Things runing in the background

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Gulfdiver

Thread Starter
Joined
May 12, 2013
Messages
72
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\Downloads\HijackThis.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
There are split second windows popping up in window and all of these are running in the process tree. If I end the process they jus reappear. I am missing icons in the windows bar and the cpu usage is running constantly. The description list Google Crome next to it and there is no Google Crome in my add and remove programs menu.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:42:14 PM, on 1/29/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\bfgclient\bfggameservices.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\Downloads\HijackThis.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Hoster (46680)] "C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe" -app -hosterid:1
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [abtieem] regsvr32.exe /s "C:\Users\John\AppData\Local\Nikon\abtieem.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = John\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {0FADB9AA-6955-4319-B538-BB1461E11A28} (NTR Plugin 1.2.4.2) - https://secure.nsnconnect.com/main/mod/setup/beta/ntrplugin1242v_2.cab
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDD8DF0B-A160-45DF-A26E-67C390A57B18} (SurveillanceCtrl Control) - http://192.168.1.9:85/webrec.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12428 bytes
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Hi GulfDiver,

Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

    - Save ALL Tools to your Desktop-
    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
    Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.
    Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    Internet Explorer - Click the Tools menu in the upper right-corner of the browser.
    Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Let's get started....


Tech Support Guy asks that you supply the scan from this post; the TSG SysInfo utility is available here ----> Everyone MUST read this BEFORE posting for help in this forum.


Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

Gulfdiver

Thread Starter
Joined
May 12, 2013
Messages
72
Thanks for the fast reply,
I am out of town for the weekend. I will be able to address this on Sunday when I get back.
I appreciate your help
J
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Have a good trip / time until then and I will look for your reply then.
 

Gulfdiver

Thread Starter
Joined
May 12, 2013
Messages
72
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by John (administrator) on JOHN-PC on 01-02-2015 19:52:41
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Users\John\Downloads\CoreTemp64\Core Temp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Windows\AsScrPro.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\VirtualSearchHost.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe
(Google Inc.) C:\Users\John\AppData\LocalLow\ntr\Cuzmnsvs\vpqvpgzpsyko\Yonloejnk.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (46680)] => C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2010-05-26] (ASUS)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Run: [abtieem] => regsvr32.exe /s "C:\Users\John\AppData\Local\Nikon\abtieem.dll" <===== ATTENTION
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530e3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530f3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {ef673efb-682e-11e0-a0e2-485b397be4fa} - D:\MI.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://asus.msn.com
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {0FADB9AA-6955-4319-B538-BB1461E11A28} https://secure.nsnconnect.com/main/mod/setup/beta/ntrplugin1242v_2.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} http://192.168.1.9:85/webrec.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\r12ofno8.default-1368986637823
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-355417517-4124742512-337856535-1000: @nsroblox.roblox.com/launcher -> C:\Users\John\AppData\Local\Roblox\Versions\version-c2a7e6748ad54a86\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20]
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-05-26] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-05-26] (Creative Labs) [File not signed]
R2 fshoster; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe [61176 2012-08-06] (F-Secure Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [207400 2014-11-18] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-01-15] ()
R3 fsni; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-10] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 ALSysIO; \??\C:\Users\John\AppData\Local\Temp\ALSysIO64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 19:52 - 2015-02-01 19:54 - 00019340 _____ () C:\Users\John\Desktop\FRST.txt
2015-02-01 19:52 - 2015-02-01 19:52 - 00000000 ____D () C:\FRST
2015-02-01 19:45 - 2015-02-01 19:51 - 02131456 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-01-29 23:05 - 2015-02-01 18:24 - 00000168 _____ () C:\Windows\setupact.log
2015-01-29 23:05 - 2015-01-29 23:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-29 23:04 - 2015-01-29 23:04 - 00001180 _____ () C:\Windows\PFRO.log
2015-01-29 21:42 - 2015-01-29 21:42 - 00012430 _____ () C:\Users\John\Downloads\hijackthis1
2015-01-28 20:51 - 2015-01-28 20:51 - 00000776 _____ () C:\Users\John\Desktop\JRT.txt
2015-01-20 18:11 - 2015-01-20 18:41 - 00014248 _____ () C:\Users\John\Documents\Tax Summary 2014.xlsx
