - F-Secure Corporation) Hidden
    Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.1 - Nikon)
    QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5978 - Realtek Semiconductor Corp.)
    ROBLOX Player for John (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sound Blaster Audigy HD (HKLM-x32\...\{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}) (Version: 1.0 - Creative Technology Limited)
    Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.11.0 - Synaptics Incorporated)
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    Unity Web Player (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
    USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
    VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.3 - Nikon)
    Visage Control Center (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\3431b9574968fe0e) (Version: 2.0.0.41 - GPSI LLC)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
    Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
    XBMC (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\XBMC) (Version: - Team XBMC)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\propsys.dll No File
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    ==================== Restore Points =========================
    11-01-2015 21:10:41 Scheduled Checkpoint
    14-01-2015 19:09:09 Windows Update
    15-01-2015 03:00:15 Windows Update
    27-01-2015 00:07:30 Scheduled Checkpoint
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {02F6DD07-F958-4414-BDFC-AEF5C8CCBD3C} - System32\Tasks\{635FA8D0-9072-4A50-B18F-9039989D2F08} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z37IQAS\jv16_regcleaner.exe" -d C:\Users\John\Desktop
    Task: {0392D22F-0240-4A81-9C81-496DBD946095} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
    Task: {03C56058-85AD-45D3-8FFC-9D914DD3F21E} - System32\Tasks\{D958B1FD-2F8B-4451-9646-778A92969791} => Firefox.exe
    Task: {0810E9C4-605E-45DF-A6CE-3D50187AFBF4} - System32\Tasks\HP AR Program Upload - 87fe26be7e2046a1b5f7bda6444a0eb917ac44c3ee664346bec320948c15e3d2 => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {0BE9CF7A-98F7-4EE8-94BA-35252AC45F05} - System32\Tasks\{93191563-8596-4520-AD54-9153C6942589} => pcalua.exe -a "C:\Program Files (x86)\FlashGet Network\FlashGet 3\uninst.exe"
    Task: {11B47FFC-0D90-4D0A-B256-4788DC8896FB} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
    Task: {2413B2FA-22B6-47DC-8F5E-94B35F502720} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {29D49EFA-B056-4138-9AA4-9EEE7E43AC25} - System32\Tasks\{31618367-F425-4B92-B244-FC804F042107} => Firefox.exe
    Task: {3144916C-753C-42B1-ABB8-A41A7F37ED8C} - System32\Tasks\{7A9C22BD-AC36-4FC7-9B6F-680281533181} => Firefox.exe
    Task: {32712D00-E008-46F0-8C56-AFB4D1B3CA4A} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-05] (ATK)
    Task: {3A861D7E-499D-4402-852D-32A1F271AD81} - System32\Tasks\{AF74B245-77B6-461D-9152-D77774DF4BA7} => pcalua.exe -a "C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader\uninst\unins000.exe"
    Task: {537225DF-16B5-43CF-AD38-B09816C6FD3C} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fsav.exe [2013-08-14] (F-Secure Corporation)
    Task: {59958C07-4634-4F3E-899F-04A02BD902AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
    Task: {61F946C7-86F0-4DDA-BF1B-65DF8B662160} - System32\Tasks\{0C01FC14-E568-47E2-A040-D08209C94F0B} => pcalua.exe -a C:\Windows\system32\MSIEXEC.EXE -d C:\Windows\SysWOW64 -c /qb! /L*v C:\Users\John\AppData\Local\Temp\BB_MM.log ARPSYSTEMCOMPONENT=1 REBOOT=Suppress /I "E:\files\exec\bbinstaller\SR_MM\Roxio Media Manager.msi" TRANSFORMS="E:\files\exec\bbinstaller\SR_MM\1033.mst" INSTALLERDIR="E:\files\exec\bbinstaller\SR_MM\"
    Task: {64754A07-29FA-4950-BC29-312C4C1D66CC} - System32\Tasks\{DBBF3F5A-1B9A-4450-AF50-1A4BC9B44FB5} => Firefox.exe
    Task: {73041105-B9B8-4DAA-A636-AE286FF2E9FC} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
    Task: {73352550-73E3-408A-9B19-27FE73B21CE1} - System32\Tasks\Core Temp Autostart John => C:\Users\John\Downloads\CoreTemp64\Core Temp.exe [2011-07-16] ()
    Task: {766BE332-F7E9-485E-84C2-E48AC76A8ACD} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
    Task: {7BACE2D9-A712-492E-BBC9-C17EE4187D23} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
    Task: {8C07CDF7-444E-4E51-80C5-5328F9893C40} - System32\Tasks\{4CC93609-70AE-427E-8961-54F54FDC675A} => C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2014-08-07] (Mozilla Corporation)
    Task: {95FA11F8-D20D-40BB-AC21-F9727E852A7B} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-05-17] (asus)
    Task: {A7BCBD72-809C-450E-A6A0-97B91DEC4DBC} - System32\Tasks\Core Temp Autostart => C:\Program Files\Core Temp\Core Temp.exe
    Task: {AAA5515A-39C4-4991-9E33-5D83FF709156} - System32\Tasks\HP AR Program Upload - dd819c7bbca740958c4f04bf0bf73e629da8f59bc82544b0a573830762e7d090 => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {BF6F9B81-8246-45B8-A221-488A5EC61379} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {D373E86B-4C7A-4223-A939-493ED1385316} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {E871F3FF-AE4E-4CCB-A040-7A993DCAC62C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {EF8ABD41-2BDA-4139-B13D-0CB7D0FD50F5} - System32\Tasks\{683B9B4F-CD96-4E0F-ACD0-F4334CC8EF5F} => pcalua.exe -a C:\Users\John\Downloads\HijackThis.exe -d C:\Users\John\Downloads
    Task: {FD1AA3A6-4148-4070-8E28-E7AF52FC6D79} - System32\Tasks\{513A90BA-3DA7-4AC6-9800-F20848A98675} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8N72BEMZ\HijackThis.exe" -d C:\Users\John\Desktop
    Task: {FFD921E3-FBAB-4E62-B7FB-30EA1B1C1EDA} - System32\Tasks\{FE84681F-8D46-4654-8B67-A4F457B4C110} => Firefox.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\CENTUR~1\F-SECU~1\apps\COMPUT~1\ANTI-V~1\fsav.exe
    ==================== Loaded Modules (whitelisted) =============
    2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2008-10-01 01:02 - 2008-10-01 01:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2010-01-04 19:43 - 2010-01-04 19:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2010-10-03 00:14 - 2011-07-16 11:42 - 00563728 _____ () C:\Users\John\Downloads\CoreTemp64\Core Temp.exe
    2009-12-23 15:12 - 2009-12-23 15:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
    2009-12-18 21:11 - 2009-12-18 21:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
    2010-05-26 15:43 - 2007-11-30 13:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)
    MSCONFIG\Services: ACDaemon => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AFBAgent => 2
    MSCONFIG\Services: Amazon Download Agent => 3
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
    MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\John\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    MSCONFIG\startupreg: Apple Computer => rundll32 "C:\Users\John\AppData\Local\ATI\Apple Computer\oytxbrpm.dll",DllRegisterServer
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: ArcSoft MediaImpression Monitor => C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3536RHRV05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
    MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN238BS01C05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: RunDLLEntry => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: Steam => "c:\program files (x86)\steam\steam.exe" -silent
    MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
    ========================= Accounts: ==========================
    Administrator (S-1-5-21-355417517-4124742512-337856535-500 - Administrator - Disabled)
    Guest (S-1-5-21-355417517-4124742512-337856535-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-355417517-4124742512-337856535-1002 - Limited - Enabled)
    John (S-1-5-21-355417517-4124742512-337856535-1000 - Administrator - Enabled) => C:\Users\John
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (02/01/2015 07:54:44 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
    Description: 1 2015-02-01 19:54:43-04:00 JOHN-PC SYSTEM F-Secure DeepGuard
    Application was blocked. This was determined to be a high-risk application by system control heuristics.
    Application path: \\?\c:\windows\mod_frst.exe
    File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
    Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11201
    Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11201
    Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10015
    Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10015
    Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
    Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9017
    Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    System errors:
    =============
    Error: (02/01/2015 07:52:24 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (02/01/2015 07:48:21 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (02/01/2015 07:47:38 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (02/01/2015 06:33:00 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (02/01/2015 06:32:17 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (02/01/2015 06:31:12 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (02/01/2015 06:29:11 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}
    Error: (02/01/2015 06:25:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (02/01/2015 06:25:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
    %%1053
    Error: (02/01/2015 06:25:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Application Virtualization Client service failed to start due to the following error:
    %%1053

    Microsoft Office Sessions:
    =========================
    Error: (02/01/2015 07:54:44 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
    Description: 1 2015-02-01 19:54:43-04:00 JOHN-PC SYSTEM F-Secure DeepGuard
    Application was blocked. This was determined to be a high-risk application by system control heuristics.
    Application path: \\?\c:\windows\mod_frst.exe
    File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
    Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11201
    Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11201
    Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10015
    Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10015
    Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
    Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9017
    Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    CodeIntegrity Errors:
    ===================================
    Date: 2011-07-10 11:33:45.883
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-07-10 11:33:45.814
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-07-10 11:33:44.676
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-07-10 11:33:44.603
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-07-10 11:33:43.527
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-07-10 11:33:43.454
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-07-10 11:33:42.376
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-07-10 11:33:42.303
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-07-10 11:33:05.117
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-07-10 11:33:05.046
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
    Percentage of memory in use: 36%
    Total physical RAM: 8116.55 MB
    Available physical RAM: 5114.74 MB
    Total Pagefile: 16231.29 MB
    Available Pagefile: 12341.75 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:306.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive f: () (Removable) (Total:7.39 GB) (Free:0.01 GB) FAT32
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
    Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
    Partition 2: (Active) - (Size=446.2 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
    Partition: GPT Partition Type.
    ==================== End Of Log ============================
     
  7. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Thanks for the logs. Let's get cleaning ....


    Download the attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

    The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
     

    Attached Files:

  8. Gulfdiver

    Gulfdiver Thread Starter

    Joined:
    May 12, 2013
    Messages:
    72
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
    Ran by John (administrator) on JOHN-PC on 03-02-2015 23:23:16
    Running from C:\Users\John\Desktop
    Loaded Profiles: John (Available profiles: John)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    (ATK) C:\Program Files\P4G\BatteryLife.exe
    () C:\Users\John\Downloads\CoreTemp64\Core Temp.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Dropbox, Inc.) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fssm32.exe
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE
    (F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSHDLL64.EXE
    (asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-05] (Synaptics Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
    HKLM-x32\...\Run: [F-Secure Hoster (46680)] => C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
    HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2010-05-26] (ASUS)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Run: [abtieem] => regsvr32.exe /s "C:\Users\John\AppData\Local\Nikon\abtieem.dll" <===== ATTENTION
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: D - D:\LaunchU3.exe -a
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530e3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530f3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {ef673efb-682e-11e0-a0e2-485b397be4fa} - D:\MI.exe
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://asus.msn.com
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
    DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: HKLM-x32 {0FADB9AA-6955-4319-B538-BB1461E11A28} https://secure.nsnconnect.com/main/mod/setup/beta/ntrplugin1242v_2.cab
    DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
    DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} http://192.168.1.9:85/webrec.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
    FireFox:
    ========
    FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\r12ofno8.default-1368986637823
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-355417517-4124742512-337856535-1000: @nsroblox.roblox.com/launcher -> C:\Users\John\AppData\Local\Roblox\Versions\version-c2a7e6748ad54a86\\NPRobloxProxy.dll ( ROBLOX Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
    Chrome:
    =======
    CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]
    CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]
    CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]
    CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]
    CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20]
    CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - No Path
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-05-26] (Creative Labs) [File not signed]
    S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-05-26] (Creative Labs) [File not signed]
    R2 fshoster; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
    R3 FSMA; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
    R2 FSORSPClient; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe [61176 2012-08-06] (F-Secure Corporation)
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
    R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R3 F-Secure Gatekeeper; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [207400 2014-11-18] (F-Secure Corporation)
    R1 F-Secure HIPS; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
    R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-01-15] ()
    R3 fsni; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-10] (F-Secure Corporation)
    R1 fsvista; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
    S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R3 ALSysIO; \??\C:\Users\John\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
    U3 tmlwf; No ImagePath
    U3 tmwfp; No ImagePath
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-02-03 23:22 - 2015-02-03 23:22 - 02131456 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
    2015-02-03 23:17 - 2015-02-03 23:17 - 00008720 _____ () C:\Users\John\Desktop\fixlist.txt
    2015-02-01 19:54 - 2015-02-01 19:55 - 00042365 _____ () C:\Users\John\Desktop\Addition.txt
    2015-02-01 19:52 - 2015-02-03 23:23 - 00018869 _____ () C:\Users\John\Desktop\FRST.txt
    2015-02-01 19:52 - 2015-02-03 23:23 - 00000000 ____D () C:\FRST
    2015-01-29 23:05 - 2015-02-03 06:02 - 00000224 _____ () C:\Windows\setupact.log
    2015-01-29 23:05 - 2015-01-29 23:05 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-29 23:04 - 2015-02-03 06:02 - 00001950 _____ () C:\Windows\PFRO.log
    2015-01-29 21:42 - 2015-01-29 21:42 - 00012430 _____ () C:\Users\John\Downloads\hijackthis1
    2015-01-28 20:51 - 2015-01-28 20:51 - 00000776 _____ () C:\Users\John\Desktop\JRT.txt
    2015-01-20 18:11 - 2015-02-03 17:17 - 00013131 _____ () C:\Users\John\Documents\Tax Summary 2014.xlsx
    2015-01-14 22:51 - 2015-01-20 18:11 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2015-01-14 22:51 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2015-01-14 19:32 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 19:32 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 19:32 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 19:32 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 19:32 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 19:32 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 19:32 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-13 18:15 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 18:15 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 18:15 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 18:15 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 18:14 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 18:01 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 14:24 - 2015-01-13 14:24 - 00002435 _____ () C:\Users\John\Desktop\Microsoft Office 2010.lnk
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-07-24 21:24 - 2011-07-10 10:31 - 00000000 ____D () C:\Users\John\Downloads\Guru3D.com
    2015-02-03 23:19 - 2010-09-04 08:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-03 22:43 - 2013-01-26 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-03 21:07 - 2014-02-19 16:46 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F80B639C-2F72-4C7F-9EB5-686A1DB5385D}
    2015-02-03 17:15 - 2010-05-26 15:27 - 01588479 _____ () C:\Windows\WindowsUpdate.log
    2015-02-03 06:10 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-03 06:10 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-03 06:03 - 2014-08-24 20:10 - 00000000 ___RD () C:\Users\John\Dropbox
    2015-02-03 06:03 - 2014-08-24 20:08 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
    2015-02-03 06:02 - 2014-12-28 11:37 - 00000650 _____ () C:\Windows\Tasks\Scheduled scanning task.job
    2015-02-03 06:02 - 2010-09-04 08:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-03 06:02 - 2010-09-01 23:26 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
    2015-02-03 06:02 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-03 06:01 - 2011-02-10 22:47 - 00000000 ____D () C:\Users\John\AppData\Local\Nikon
    2015-02-03 00:01 - 2014-12-28 11:37 - 00003424 _____ () C:\Windows\System32\Tasks\Scheduled scanning task
    2015-01-29 21:09 - 2010-08-31 08:46 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-01-15 03:10 - 2013-08-14 20:05 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 03:01 - 2010-09-25 10:33 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-13 14:21 - 2010-08-31 10:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-01-10 23:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-05 21:59 - 2010-11-17 13:32 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment
    2015-01-04 09:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    ==================== Files in the root of some directories =======
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Internet Services
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Iterate Items
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Jazz
    2011-09-05 17:45 - 2011-10-17 17:17 - 0010752 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-06-05 12:35 - 2014-06-03 06:27 - 0007637 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
    2011-10-01 20:06 - 2011-10-01 20:06 - 0000000 _____ () C:\Users\John\AppData\Local\{0437CACC-AF19-417C-AAA6-F1F9A991F49A}
    2012-01-06 22:57 - 2012-01-06 22:57 - 0000000 _____ () C:\Users\John\AppData\Local\{16F5DC2C-B194-4134-A01C-7B44DA213EBC}
    2011-09-13 16:40 - 2011-09-13 16:40 - 0000000 _____ () C:\Users\John\AppData\Local\{24B2E4A7-4C67-410F-BC09-CA5D2EE752A3}
    2011-08-23 16:21 - 2011-08-23 16:21 - 0000000 _____ () C:\Users\John\AppData\Local\{27417F90-5037-47E1-91B2-8A3577C29DBF}
    2011-06-01 05:24 - 2011-06-01 05:24 - 0000000 _____ () C:\Users\John\AppData\Local\{4AA1BE57-D0C9-49EB-BA10-E319ED6D6246}
    2011-09-18 13:11 - 2011-09-18 13:11 - 0000000 _____ () C:\Users\John\AppData\Local\{54A6FC3B-933D-49B7-AD97-69D3504994C3}
    2011-06-18 09:46 - 2011-06-18 09:46 - 0000000 _____ () C:\Users\John\AppData\Local\{6818F0EB-0292-4015-AF51-40F22581D663}
    2011-11-20 08:56 - 2011-11-20 08:56 - 0000000 _____ () C:\Users\John\AppData\Local\{7EB45318-20B5-4508-A7AF-D232D9BA6E2A}
    2011-12-18 20:02 - 2011-12-18 20:02 - 0000000 _____ () C:\Users\John\AppData\Local\{9373FD65-C6BF-43FC-BD58-E8D193D390A1}
    2011-12-26 20:21 - 2011-12-26 20:21 - 0000000 _____ () C:\Users\John\AppData\Local\{9D72C211-E3EC-4067-BBEE-C35A31692DAD}
    2014-05-29 07:30 - 2014-05-29 07:30 - 0000000 _____ () C:\Users\John\AppData\Local\{9E92FCA2-027D-466A-975F-52689A8A44D2}
    2011-06-04 13:48 - 2011-06-04 13:48 - 0000000 _____ () C:\Users\John\AppData\Local\{AAB950EA-58A7-454E-A2EC-FFDBEAB832C0}
    2011-09-04 19:16 - 2011-09-04 19:16 - 0000000 _____ () C:\Users\John\AppData\Local\{AEE8173F-7E03-4FA9-91B0-85C46F0E73D4}
    2011-11-27 09:31 - 2011-11-27 09:31 - 0000000 _____ () C:\Users\John\AppData\Local\{BAE5E04A-3ABD-4EB3-AD7D-6EBF03BBB3D9}
    2011-08-25 20:30 - 2011-08-25 20:30 - 0000000 _____ () C:\Users\John\AppData\Local\{C50733FF-8870-4602-B899-C9EE68F63395}
    2011-08-05 17:37 - 2011-08-05 17:37 - 0000000 _____ () C:\Users\John\AppData\Local\{CDBE16D1-DC3B-4B29-A93E-770B8CC34B1D}
    2012-02-04 20:38 - 2012-02-04 20:38 - 0000000 _____ () C:\Users\John\AppData\Local\{D76ABF8A-071F-4B0F-B5AB-CA2BB9F7D688}
    2011-06-02 05:30 - 2011-06-02 05:30 - 0000000 _____ () C:\Users\John\AppData\Local\{D87F1E69-08A1-405B-BECF-2BC35D6C4B3A}
    2011-06-13 08:53 - 2011-06-13 08:53 - 0000000 _____ () C:\Users\John\AppData\Local\{D8918207-3175-4EAA-A497-8FEDEA799CA9}
    2012-07-20 09:43 - 2012-07-20 09:43 - 0000057 _____ () C:\ProgramData\Ament.ini
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Jingles
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Kernel Extension
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Keyboard Layouts
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
    2011-02-10 16:25 - 2011-03-26 15:56 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
    2011-02-10 16:25 - 2011-03-26 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
    2010-05-26 15:25 - 2010-05-26 15:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-05-26 15:24 - 2010-05-26 15:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    Files to move or delete:
    ====================
    C:\Users\Public\AlexaNSISPlugin.1664.dll