2015-01-14 22:51 - 2015-01-20 18:11 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-14 22:51 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-14 19:32 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 19:32 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 19:32 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 19:32 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 19:32 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 19:32 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 19:32 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:15 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 18:15 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 18:15 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 18:15 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:14 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 18:01 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 14:24 - 2015-01-13 14:24 - 00002435 _____ () C:\Users\John\Desktop\Microsoft Office 2010.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-07-24 21:24 - 2011-07-10 10:31 - 00000000 ____D () C:\Users\John\Downloads\Guru3D.com
2015-02-01 19:43 - 2013-01-26 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 19:42 - 2010-09-04 08:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 19:41 - 2010-05-26 15:27 - 01493600 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 18:32 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 18:32 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 18:31 - 2014-02-19 16:46 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F80B639C-2F72-4C7F-9EB5-686A1DB5385D}
2015-02-01 18:26 - 2014-12-28 11:37 - 00003424 _____ () C:\Windows\System32\Tasks\Scheduled scanning task
2015-02-01 18:26 - 2014-12-28 11:37 - 00000650 _____ () C:\Windows\Tasks\Scheduled scanning task.job
2015-02-01 18:26 - 2014-08-24 20:10 - 00000000 ___RD () C:\Users\John\Dropbox
2015-02-01 18:25 - 2014-08-24 20:08 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
2015-02-01 18:24 - 2010-09-04 08:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 18:24 - 2010-09-01 23:26 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-02-01 18:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 21:09 - 2010-08-31 08:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-27 20:08 - 2011-02-10 22:47 - 00000000 ____D () C:\Users\John\AppData\Local\Nikon
2015-01-15 03:10 - 2013-08-14 20:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2010-09-25 10:33 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 14:21 - 2010-08-31 10:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-10 23:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 21:59 - 2010-11-17 13:32 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment
2015-01-04 09:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-02 11:14 - 2009-07-14 00:13 - 00787374 _____ () C:\Windows\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Internet Services
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Iterate Items
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Jazz
2011-09-05 17:45 - 2011-10-17 17:17 - 0010752 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-05 12:35 - 2014-06-03 06:27 - 0007637 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2011-10-01 20:06 - 2011-10-01 20:06 - 0000000 _____ () C:\Users\John\AppData\Local\{0437CACC-AF19-417C-AAA6-F1F9A991F49A}
2012-01-06 22:57 - 2012-01-06 22:57 - 0000000 _____ () C:\Users\John\AppData\Local\{16F5DC2C-B194-4134-A01C-7B44DA213EBC}
2011-09-13 16:40 - 2011-09-13 16:40 - 0000000 _____ () C:\Users\John\AppData\Local\{24B2E4A7-4C67-410F-BC09-CA5D2EE752A3}
2011-08-23 16:21 - 2011-08-23 16:21 - 0000000 _____ () C:\Users\John\AppData\Local\{27417F90-5037-47E1-91B2-8A3577C29DBF}
2011-06-01 05:24 - 2011-06-01 05:24 - 0000000 _____ () C:\Users\John\AppData\Local\{4AA1BE57-D0C9-49EB-BA10-E319ED6D6246}
2011-09-18 13:11 - 2011-09-18 13:11 - 0000000 _____ () C:\Users\John\AppData\Local\{54A6FC3B-933D-49B7-AD97-69D3504994C3}
2011-06-18 09:46 - 2011-06-18 09:46 - 0000000 _____ () C:\Users\John\AppData\Local\{6818F0EB-0292-4015-AF51-40F22581D663}
2011-11-20 08:56 - 2011-11-20 08:56 - 0000000 _____ () C:\Users\John\AppData\Local\{7EB45318-20B5-4508-A7AF-D232D9BA6E2A}
2011-12-18 20:02 - 2011-12-18 20:02 - 0000000 _____ () C:\Users\John\AppData\Local\{9373FD65-C6BF-43FC-BD58-E8D193D390A1}
2011-12-26 20:21 - 2011-12-26 20:21 - 0000000 _____ () C:\Users\John\AppData\Local\{9D72C211-E3EC-4067-BBEE-C35A31692DAD}
2014-05-29 07:30 - 2014-05-29 07:30 - 0000000 _____ () C:\Users\John\AppData\Local\{9E92FCA2-027D-466A-975F-52689A8A44D2}
2011-06-04 13:48 - 2011-06-04 13:48 - 0000000 _____ () C:\Users\John\AppData\Local\{AAB950EA-58A7-454E-A2EC-FFDBEAB832C0}
2011-09-04 19:16 - 2011-09-04 19:16 - 0000000 _____ () C:\Users\John\AppData\Local\{AEE8173F-7E03-4FA9-91B0-85C46F0E73D4}
2011-11-27 09:31 - 2011-11-27 09:31 - 0000000 _____ () C:\Users\John\AppData\Local\{BAE5E04A-3ABD-4EB3-AD7D-6EBF03BBB3D9}
2011-08-25 20:30 - 2011-08-25 20:30 - 0000000 _____ () C:\Users\John\AppData\Local\{C50733FF-8870-4602-B899-C9EE68F63395}
2011-08-05 17:37 - 2011-08-05 17:37 - 0000000 _____ () C:\Users\John\AppData\Local\{CDBE16D1-DC3B-4B29-A93E-770B8CC34B1D}
2012-02-04 20:38 - 2012-02-04 20:38 - 0000000 _____ () C:\Users\John\AppData\Local\{D76ABF8A-071F-4B0F-B5AB-CA2BB9F7D688}
2011-06-02 05:30 - 2011-06-02 05:30 - 0000000 _____ () C:\Users\John\AppData\Local\{D87F1E69-08A1-405B-BECF-2BC35D6C4B3A}
2011-06-13 08:53 - 2011-06-13 08:53 - 0000000 _____ () C:\Users\John\AppData\Local\{D8918207-3175-4EAA-A497-8FEDEA799CA9}
2012-07-20 09:43 - 2012-07-20 09:43 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Jingles
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Kernel Extension
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Keyboard Layouts
2011-02-10 16:25 - 2011-02-10 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-02-10 16:25 - 2011-03-26 15:56 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-02-10 16:25 - 2011-03-26 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2010-05-26 15:25 - 2010-05-26 15:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-05-26 15:24 - 2010-05-26 15:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.1664.dll