    Some content of TEMP:
    ====================
    C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpde5cf3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
     
  9. Gulfdiver

    Gulfdiver Thread Starter

    Joined:
    May 12, 2013
    Messages:
    72
    In the interim my centurylink security popped up and stated a virus trjon removal removed a unwanted program and it has been running better since....
     
  10. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Download the attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

    The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

    [​IMG]

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
     

    Attached Files:

  11. Gulfdiver

    Gulfdiver Thread Starter

    Joined:
    May 12, 2013
    Messages:
    72
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
    Ran by John at 2015-02-05 18:19:09 Run:1
    Running from C:\Users\John\Desktop
    Loaded Profiles: John (Available profiles: John)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Run: [abtieem] => regsvr32.exe /s "C:\Users\John\AppData\Local\Nikon\abtieem.dll" <===== ATTENTION
    C:\Users\John\AppData\Local\Nikon\abtieem.dll"
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: D - D:\LaunchU3.exe -a
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530e3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530f3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {ef673efb-682e-11e0-a0e2-485b397be4fa} - D:\MI.exe
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
    DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
    DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker.com/WebResource...30999680000000
    DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} http://192.168.1.9:85/webrec.cab
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
    CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - No Path
    S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
    R3 ALSysIO; \??\C:\Users\John\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
    U3 tmlwf; No ImagePath
    U3 tmwfp; No ImagePath
    2015-01-14 22:51 - 2015-01-20 18:11 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2015-01-14 22:51 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2011-09-05 17:45 - 2011-10-17 17:17 - 0010752 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-10-01 20:06 - 2011-10-01 20:06 - 0000000 _____ () C:\Users\John\AppData\Local\{0437CACC-AF19-417C-AAA6-F1F9A991F49A}
    2012-01-06 22:57 - 2012-01-06 22:57 - 0000000 _____ () C:\Users\John\AppData\Local\{16F5DC2C-B194-4134-A01C-7B44DA213EBC}
    2011-09-13 16:40 - 2011-09-13 16:40 - 0000000 _____ () C:\Users\John\AppData\Local\{24B2E4A7-4C67-410F-BC09-CA5D2EE752A3}
    2011-08-23 16:21 - 2011-08-23 16:21 - 0000000 _____ () C:\Users\John\AppData\Local\{27417F90-5037-47E1-91B2-8A3577C29DBF}
    2011-06-01 05:24 - 2011-06-01 05:24 - 0000000 _____ () C:\Users\John\AppData\Local\{4AA1BE57-D0C9-49EB-BA10-E319ED6D6246}
    2011-09-18 13:11 - 2011-09-18 13:11 - 0000000 _____ () C:\Users\John\AppData\Local\{54A6FC3B-933D-49B7-AD97-69D3504994C3}
    2011-06-18 09:46 - 2011-06-18 09:46 - 0000000 _____ () C:\Users\John\AppData\Local\{6818F0EB-0292-4015-AF51-40F22581D663}
    2011-11-20 08:56 - 2011-11-20 08:56 - 0000000 _____ () C:\Users\John\AppData\Local\{7EB45318-20B5-4508-A7AF-D232D9BA6E2A}
    2011-12-18 20:02 - 2011-12-18 20:02 - 0000000 _____ () C:\Users\John\AppData\Local\{9373FD65-C6BF-43FC-BD58-E8D193D390A1}
    2011-12-26 20:21 - 2011-12-26 20:21 - 0000000 _____ () C:\Users\John\AppData\Local\{9D72C211-E3EC-4067-BBEE-C35A31692DAD}
    2014-05-29 07:30 - 2014-05-29 07:30 - 0000000 _____ () C:\Users\John\AppData\Local\{9E92FCA2-027D-466A-975F-52689A8A44D2}
    2011-06-04 13:48 - 2011-06-04 13:48 - 0000000 _____ () C:\Users\John\AppData\Local\{AAB950EA-58A7-454E-A2EC-FFDBEAB832C0}
    2011-09-04 19:16 - 2011-09-04 19:16 - 0000000 _____ () C:\Users\John\AppData\Local\{AEE8173F-7E03-4FA9-91B0-85C46F0E73D4}
    2011-11-27 09:31 - 2011-11-27 09:31 - 0000000 _____ () C:\Users\John\AppData\Local\{BAE5E04A-3ABD-4EB3-AD7D-6EBF03BBB3D9}
    2011-08-25 20:30 - 2011-08-25 20:30 - 0000000 _____ () C:\Users\John\AppData\Local\{C50733FF-8870-4602-B899-C9EE68F63395}
    2011-08-05 17:37 - 2011-08-05 17:37 - 0000000 _____ () C:\Users\John\AppData\Local\{CDBE16D1-DC3B-4B29-A93E-770B8CC34B1D}
    2012-02-04 20:38 - 2012-02-04 20:38 - 0000000 _____ () C:\Users\John\AppData\Local\{D76ABF8A-071F-4B0F-B5AB-CA2BB9F7D688}
    2011-06-02 05:30 - 2011-06-02 05:30 - 0000000 _____ () C:\Users\John\AppData\Local\{D87F1E69-08A1-405B-BECF-2BC35D6C4B3A}
    2011-06-13 08:53 - 2011-06-13 08:53 - 0000000 _____ () C:\Users\John\AppData\Local\{D8918207-3175-4EAA-A497-8FEDEA799CA9}
    2011-02-10 16:25 - 2011-02-10 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
    2011-02-10 16:25 - 2011-03-26 15:56 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
    2011-02-10 16:25 - 2011-03-26 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
    2010-05-26 15:25 - 2010-05-26 15:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-05-26 15:24 - 2010-05-26 15:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    C:\Users\Public\AlexaNSISPlugin.1664.dll
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\propsys.dll No File
    C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\propsys.dll
    Task: {02F6DD07-F958-4414-BDFC-AEF5C8CCBD3C} - System32\Tasks\{635FA8D0-9072-4A50-B18F-9039989D2F08} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z37IQAS\jv16_regcleaner.exe" -d C:\Users\John\Desktop