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzqlm44.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-27 00:00
==================== End Of Log ============================
 

Gulfdiver

Thread Starter
Joined
May 12, 2013
Messages
72
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by John at 2015-02-01 19:54:37
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.28 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATI AVIVO64 Codecs (Version: 10.12.0.41217 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D87D65E0-B704-9861-F836-5A310B41F153}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Backyard Skateboarding GOTY (HKLM-x32\...\{A85D902C-3451-44EA-8D5A-3C3B98E02EE0}) (Version: 1.00.000 - )
Best Buy Software Installer (HKLM-x32\...\Best Buy Software Installer) (Version: 2.3.0.1 - Best Buy)
Best Buy Software Installer (Version: 2.3.0.1 - Best Buy) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.1.46 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2009.1217.1632.29627 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CenturyLink Online Security (HKLM-x32\...\F-Secure ServiceEnabler 46680) (Version: 1.83.311.0 - F-Secure Corporation)
CenturyLink Online Security (x32 Version: 1.83.311.0 - F-Secure Corporation) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Computer Security 12.83.104.0 (release) (x32 Version: 12.83.104.0 - F-Secure Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.7 - ASUS)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Dropbox (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.2.13.38 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Federal Premium 2012 Ammunition (HKLM-x32\...\Federal Premium 2012 Ammunition) (Version: - )
F-Secure CCF Reputation (x32 Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.128 (x32 Version: 1.02.128.1 - F-Secure Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version: - Valve)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version: - Valve)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Ice Land 2 (HKLM-x32\...\Ice Land 2_is1) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Kubota-PAD_V1.3 (HKLM-x32\...\{AB2D8781-B724-43D2-A68B-E8351E2382AC}) (Version: 100.000.00000 - Kubota Corp.)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LEGO Fever (HKLM-x32\...\BFG-LEGO Fever) (Version: - )
LEGO® Indiana Jones&#8482; 2 (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones&#8482; 2: The Adventure Continues (HKLM-x32\...\InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}) (Version: 1.00.0000 - LucasArts)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nikon File Uploader 2 (HKLM-x32\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.0.2 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Online Safety 2.83.1346.10 (x32 Version: 2.83.1346.10 - F-Secure Corporation) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.1 - Nikon)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5978 - Realtek Semiconductor Corp.)
ROBLOX Player for John (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sound Blaster Audigy HD (HKLM-x32\...\{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}) (Version: 1.0 - Creative Technology Limited)
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.11.0 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Unity Web Player (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.3 - Nikon)
Visage Control Center (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\3431b9574968fe0e) (Version: 2.0.0.41 - GPSI LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
XBMC (HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\XBMC) (Version: - Team XBMC)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\propsys.dll No File
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
11-01-2015 21:10:41 Scheduled Checkpoint
14-01-2015 19:09:09 Windows Update
15-01-2015 03:00:15 Windows Update
27-01-2015 00:07:30 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02F6DD07-F958-4414-BDFC-AEF5C8CCBD3C} - System32\Tasks\{635FA8D0-9072-4A50-B18F-9039989D2F08} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z37IQAS\jv16_regcleaner.exe" -d C:\Users\John\Desktop
Task: {0392D22F-0240-4A81-9C81-496DBD946095} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {03C56058-85AD-45D3-8FFC-9D914DD3F21E} - System32\Tasks\{D958B1FD-2F8B-4451-9646-778A92969791} => Firefox.exe
Task: {0810E9C4-605E-45DF-A6CE-3D50187AFBF4} - System32\Tasks\HP AR Program Upload - 87fe26be7e2046a1b5f7bda6444a0eb917ac44c3ee664346bec320948c15e3d2 => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {0BE9CF7A-98F7-4EE8-94BA-35252AC45F05} - System32\Tasks\{93191563-8596-4520-AD54-9153C6942589} => pcalua.exe -a "C:\Program Files (x86)\FlashGet Network\FlashGet 3\uninst.exe"
Task: {11B47FFC-0D90-4D0A-B256-4788DC8896FB} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {2413B2FA-22B6-47DC-8F5E-94B35F502720} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {29D49EFA-B056-4138-9AA4-9EEE7E43AC25} - System32\Tasks\{31618367-F425-4B92-B244-FC804F042107} => Firefox.exe
Task: {3144916C-753C-42B1-ABB8-A41A7F37ED8C} - System32\Tasks\{7A9C22BD-AC36-4FC7-9B6F-680281533181} => Firefox.exe
Task: {32712D00-E008-46F0-8C56-AFB4D1B3CA4A} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-05] (ATK)
Task: {3A861D7E-499D-4402-852D-32A1F271AD81} - System32\Tasks\{AF74B245-77B6-461D-9152-D77774DF4BA7} => pcalua.exe -a "C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader\uninst\unins000.exe"
Task: {537225DF-16B5-43CF-AD38-B09816C6FD3C} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fsav.exe [2013-08-14] (F-Secure Corporation)
Task: {59958C07-4634-4F3E-899F-04A02BD902AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {61F946C7-86F0-4DDA-BF1B-65DF8B662160} - System32\Tasks\{0C01FC14-E568-47E2-A040-D08209C94F0B} => pcalua.exe -a C:\Windows\system32\MSIEXEC.EXE -d C:\Windows\SysWOW64 -c /qb! /L*v C:\Users\John\AppData\Local\Temp\BB_MM.log ARPSYSTEMCOMPONENT=1 REBOOT=Suppress /I "E:\files\exec\bbinstaller\SR_MM\Roxio Media Manager.msi" TRANSFORMS="E:\files\exec\bbinstaller\SR_MM\1033.mst" INSTALLERDIR="E:\files\exec\bbinstaller\SR_MM\"
Task: {64754A07-29FA-4950-BC29-312C4C1D66CC} - System32\Tasks\{DBBF3F5A-1B9A-4450-AF50-1A4BC9B44FB5} => Firefox.exe
Task: {73041105-B9B8-4DAA-A636-AE286FF2E9FC} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {73352550-73E3-408A-9B19-27FE73B21CE1} - System32\Tasks\Core Temp Autostart John => C:\Users\John\Downloads\CoreTemp64\Core Temp.exe [2011-07-16] ()