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z37IQAS\jv16_regcleaner.exe
    Task: {0BE9CF7A-98F7-4EE8-94BA-35252AC45F05} - System32\Tasks\{93191563-8596-4520-AD54-9153C6942589} => pcalua.exe -a "C:\Program Files (x86)\FlashGet Network\FlashGet 3\uninst.exe"
    C:\Program Files (x86)\FlashGet Network\FlashGet 3\uninst.exe
    Task: {29D49EFA-B056-4138-9AA4-9EEE7E43AC25} - System32\Tasks\{31618367-F425-4B92-B244-FC804F042107} => Firefox.exe
    Task: {3144916C-753C-42B1-ABB8-A41A7F37ED8C} - System32\Tasks\{7A9C22BD-AC36-4FC7-9B6F-680281533181} => Firefox.exe
    Task: {3A861D7E-499D-4402-852D-32A1F271AD81} - System32\Tasks\{AF74B245-77B6-461D-9152-D77774DF4BA7} => pcalua.exe -a "C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader\uninst\unins000.exe"
    C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader\uninst\unins000.exe
    Task: {61F946C7-86F0-4DDA-BF1B-65DF8B662160} - System32\Tasks\{0C01FC14-E568-47E2-A040-D08209C94F0B} => pcalua.exe -a C:\Windows\system32\MSIEXEC.EXE -d C:\Windows\SysWOW64 -c /qb! /L*v C:\Users\John\AppData\Local\Temp\BB_MM.log ARPSYSTEMCOMPONENT=1 REBOOT=Suppress /I "E:\files\exec\bbinstaller\SR_MM\Roxio Media Manager.msi" TRANSFORMS="E:\files\exec\bbinstaller\SR_MM\1033.mst" INSTALLERDIR="E:\files\exec\bbinstaller\SR_MM\"
    Task: {64754A07-29FA-4950-BC29-312C4C1D66CC} - System32\Tasks\{DBBF3F5A-1B9A-4450-AF50-1A4BC9B44FB5} => Firefox.exe
    Task: {73352550-73E3-408A-9B19-27FE73B21CE1} - System32\Tasks\Core Temp Autostart John => C:\Users\John\Downloads\CoreTemp64\Core Temp.exe [2011-07-16] ()
    Task: {EF8ABD41-2BDA-4139-B13D-0CB7D0FD50F5} - System32\Tasks\{683B9B4F-CD96-4E0F-ACD0-F4334CC8EF5F} => pcalua.exe -a C:\Users\John\Downloads\HijackThis.exe -d C:\Users\John\Downloads
    Task: {FD1AA3A6-4148-4070-8E28-E7AF52FC6D79} - System32\Tasks\{513A90BA-3DA7-4AC6-9800-F20848A98675} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8N72BEMZ\HijackThis.exe" -d C:\Users\John\Desktop
    Task: {FFD921E3-FBAB-4E62-B7FB-30EA1B1C1EDA} - System32\Tasks\{FE84681F-8D46-4654-8B67-A4F457B4C110} => Firefox.exe
    CMD: bitsadmin /reset /allusers
    Reboot:
    end
    *****************
    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Windows\CurrentVersion\Run\\abtieem => value deleted successfully.
    "C:\Users\John\AppData\Local\Nikon\abtieem.dll" => File/Directory not found.
    "HKU\S-1-5-21-355417517-4124742512-337856535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => Key deleted successfully.
    "HKU\S-1-5-21-355417517-4124742512-337856535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31e530e3-e27e-11df-a350-485b397be4fa}" => Key deleted successfully.
    HKCR\CLSID\{31e530e3-e27e-11df-a350-485b397be4fa} => Key not found.
    "HKU\S-1-5-21-355417517-4124742512-337856535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31e530f3-e27e-11df-a350-485b397be4fa}" => Key deleted successfully.
    HKCR\CLSID\{31e530f3-e27e-11df-a350-485b397be4fa} => Key not found.
    "HKU\S-1-5-21-355417517-4124742512-337856535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef673efb-682e-11e0-a0e2-485b397be4fa}" => Key deleted successfully.
    HKCR\CLSID\{ef673efb-682e-11e0-a0e2-485b397be4fa} => Key not found.
    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk => Moved successfully.
    C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe => Moved successfully.
    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk not found.
    C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
    HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{EDD8DF0B-A160-45DF-A26E-67C390A57B18}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{EDD8DF0B-A160-45DF-A26E-67C390A57B18}" => Key deleted successfully.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => value deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb" => Key deleted successfully.
    RoxLiveShare9 => Service deleted successfully.
    ALSysIO => Service stopped successfully.
    ALSysIO => Service deleted successfully.
    RimUsb => Service deleted successfully.
    tmlwf => Service deleted successfully.
    tmwfp => Service deleted successfully.
    C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
    C:\ProgramData\Windows Genuine Advantage => Moved successfully.
    C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
    C:\Users\John\AppData\Local\{0437CACC-AF19-417C-AAA6-F1F9A991F49A} => Moved successfully.
    C:\Users\John\AppData\Local\{16F5DC2C-B194-4134-A01C-7B44DA213EBC} => Moved successfully.
    C:\Users\John\AppData\Local\{24B2E4A7-4C67-410F-BC09-CA5D2EE752A3} => Moved successfully.
    C:\Users\John\AppData\Local\{27417F90-5037-47E1-91B2-8A3577C29DBF} => Moved successfully.
    C:\Users\John\AppData\Local\{4AA1BE57-D0C9-49EB-BA10-E319ED6D6246} => Moved successfully.
    C:\Users\John\AppData\Local\{54A6FC3B-933D-49B7-AD97-69D3504994C3} => Moved successfully.
    C:\Users\John\AppData\Local\{6818F0EB-0292-4015-AF51-40F22581D663} => Moved successfully.
    C:\Users\John\AppData\Local\{7EB45318-20B5-4508-A7AF-D232D9BA6E2A} => Moved successfully.
    C:\Users\John\AppData\Local\{9373FD65-C6BF-43FC-BD58-E8D193D390A1} => Moved successfully.
    C:\Users\John\AppData\Local\{9D72C211-E3EC-4067-BBEE-C35A31692DAD} => Moved successfully.
    C:\Users\John\AppData\Local\{9E92FCA2-027D-466A-975F-52689A8A44D2} => Moved successfully.
    C:\Users\John\AppData\Local\{AAB950EA-58A7-454E-A2EC-FFDBEAB832C0} => Moved successfully.
    C:\Users\John\AppData\Local\{AEE8173F-7E03-4FA9-91B0-85C46F0E73D4} => Moved successfully.