Task: {766BE332-F7E9-485E-84C2-E48AC76A8ACD} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {7BACE2D9-A712-492E-BBC9-C17EE4187D23} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
Task: {8C07CDF7-444E-4E51-80C5-5328F9893C40} - System32\Tasks\{4CC93609-70AE-427E-8961-54F54FDC675A} => C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2014-08-07] (Mozilla Corporation)
Task: {95FA11F8-D20D-40BB-AC21-F9727E852A7B} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-05-17] (asus)
Task: {A7BCBD72-809C-450E-A6A0-97B91DEC4DBC} - System32\Tasks\Core Temp Autostart => C:\Program Files\Core Temp\Core Temp.exe
Task: {AAA5515A-39C4-4991-9E33-5D83FF709156} - System32\Tasks\HP AR Program Upload - dd819c7bbca740958c4f04bf0bf73e629da8f59bc82544b0a573830762e7d090 => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {BF6F9B81-8246-45B8-A221-488A5EC61379} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D373E86B-4C7A-4223-A939-493ED1385316} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E871F3FF-AE4E-4CCB-A040-7A993DCAC62C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {EF8ABD41-2BDA-4139-B13D-0CB7D0FD50F5} - System32\Tasks\{683B9B4F-CD96-4E0F-ACD0-F4334CC8EF5F} => pcalua.exe -a C:\Users\John\Downloads\HijackThis.exe -d C:\Users\John\Downloads
Task: {FD1AA3A6-4148-4070-8E28-E7AF52FC6D79} - System32\Tasks\{513A90BA-3DA7-4AC6-9800-F20848A98675} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8N72BEMZ\HijackThis.exe" -d C:\Users\John\Desktop
Task: {FFD921E3-FBAB-4E62-B7FB-30EA1B1C1EDA} - System32\Tasks\{FE84681F-8D46-4654-8B67-A4F457B4C110} => Firefox.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\CENTUR~1\F-SECU~1\apps\COMPUT~1\ANTI-V~1\fsav.exe
==================== Loaded Modules (whitelisted) =============
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2008-10-01 01:02 - 2008-10-01 01:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-04 19:43 - 2010-01-04 19:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-10-03 00:14 - 2011-07-16 11:42 - 00563728 _____ () C:\Users\John\Downloads\CoreTemp64\Core Temp.exe
2009-12-23 15:12 - 2009-12-23 15:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-18 21:11 - 2009-12-18 21:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-05-26 15:43 - 2007-11-30 13:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AFBAgent => 2
MSCONFIG\Services: Amazon Download Agent => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\John\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: Apple Computer => rundll32 "C:\Users\John\AppData\Local\ATI\Apple Computer\oytxbrpm.dll",DllRegisterServer
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ArcSoft MediaImpression Monitor => C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3536RHRV05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN238BS01C05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: RunDLLEntry => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "c:\program files (x86)\steam\steam.exe" -silent
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
========================= Accounts: ==========================
Administrator (S-1-5-21-355417517-4124742512-337856535-500 - Administrator - Disabled)
Guest (S-1-5-21-355417517-4124742512-337856535-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-355417517-4124742512-337856535-1002 - Limited - Enabled)
John (S-1-5-21-355417517-4124742512-337856535-1000 - Administrator - Enabled) => C:\Users\John
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (02/01/2015 07:54:44 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1 2015-02-01 19:54:43-04:00 JOHN-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11201
Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11201
Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015
Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10015
Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017
Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (02/01/2015 07:52:24 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (02/01/2015 07:48:21 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (02/01/2015 07:47:38 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (02/01/2015 06:33:00 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (02/01/2015 06:32:17 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (02/01/2015 06:31:12 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user John-PC\John (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (02/01/2015 06:29:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}
Error: (02/01/2015 06:25:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (02/01/2015 06:25:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1053
Error: (02/01/2015 06:25:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Client service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (02/01/2015 07:54:44 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1 2015-02-01 19:54:43-04:00 JOHN-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11201
Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11201
Error: (02/01/2015 06:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015
Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10015
Error: (02/01/2015 06:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017
Error: (02/01/2015 06:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
Date: 2011-07-10 11:33:45.883
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-10 11:33:45.814
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-10 11:33:44.676
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-10 11:33:44.603
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-10 11:33:43.527
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-10 11:33:43.454
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-10 11:33:42.376
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-10 11:33:42.303
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-10 11:33:05.117
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-07-10 11:33:05.046
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 36%
Total physical RAM: 8116.55 MB
Available physical RAM: 5114.74 MB
Total Pagefile: 16231.29 MB
Available Pagefile: 12341.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:306.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Removable) (Total:7.39 GB) (Free:0.01 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=446.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Thanks for the logs. Let's get cleaning ....


Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
 

Attachments

Gulfdiver

Thread Starter
Joined
May 12, 2013
Messages
72
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by John (administrator) on JOHN-PC on 03-02-2015 23:23:16
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Users\John\Downloads\CoreTemp64\Core Temp.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\fshoster32.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Windows\AsScrPro.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\CenturyLink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSHDLL64.EXE
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (46680)] => C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2010-05-26] (ASUS)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Run: [abtieem] => regsvr32.exe /s "C:\Users\John\AppData\Local\Nikon\abtieem.dll" <===== ATTENTION
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530e3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530f3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {ef673efb-682e-11e0-a0e2-485b397be4fa} - D:\MI.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://asus.msn.com
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {0FADB9AA-6955-4319-B538-BB1461E11A28} https://secure.nsnconnect.com/main/mod/setup/beta/ntrplugin1242v_2.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} http://192.168.1.9:85/webrec.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\r12ofno8.default-1368986637823
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-355417517-4124742512-337856535-1000: @nsroblox.roblox.com/launcher -> C:\Users\John\AppData\Local\Roblox\Versions\version-c2a7e6748ad54a86\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20]
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-05-26] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-05-26] (Creative Labs) [File not signed]
R2 fshoster; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Reputation\fsorsp.exe [61176 2012-08-06] (F-Secure Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [207400 2014-11-18] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-01-15] ()
R3 fsni; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-10] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Centurylink Online Security\F-Secure Launchpad\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 ALSysIO; \??\C:\Users\John\AppData\Local\Temp\ALSysIO64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 23:22 - 2015-02-03 23:22 - 02131456 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-02-03 23:17 - 2015-02-03 23:17 - 00008720 _____ () C:\Users\John\Desktop\fixlist.txt
2015-02-01 19:54 - 2015-02-01 19:55 - 00042365 _____ () C:\Users\John\Desktop\Addition.txt
2015-02-01 19:52 - 2015-02-03 23:23 - 00018869 _____ () C:\Users\John\Desktop\FRST.txt
2015-02-01 19:52 - 2015-02-03 23:23 - 00000000 ____D () C:\FRST
2015-01-29 23:05 - 2015-02-03 06:02 - 00000224 _____ () C:\Windows\setupact.log
2015-01-29 23:05 - 2015-01-29 23:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-29 23:04 - 2015-02-03 06:02 - 00001950 _____ () C:\Windows\PFRO.log
2015-01-29 21:42 - 2015-01-29 21:42 - 00012430 _____ () C:\Users\John\Downloads\hijackthis1
2015-01-28 20:51 - 2015-01-28 20:51 - 00000776 _____ () C:\Users\John\Desktop\JRT.txt
2015-01-20 18:11 - 2015-02-03 17:17 - 00013131 _____ () C:\Users\John\Documents\Tax Summary 2014.xlsx
2015-01-14 22:51 - 2015-01-20 18:11 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-14 22:51 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-14 19:32 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 19:32 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 19:32 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 19:32 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 19:32 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 19:32 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 19:32 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:15 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 18:15 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 18:15 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 18:15 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:14 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 18:01 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 14:24 - 2015-01-13 14:24 - 00002435 _____ () C:\Users\John\Desktop\Microsoft Office 2010.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-07-24 21:24 - 2011-07-10 10:31 - 00000000 ____D () C:\Users\John\Downloads\Guru3D.com
2015-02-03 23:19 - 2010-09-04 08:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 22:43 - 2013-01-26 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 21:07 - 2014-02-19 16:46 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F80B639C-2F72-4C7F-9EB5-686A1DB5385D}
2015-02-03 17:15 - 2010-05-26 15:27 - 01588479 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 06:10 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 06:10 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 06:03 - 2014-08-24 20:10 - 00000000 ___RD () C:\Users\John\Dropbox
2015-02-03 06:03 - 2014-08-24 20:08 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
2015-02-03 06:02 - 2014-12-28 11:37 - 00000650 _____ () C:\Windows\Tasks\Scheduled scanning task.job
2015-02-03 06:02 - 2010-09-04 08:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 06:02 - 2010-09-01 23:26 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-02-03 06:02 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 06:01 - 2011-02-10 22:47 - 00000000 ____D () C:\Users\John\AppData\Local\Nikon
2015-02-03 00:01 - 2014-12-28 11:37 - 00003424 _____ () C:\Windows\System32\Tasks\Scheduled scanning task
2015-01-29 21:09 - 2010-08-31 08:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-15 03:10 - 2013-08-14 20:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2010-09-25 10:33 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 14:21 - 2010-08-31 10:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-10 23:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 21:59 - 2010-11-17 13:32 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment
2015-01-04 09:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
==================== Files in the root of some directories =======
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Internet Services
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Iterate Items
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Jazz
2011-09-05 17:45 - 2011-10-17 17:17 - 0010752 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-05 12:35 - 2014-06-03 06:27 - 0007637 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2011-10-01 20:06 - 2011-10-01 20:06 - 0000000 _____ () C:\Users\John\AppData\Local\{0437CACC-AF19-417C-AAA6-F1F9A991F49A}
2012-01-06 22:57 - 2012-01-06 22:57 - 0000000 _____ () C:\Users\John\AppData\Local\{16F5DC2C-B194-4134-A01C-7B44DA213EBC}
2011-09-13 16:40 - 2011-09-13 16:40 - 0000000 _____ () C:\Users\John\AppData\Local\{24B2E4A7-4C67-410F-BC09-CA5D2EE752A3}
2011-08-23 16:21 - 2011-08-23 16:21 - 0000000 _____ () C:\Users\John\AppData\Local\{27417F90-5037-47E1-91B2-8A3577C29DBF}
2011-06-01 05:24 - 2011-06-01 05:24 - 0000000 _____ () C:\Users\John\AppData\Local\{4AA1BE57-D0C9-49EB-BA10-E319ED6D6246}
2011-09-18 13:11 - 2011-09-18 13:11 - 0000000 _____ () C:\Users\John\AppData\Local\{54A6FC3B-933D-49B7-AD97-69D3504994C3}
2011-06-18 09:46 - 2011-06-18 09:46 - 0000000 _____ () C:\Users\John\AppData\Local\{6818F0EB-0292-4015-AF51-40F22581D663}
2011-11-20 08:56 - 2011-11-20 08:56 - 0000000 _____ () C:\Users\John\AppData\Local\{7EB45318-20B5-4508-A7AF-D232D9BA6E2A}
2011-12-18 20:02 - 2011-12-18 20:02 - 0000000 _____ () C:\Users\John\AppData\Local\{9373FD65-C6BF-43FC-BD58-E8D193D390A1}
2011-12-26 20:21 - 2011-12-26 20:21 - 0000000 _____ () C:\Users\John\AppData\Local\{9D72C211-E3EC-4067-BBEE-C35A31692DAD}
2014-05-29 07:30 - 2014-05-29 07:30 - 0000000 _____ () C:\Users\John\AppData\Local\{9E92FCA2-027D-466A-975F-52689A8A44D2}
2011-06-04 13:48 - 2011-06-04 13:48 - 0000000 _____ () C:\Users\John\AppData\Local\{AAB950EA-58A7-454E-A2EC-FFDBEAB832C0}
2011-09-04 19:16 - 2011-09-04 19:16 - 0000000 _____ () C:\Users\John\AppData\Local\{AEE8173F-7E03-4FA9-91B0-85C46F0E73D4}
2011-11-27 09:31 - 2011-11-27 09:31 - 0000000 _____ () C:\Users\John\AppData\Local\{BAE5E04A-3ABD-4EB3-AD7D-6EBF03BBB3D9}
2011-08-25 20:30 - 2011-08-25 20:30 - 0000000 _____ () C:\Users\John\AppData\Local\{C50733FF-8870-4602-B899-C9EE68F63395}
2011-08-05 17:37 - 2011-08-05 17:37 - 0000000 _____ () C:\Users\John\AppData\Local\{CDBE16D1-DC3B-4B29-A93E-770B8CC34B1D}
2012-02-04 20:38 - 2012-02-04 20:38 - 0000000 _____ () C:\Users\John\AppData\Local\{D76ABF8A-071F-4B0F-B5AB-CA2BB9F7D688}
2011-06-02 05:30 - 2011-06-02 05:30 - 0000000 _____ () C:\Users\John\AppData\Local\{D87F1E69-08A1-405B-BECF-2BC35D6C4B3A}
2011-06-13 08:53 - 2011-06-13 08:53 - 0000000 _____ () C:\Users\John\AppData\Local\{D8918207-3175-4EAA-A497-8FEDEA799CA9}
2012-07-20 09:43 - 2012-07-20 09:43 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Jingles
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Kernel Extension
2011-02-10 16:25 - 2011-02-10 16:25 - 0000268 ___RH () C:\ProgramData\Keyboard Layouts
2011-02-10 16:25 - 2011-02-10 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-02-10 16:25 - 2011-03-26 15:56 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-02-10 16:25 - 2011-03-26 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2010-05-26 15:25 - 2010-05-26 15:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-05-26 15:24 - 2010-05-26 15:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.1664.dll

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpde5cf3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
 

Gulfdiver

Thread Starter
Joined
May 12, 2013
Messages
72
In the interim my centurylink security popped up and stated a virus trjon removal removed a unwanted program and it has been running better since....
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
 

Attachments

Gulfdiver

Thread Starter
Joined
May 12, 2013
Messages
72
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by John at 2015-02-05 18:19:09 Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\Run: [abtieem] => regsvr32.exe /s "C:\Users\John\AppData\Local\Nikon\abtieem.dll" <===== ATTENTION
C:\Users\John\AppData\Local\Nikon\abtieem.dll"
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530e3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {31e530f3-e27e-11df-a350-485b397be4fa} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-355417517-4124742512-337856535-1000\...\MountPoints2: {ef673efb-682e-11e0-a0e2-485b397be4fa} - D:\MI.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-355417517-4124742512-337856535-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker.com/WebResource...30999680000000
DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} http://192.168.1.9:85/webrec.cab
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - No Path
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
R3 ALSysIO; \??\C:\Users\John\AppData\Local\Temp\ALSysIO64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
2015-01-14 22:51 - 2015-01-20 18:11 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-14 22:51 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2011-09-05 17:45 - 2011-10-17 17:17 - 0010752 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-01 20:06 - 2011-10-01 20:06 - 0000000 _____ () C:\Users\John\AppData\Local\{0437CACC-AF19-417C-AAA6-F1F9A991F49A}
2012-01-06 22:57 - 2012-01-06 22:57 - 0000000 _____ () C:\Users\John\AppData\Local\{16F5DC2C-B194-4134-A01C-7B44DA213EBC}
2011-09-13 16:40 - 2011-09-13 16:40 - 0000000 _____ () C:\Users\John\AppData\Local\{24B2E4A7-4C67-410F-BC09-CA5D2EE752A3}
2011-08-23 16:21 - 2011-08-23 16:21 - 0000000 _____ () C:\Users\John\AppData\Local\{27417F90-5037-47E1-91B2-8A3577C29DBF}
2011-06-01 05:24 - 2011-06-01 05:24 - 0000000 _____ () C:\Users\John\AppData\Local\{4AA1BE57-D0C9-49EB-BA10-E319ED6D6246}
2011-09-18 13:11 - 2011-09-18 13:11 - 0000000 _____ () C:\Users\John\AppData\Local\{54A6FC3B-933D-49B7-AD97-69D3504994C3}
2011-06-18 09:46 - 2011-06-18 09:46 - 0000000 _____ () C:\Users\John\AppData\Local\{6818F0EB-0292-4015-AF51-40F22581D663}
2011-11-20 08:56 - 2011-11-20 08:56 - 0000000 _____ () C:\Users\John\AppData\Local\{7EB45318-20B5-4508-A7AF-D232D9BA6E2A}
2011-12-18 20:02 - 2011-12-18 20:02 - 0000000 _____ () C:\Users\John\AppData\Local\{9373FD65-C6BF-43FC-BD58-E8D193D390A1}
2011-12-26 20:21 - 2011-12-26 20:21 - 0000000 _____ () C:\Users\John\AppData\Local\{9D72C211-E3EC-4067-BBEE-C35A31692DAD}
2014-05-29 07:30 - 2014-05-29 07:30 - 0000000 _____ () C:\Users\John\AppData\Local\{9E92FCA2-027D-466A-975F-52689A8A44D2}
2011-06-04 13:48 - 2011-06-04 13:48 - 0000000 _____ () C:\Users\John\AppData\Local\{AAB950EA-58A7-454E-A2EC-FFDBEAB832C0}
2011-09-04 19:16 - 2011-09-04 19:16 - 0000000 _____ () C:\Users\John\AppData\Local\{AEE8173F-7E03-4FA9-91B0-85C46F0E73D4}
2011-11-27 09:31 - 2011-11-27 09:31 - 0000000 _____ () C:\Users\John\AppData\Local\{BAE5E04A-3ABD-4EB3-AD7D-6EBF03BBB3D9}
2011-08-25 20:30 - 2011-08-25 20:30 - 0000000 _____ () C:\Users\John\AppData\Local\{C50733FF-8870-4602-B899-C9EE68F63395}
2011-08-05 17:37 - 2011-08-05 17:37 - 0000000 _____ () C:\Users\John\AppData\Local\{CDBE16D1-DC3B-4B29-A93E-770B8CC34B1D}
2012-02-04 20:38 - 2012-02-04 20:38 - 0000000 _____ () C:\Users\John\AppData\Local\{D76ABF8A-071F-4B0F-B5AB-CA2BB9F7D688}
2011-06-02 05:30 - 2011-06-02 05:30 - 0000000 _____ () C:\Users\John\AppData\Local\{D87F1E69-08A1-405B-BECF-2BC35D6C4B3A}
2011-06-13 08:53 - 2011-06-13 08:53 - 0000000 _____ () C:\Users\John\AppData\Local\{D8918207-3175-4EAA-A497-8FEDEA799CA9}
2011-02-10 16:25 - 2011-02-10 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-02-10 16:25 - 2011-03-26 15:56 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-02-10 16:25 - 2011-03-26 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2010-05-26 15:25 - 2010-05-26 15:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-05-26 15:24 - 2010-05-26 15:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\Users\Public\AlexaNSISPlugin.1664.dll
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\propsys.dll No File
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\propsys.dll
Task: {02F6DD07-F958-4414-BDFC-AEF5C8CCBD3C} - System32\Tasks\{635FA8D0-9072-4A50-B18F-9039989D2F08} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z37IQAS\jv16_regcleaner.exe" -d C:\Users\John\Desktop
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z37IQAS\jv16_regcleaner.exe
Task: {0BE9CF7A-98F7-4EE8-94BA-35252AC45F05} - System32\Tasks\{93191563-8596-4520-AD54-9153C6942589} => pcalua.exe -a "C:\Program Files (x86)\FlashGet Network\FlashGet 3\uninst.exe"
C:\Program Files (x86)\FlashGet Network\FlashGet 3\uninst.exe
Task: {29D49EFA-B056-4138-9AA4-9EEE7E43AC25} - System32\Tasks\{31618367-F425-4B92-B244-FC804F042107} => Firefox.exe
Task: {3144916C-753C-42B1-ABB8-A41A7F37ED8C} - System32\Tasks\{7A9C22BD-AC36-4FC7-9B6F-680281533181} => Firefox.exe
Task: {3A861D7E-499D-4402-852D-32A1F271AD81} - System32\Tasks\{AF74B245-77B6-461D-9152-D77774DF4BA7} => pcalua.exe -a "C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader\uninst\unins000.exe"
C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader\uninst\unins000.exe
Task: {61F946C7-86F0-4DDA-BF1B-65DF8B662160} - System32\Tasks\{0C01FC14-E568-47E2-A040-D08209C94F0B} => pcalua.exe -a C:\Windows\system32\MSIEXEC.EXE -d C:\Windows\SysWOW64 -c /qb! /L*v C:\Users\John\AppData\Local\Temp\BB_MM.log ARPSYSTEMCOMPONENT=1 REBOOT=Suppress /I "E:\files\exec\bbinstaller\SR_MM\Roxio Media Manager.msi" TRANSFORMS="E:\files\exec\bbinstaller\SR_MM\1033.mst" INSTALLERDIR="E:\files\exec\bbinstaller\SR_MM\"
Task: {64754A07-29FA-4950-BC29-312C4C1D66CC} - System32\Tasks\{DBBF3F5A-1B9A-4450-AF50-1A4BC9B44FB5} => Firefox.exe