    C:\Users\John\AppData\Local\{BAE5E04A-3ABD-4EB3-AD7D-6EBF03BBB3D9} => Moved successfully.
    C:\Users\John\AppData\Local\{C50733FF-8870-4602-B899-C9EE68F63395} => Moved successfully.
    C:\Users\John\AppData\Local\{CDBE16D1-DC3B-4B29-A93E-770B8CC34B1D} => Moved successfully.
    C:\Users\John\AppData\Local\{D76ABF8A-071F-4B0F-B5AB-CA2BB9F7D688} => Moved successfully.
    C:\Users\John\AppData\Local\{D87F1E69-08A1-405B-BECF-2BC35D6C4B3A} => Moved successfully.
    C:\Users\John\AppData\Local\{D8918207-3175-4EAA-A497-8FEDEA799CA9} => Moved successfully.
    C:\ProgramData\PKP_DLes.DAT => Moved successfully.
    C:\ProgramData\PKP_DLet.DAT => Moved successfully.
    C:\ProgramData\PKP_DLev.DAT => Moved successfully.
    C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => Moved successfully.
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => Moved successfully.
    C:\Users\Public\AlexaNSISPlugin.1664.dll => Moved successfully.
    "HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}" => Key deleted successfully.
    "HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => Key deleted successfully.
    "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\propsys.dll" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02F6DD07-F958-4414-BDFC-AEF5C8CCBD3C}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02F6DD07-F958-4414-BDFC-AEF5C8CCBD3C}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{635FA8D0-9072-4A50-B18F-9039989D2F08} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{635FA8D0-9072-4A50-B18F-9039989D2F08}" => Key deleted successfully.
    "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z37IQAS\jv16_regcleaner.exe" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BE9CF7A-98F7-4EE8-94BA-35252AC45F05}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BE9CF7A-98F7-4EE8-94BA-35252AC45F05}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{93191563-8596-4520-AD54-9153C6942589} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93191563-8596-4520-AD54-9153C6942589}" => Key deleted successfully.
    "C:\Program Files (x86)\FlashGet Network\FlashGet 3\uninst.exe" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29D49EFA-B056-4138-9AA4-9EEE7E43AC25}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29D49EFA-B056-4138-9AA4-9EEE7E43AC25}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{31618367-F425-4B92-B244-FC804F042107} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31618367-F425-4B92-B244-FC804F042107}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3144916C-753C-42B1-ABB8-A41A7F37ED8C}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3144916C-753C-42B1-ABB8-A41A7F37ED8C}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{7A9C22BD-AC36-4FC7-9B6F-680281533181} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A9C22BD-AC36-4FC7-9B6F-680281533181}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A861D7E-499D-4402-852D-32A1F271AD81}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A861D7E-499D-4402-852D-32A1F271AD81}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{AF74B245-77B6-461D-9152-D77774DF4BA7} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF74B245-77B6-461D-9152-D77774DF4BA7}" => Key deleted successfully.
    "C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader\uninst\unins000.exe" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61F946C7-86F0-4DDA-BF1B-65DF8B662160}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F946C7-86F0-4DDA-BF1B-65DF8B662160}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{0C01FC14-E568-47E2-A040-D08209C94F0B} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C01FC14-E568-47E2-A040-D08209C94F0B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64754A07-29FA-4950-BC29-312C4C1D66CC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64754A07-29FA-4950-BC29-312C4C1D66CC}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{DBBF3F5A-1B9A-4450-AF50-1A4BC9B44FB5} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBBF3F5A-1B9A-4450-AF50-1A4BC9B44FB5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73352550-73E3-408A-9B19-27FE73B21CE1}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73352550-73E3-408A-9B19-27FE73B21CE1}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Core Temp Autostart John => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Core Temp Autostart John" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF8ABD41-2BDA-4139-B13D-0CB7D0FD50F5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF8ABD41-2BDA-4139-B13D-0CB7D0FD50F5}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{683B9B4F-CD96-4E0F-ACD0-F4334CC8EF5F} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{683B9B4F-CD96-4E0F-ACD0-F4334CC8EF5F}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD1AA3A6-4148-4070-8E28-E7AF52FC6D79}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD1AA3A6-4148-4070-8E28-E7AF52FC6D79}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{513A90BA-3DA7-4AC6-9800-F20848A98675} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{513A90BA-3DA7-4AC6-9800-F20848A98675}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFD921E3-FBAB-4E62-B7FB-30EA1B1C1EDA}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFD921E3-FBAB-4E62-B7FB-30EA1B1C1EDA}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{FE84681F-8D46-4654-8B67-A4F457B4C110} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE84681F-8D46-4654-8B67-A4F457B4C110}" => Key deleted successfully.
    ========= bitsadmin /reset /allusers =========

    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.
    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
    Unable to cancel {8CAD9482-6C05-4DB7-80C3-E241C2F2F4DD}.
    {D9C4D7EB-1F97-4B80-BE1E-751F97672D0F} canceled.
    {53B9A00C-8991-463B-B046-DF7C50E0ED0A} canceled.
    {F2243800-26E2-49F4-ABDB-5DDC7124B8EC} canceled.
    {728F3A09-63A7-4E4B-92D7-74130D7917B8} canceled.
    {50830D8B-3A04-4B33-B161-48D13793B477} canceled.
    {896835E7-962C-4ED4-9486-F8E7B9046626} canceled.
    {57104366-2FC6-421A-94D2-7E8968883E82} canceled.
    {A065661B-1B46-4EC9-865F-8EEE18225041} canceled.
    {534535D5-E663-4AA6-9A9C-7D2D4C3ACB1D} canceled.
    {5D8D6BA8-07CD-47A4-AC7C-9AA340EEA16E} canceled.
    {88382210-06E6-45AA-A08C-2AA64E49F214} canceled.
    {C1CD512A-7E3B-490E-89CC-1F434DC84C43} canceled.
    {DC7E779A-B1E3-480B-98E5-92FB6A1A74BC} canceled.
    {42692E31-C0A2-4282-AB16-86E855148AC4} canceled.
    {601E3F1E-0FA0-4EA3-A016-2500FB58B996} canceled.
    {B01E694B-CD89-433B-9E6C-E75880731D1C} canceled.
    {29891989-5B0D-4766-A2AA-7FFD82720465} canceled.
    {B09D1071-F658-4F9B-BC01-F06D841FADEE} canceled.
    {AE19F14C-4346-4EDB-A93F-E33F4F0DDCFF} canceled.
    {109E3329-AD69-48C7-8922-92D39C7BEFB5} canceled.
    {27352661-A1AB-448A-B315-E3B48D152001} canceled.
    {BE700484-430C-4E35-82EB-67ABE434C059} canceled.
    {9A5BF586-FD42-4EE7-8BD3-1EFE038DA83B} canceled.
    {97C26A61-FF0F-407F-B512-943436F61933} canceled.
    {ECB5732F-897C-4B06-88B3-CBD3D4EBF60C} canceled.
    {B7641FF6-A14C-4707-92B9-F2C51A87C63A} canceled.
    {933A74B6-4039-49A4-8603-5901AE730342} canceled.
    {5F3A27AC-8846-456B-9470-ADAC212A8437} canceled.
    {C11DD57E-991A-4900-9A6F-B378B7047C6C} canceled.
    {02C734A7-B522-4E0A-B7BD-116EE762C929} canceled.
    {E5391C4D-FCD4-462C-BB33-3B2ABC61DD65} canceled.
    {50E1FB2B-E734-4E5F-91FF-A3D8B0E3FF1E} canceled.
    {741A8AA3-B21E-4BEF-8225-8C7057FCDA15} canceled.
    {556DD037-D25F-4532-9126-BCF4EE681924} canceled.
    {1442232A-85E2-47D0-BE78-934104F5F291} canceled.
    {6DDFDE66-920C-401B-A0C1-73E77B14A10F} canceled.
    {170EA865-43E9-4816-809F-CE8B2E092442} canceled.
    {366185B7-8AB9-47AB-8A76-9CB8F275978A} canceled.
    {120B207A-58AC-4870-9D05-84D9CBE64CE6} canceled.
    {D28BC3B3-C103-4BF8-B9A4-847ABBC418C2} canceled.
    {32430D66-72C3-4AA0-B044-5F1595586566} canceled.
    {9F1AAFDA-EA82-4C66-828E-0F8EEEDE5598} canceled.
    {B07392C0-9F38-4CBB-A37B-BB6865698013} canceled.
    {51A1E00A-93E1-4563-AB61-9AD1400F6FC5} canceled.
    {57DD6F31-7D16-4230-A8C0-F1450A9B19B5} canceled.
    {9F968650-41AC-475E-9FD7-884800DE3481} canceled.
    {87DBF23B-6582-454F-8E58-EC1E87AEA716} canceled.
    {9C4C1E6E-DA68-45B5-9E73-7E0C47C4AAC5} canceled.
    {9BC82E0C-0A58-4A5C-9A90-697F1181ED23} canceled.
    {ED89071A-7B2A-48E4-9D3C-DB168E1FE95C} canceled.
    {2A94CA60-0E2F-432C-AD54-A944B9A84C07} canceled.
    {A0250D1A-CE41-4421-AA53-956F755F8882} canceled.
    {EC6243BE-6299-4396-A89C-AEF400BBF6DC} canceled.
    {54B14615-C94C-4187-A195-EDE04E1A10ED} canceled.
    {D2D4B48B-2A43-4372-A207-98A729B71DE8} canceled.
    {E3671FE0-9290-4132-A3F3-F3044500BA17} canceled.
    {F22C6813-0BDF-4D2E-8217-604B80EF4FB5} canceled.
    {08B36321-E97B-4868-AFE8-C56B009C433F} canceled.
    {E9195840-EFBD-4668-AC98-FE701A6E2C80} canceled.
    {AF4BAD00-3129-442B-BE21-1A70D291B085} canceled.
    60 out of 61 jobs canceled.
    ========= End of CMD: =========