Task: {73352550-73E3-408A-9B19-27FE73B21CE1} - System32\Tasks\Core Temp Autostart John => C:\Users\John\Downloads\CoreTemp64\Core Temp.exe [2011-07-16] ()
Task: {EF8ABD41-2BDA-4139-B13D-0CB7D0FD50F5} - System32\Tasks\{683B9B4F-CD96-4E0F-ACD0-F4334CC8EF5F} => pcalua.exe -a C:\Users\John\Downloads\HijackThis.exe -d C:\Users\John\Downloads
Task: {FD1AA3A6-4148-4070-8E28-E7AF52FC6D79} - System32\Tasks\{513A90BA-3DA7-4AC6-9800-F20848A98675} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8N72BEMZ\HijackThis.exe" -d C:\Users\John\Desktop
Task: {FFD921E3-FBAB-4E62-B7FB-30EA1B1C1EDA} - System32\Tasks\{FE84681F-8D46-4654-8B67-A4F457B4C110} => Firefox.exe
CMD: bitsadmin /reset /allusers
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Windows\CurrentVersion\Run\\abtieem => value deleted successfully.
"C:\Users\John\AppData\Local\Nikon\abtieem.dll" => File/Directory not found.
"HKU\S-1-5-21-355417517-4124742512-337856535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => Key deleted successfully.
"HKU\S-1-5-21-355417517-4124742512-337856535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31e530e3-e27e-11df-a350-485b397be4fa}" => Key deleted successfully.
HKCR\CLSID\{31e530e3-e27e-11df-a350-485b397be4fa} => Key not found.
"HKU\S-1-5-21-355417517-4124742512-337856535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31e530f3-e27e-11df-a350-485b397be4fa}" => Key deleted successfully.
HKCR\CLSID\{31e530f3-e27e-11df-a350-485b397be4fa} => Key not found.
"HKU\S-1-5-21-355417517-4124742512-337856535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef673efb-682e-11e0-a0e2-485b397be4fa}" => Key deleted successfully.
HKCR\CLSID\{ef673efb-682e-11e0-a0e2-485b397be4fa} => Key not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk => Moved successfully.
C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe => Moved successfully.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk not found.
C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKU\S-1-5-21-355417517-4124742512-337856535-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{EDD8DF0B-A160-45DF-A26E-67C390A57B18}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{EDD8DF0B-A160-45DF-A26E-67C390A57B18}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb" => Key deleted successfully.
RoxLiveShare9 => Service deleted successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
RimUsb => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\John\AppData\Local\{0437CACC-AF19-417C-AAA6-F1F9A991F49A} => Moved successfully.
C:\Users\John\AppData\Local\{16F5DC2C-B194-4134-A01C-7B44DA213EBC} => Moved successfully.
C:\Users\John\AppData\Local\{24B2E4A7-4C67-410F-BC09-CA5D2EE752A3} => Moved successfully.
C:\Users\John\AppData\Local\{27417F90-5037-47E1-91B2-8A3577C29DBF} => Moved successfully.
C:\Users\John\AppData\Local\{4AA1BE57-D0C9-49EB-BA10-E319ED6D6246} => Moved successfully.
C:\Users\John\AppData\Local\{54A6FC3B-933D-49B7-AD97-69D3504994C3} => Moved successfully.
C:\Users\John\AppData\Local\{6818F0EB-0292-4015-AF51-40F22581D663} => Moved successfully.
C:\Users\John\AppData\Local\{7EB45318-20B5-4508-A7AF-D232D9BA6E2A} => Moved successfully.
C:\Users\John\AppData\Local\{9373FD65-C6BF-43FC-BD58-E8D193D390A1} => Moved successfully.
C:\Users\John\AppData\Local\{9D72C211-E3EC-4067-BBEE-C35A31692DAD} => Moved successfully.
C:\Users\John\AppData\Local\{9E92FCA2-027D-466A-975F-52689A8A44D2} => Moved successfully.
C:\Users\John\AppData\Local\{AAB950EA-58A7-454E-A2EC-FFDBEAB832C0} => Moved successfully.
C:\Users\John\AppData\Local\{AEE8173F-7E03-4FA9-91B0-85C46F0E73D4} => Moved successfully.
C:\Users\John\AppData\Local\{BAE5E04A-3ABD-4EB3-AD7D-6EBF03BBB3D9} => Moved successfully.
C:\Users\John\AppData\Local\{C50733FF-8870-4602-B899-C9EE68F63395} => Moved successfully.
C:\Users\John\AppData\Local\{CDBE16D1-DC3B-4B29-A93E-770B8CC34B1D} => Moved successfully.
C:\Users\John\AppData\Local\{D76ABF8A-071F-4B0F-B5AB-CA2BB9F7D688} => Moved successfully.
C:\Users\John\AppData\Local\{D87F1E69-08A1-405B-BECF-2BC35D6C4B3A} => Moved successfully.
C:\Users\John\AppData\Local\{D8918207-3175-4EAA-A497-8FEDEA799CA9} => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => Moved successfully.
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.1664.dll => Moved successfully.
"HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}" => Key deleted successfully.
"HKU\S-1-5-21-355417517-4124742512-337856535-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => Key deleted successfully.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\propsys.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02F6DD07-F958-4414-BDFC-AEF5C8CCBD3C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02F6DD07-F958-4414-BDFC-AEF5C8CCBD3C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{635FA8D0-9072-4A50-B18F-9039989D2F08} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{635FA8D0-9072-4A50-B18F-9039989D2F08}" => Key deleted successfully.
"C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z37IQAS\jv16_regcleaner.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BE9CF7A-98F7-4EE8-94BA-35252AC45F05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BE9CF7A-98F7-4EE8-94BA-35252AC45F05}" => Key deleted successfully.
C:\Windows\System32\Tasks\{93191563-8596-4520-AD54-9153C6942589} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93191563-8596-4520-AD54-9153C6942589}" => Key deleted successfully.
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\uninst.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29D49EFA-B056-4138-9AA4-9EEE7E43AC25}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29D49EFA-B056-4138-9AA4-9EEE7E43AC25}" => Key deleted successfully.
C:\Windows\System32\Tasks\{31618367-F425-4B92-B244-FC804F042107} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31618367-F425-4B92-B244-FC804F042107}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3144916C-753C-42B1-ABB8-A41A7F37ED8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3144916C-753C-42B1-ABB8-A41A7F37ED8C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7A9C22BD-AC36-4FC7-9B6F-680281533181} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A9C22BD-AC36-4FC7-9B6F-680281533181}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A861D7E-499D-4402-852D-32A1F271AD81}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A861D7E-499D-4402-852D-32A1F271AD81}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AF74B245-77B6-461D-9152-D77774DF4BA7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF74B245-77B6-461D-9152-D77774DF4BA7}" => Key deleted successfully.
"C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader\uninst\unins000.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61F946C7-86F0-4DDA-BF1B-65DF8B662160}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F946C7-86F0-4DDA-BF1B-65DF8B662160}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0C01FC14-E568-47E2-A040-D08209C94F0B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C01FC14-E568-47E2-A040-D08209C94F0B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64754A07-29FA-4950-BC29-312C4C1D66CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64754A07-29FA-4950-BC29-312C4C1D66CC}" => Key deleted successfully.
C:\Windows\System32\Tasks\{DBBF3F5A-1B9A-4450-AF50-1A4BC9B44FB5} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBBF3F5A-1B9A-4450-AF50-1A4BC9B44FB5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73352550-73E3-408A-9B19-27FE73B21CE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73352550-73E3-408A-9B19-27FE73B21CE1}" => Key deleted successfully.
C:\Windows\System32\Tasks\Core Temp Autostart John => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Core Temp Autostart John" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF8ABD41-2BDA-4139-B13D-0CB7D0FD50F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF8ABD41-2BDA-4139-B13D-0CB7D0FD50F5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{683B9B4F-CD96-4E0F-ACD0-F4334CC8EF5F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{683B9B4F-CD96-4E0F-ACD0-F4334CC8EF5F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD1AA3A6-4148-4070-8E28-E7AF52FC6D79}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD1AA3A6-4148-4070-8E28-E7AF52FC6D79}" => Key deleted successfully.
C:\Windows\System32\Tasks\{513A90BA-3DA7-4AC6-9800-F20848A98675} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{513A90BA-3DA7-4AC6-9800-F20848A98675}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFD921E3-FBAB-4E62-B7FB-30EA1B1C1EDA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFD921E3-FBAB-4E62-B7FB-30EA1B1C1EDA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{FE84681F-8D46-4654-8B67-A4F457B4C110} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE84681F-8D46-4654-8B67-A4F457B4C110}" => Key deleted successfully.
========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {8CAD9482-6C05-4DB7-80C3-E241C2F2F4DD}.
{D9C4D7EB-1F97-4B80-BE1E-751F97672D0F} canceled.
{53B9A00C-8991-463B-B046-DF7C50E0ED0A} canceled.
{F2243800-26E2-49F4-ABDB-5DDC7124B8EC} canceled.
{728F3A09-63A7-4E4B-92D7-74130D7917B8} canceled.
{50830D8B-3A04-4B33-B161-48D13793B477} canceled.
{896835E7-962C-4ED4-9486-F8E7B9046626} canceled.
{57104366-2FC6-421A-94D2-7E8968883E82} canceled.
{A065661B-1B46-4EC9-865F-8EEE18225041} canceled.
{534535D5-E663-4AA6-9A9C-7D2D4C3ACB1D} canceled.
{5D8D6BA8-07CD-47A4-AC7C-9AA340EEA16E} canceled.
{88382210-06E6-45AA-A08C-2AA64E49F214} canceled.
{C1CD512A-7E3B-490E-89CC-1F434DC84C43} canceled.
{DC7E779A-B1E3-480B-98E5-92FB6A1A74BC} canceled.
{42692E31-C0A2-4282-AB16-86E855148AC4} canceled.
{601E3F1E-0FA0-4EA3-A016-2500FB58B996} canceled.
{B01E694B-CD89-433B-9E6C-E75880731D1C} canceled.
{29891989-5B0D-4766-A2AA-7FFD82720465} canceled.
{B09D1071-F658-4F9B-BC01-F06D841FADEE} canceled.
{AE19F14C-4346-4EDB-A93F-E33F4F0DDCFF} canceled.
{109E3329-AD69-48C7-8922-92D39C7BEFB5} canceled.
{27352661-A1AB-448A-B315-E3B48D152001} canceled.
{BE700484-430C-4E35-82EB-67ABE434C059} canceled.
{9A5BF586-FD42-4EE7-8BD3-1EFE038DA83B} canceled.
{97C26A61-FF0F-407F-B512-943436F61933} canceled.
{ECB5732F-897C-4B06-88B3-CBD3D4EBF60C} canceled.
{B7641FF6-A14C-4707-92B9-F2C51A87C63A} canceled.
{933A74B6-4039-49A4-8603-5901AE730342} canceled.
{5F3A27AC-8846-456B-9470-ADAC212A8437} canceled.
{C11DD57E-991A-4900-9A6F-B378B7047C6C} canceled.
{02C734A7-B522-4E0A-B7BD-116EE762C929} canceled.
{E5391C4D-FCD4-462C-BB33-3B2ABC61DD65} canceled.
{50E1FB2B-E734-4E5F-91FF-A3D8B0E3FF1E} canceled.
{741A8AA3-B21E-4BEF-8225-8C7057FCDA15} canceled.
{556DD037-D25F-4532-9126-BCF4EE681924} canceled.
{1442232A-85E2-47D0-BE78-934104F5F291} canceled.
{6DDFDE66-920C-401B-A0C1-73E77B14A10F} canceled.
{170EA865-43E9-4816-809F-CE8B2E092442} canceled.
{366185B7-8AB9-47AB-8A76-9CB8F275978A} canceled.
{120B207A-58AC-4870-9D05-84D9CBE64CE6} canceled.
{D28BC3B3-C103-4BF8-B9A4-847ABBC418C2} canceled.
{32430D66-72C3-4AA0-B044-5F1595586566} canceled.
{9F1AAFDA-EA82-4C66-828E-0F8EEEDE5598} canceled.
{B07392C0-9F38-4CBB-A37B-BB6865698013} canceled.
{51A1E00A-93E1-4563-AB61-9AD1400F6FC5} canceled.
{57DD6F31-7D16-4230-A8C0-F1450A9B19B5} canceled.
{9F968650-41AC-475E-9FD7-884800DE3481} canceled.
{87DBF23B-6582-454F-8E58-EC1E87AEA716} canceled.
{9C4C1E6E-DA68-45B5-9E73-7E0C47C4AAC5} canceled.
{9BC82E0C-0A58-4A5C-9A90-697F1181ED23} canceled.
{ED89071A-7B2A-48E4-9D3C-DB168E1FE95C} canceled.
{2A94CA60-0E2F-432C-AD54-A944B9A84C07} canceled.
{A0250D1A-CE41-4421-AA53-956F755F8882} canceled.
{EC6243BE-6299-4396-A89C-AEF400BBF6DC} canceled.
{54B14615-C94C-4187-A195-EDE04E1A10ED} canceled.
{D2D4B48B-2A43-4372-A207-98A729B71DE8} canceled.
{E3671FE0-9290-4132-