    The system needed a reboot.
    ==== End of Fixlog 18:19:50 ====
     
  12. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    First, How is your system running now?

    Next, scan with AdwCleaner by Xplode

    Download AdwCleaner from here or from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    1. Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:

      [​IMG]
    2. Click the Scan button and wait for the scan to finish.
    3. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    4. Click the Clean button.
    5. Everything checked will be deleted.
    6. When the program has finished cleaning a report appears.
    7. Once done it will ask to reboot, allow this

      [​IMG]
    8. On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
    Optional:

    NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

    Finally, install and scan with Malwarebytes' Anti-Malware

    Please download the latest version of Malwarebytes' Anti-Malware from here .

    Double Click on the mbam-setup.exe file to install the application.

    Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
    [​IMG]

    Once the program has loaded and updated, select "Scan Now >>" to start the scan.
    [​IMG]

    The scan may take some time to finish, so please be patient.

    If any malware is found, you will be presented with a screen like the one below.
    [​IMG]

    Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

    After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

    Please attach the report file to a post here; I will review the file and script what needs to be removed.
     
  13. Gulfdiver

    Gulfdiver Thread Starter

    Joined:
    May 12, 2013
    Messages:
    72
    # AdwCleaner v4.110 - Logfile created 07/02/2015 at 08:06:03
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-05.2 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : John - JOHN-PC
    # Running from : C:\Users\John\Desktop\AdwCleaner.exe
    # Option : Cleaning
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>erride;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
    ***** [ Web browsers ] *****
    -\\ Internet Explorer v11.0.9600.17496

    -\\ Mozilla Firefox v29.0.1 (en-US)

    -\\ Google Chrome v

    *************************
    AdwCleaner[R0].txt - [6410 bytes] - [01/12/2013 10:05:59]
    AdwCleaner[R1].txt - [1018 bytes] - [01/12/2013 13:47:41]
    AdwCleaner[R2].txt - [2537 bytes] - [21/09/2014 10:34:43]
    AdwCleaner[R3].txt - [1713 bytes] - [28/12/2014 11:24:41]
    AdwCleaner[R4].txt - [3418 bytes] - [07/02/2015 07:50:32]
    AdwCleaner[R5].txt - [3477 bytes] - [07/02/2015 07:58:05]
    AdwCleaner[S0].txt - [6221 bytes] - [01/12/2013 10:09:48]
    AdwCleaner[S1].txt - [1080 bytes] - [01/12/2013 13:48:26]
    AdwCleaner[S2].txt - [2573 bytes] - [21/09/2014 10:36:40]
    AdwCleaner[S3].txt - [1673 bytes] - [28/12/2014 11:35:00]
    AdwCleaner[S4].txt - [3406 bytes] - [07/02/2015 08:06:03]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3465 bytes] ##########
     
  14. Gulfdiver

    Gulfdiver Thread Starter

    Joined:
    May 12, 2013
    Messages:
    72
    There is no download link working on MWB. I get a 404 error page not found?
     
  15. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Hold off on the Malwarebytes scan for a bit. Move on to this scan please >>>


    This next step may take a while (just to warn you) .....

    ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

    You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

    Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

    Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

    -------------------------------------------------------------------------------------------------------------------

    Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

    Link =>> ESET Online Scanner <<

    Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

    [​IMG]

    For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
    Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

    [​IMG]

    Double click on the icon on your desktop.

    [​IMG]

    Check (accept) the Terms of Use.

    [​IMG]

    Click the START button.
    Accept any security warnings from your browser.

    Now in the Computer scan settings window that appears:-
    Make sure that the option Enable detection of potentially unwanted applications is selected.
    Now click on Advanced Settings and configure the options as follows:

    Remove found threats is Not checked
    Scan archives is checked
    Scan for potentially unsafe applications is checked
    Enable Anti-Stealth Technology is checked


    Now click on: Start
    [​IMG]



    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [​IMG]


    [​IMG]

    When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

    [​IMG]

    At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

    [​IMG]

    Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

    [​IMG]

    Attach the saved log file in your next reply please. Thanks.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Things runing background
  1. aimee
    Replies:
    32
    Views:
    2,350
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1142118

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice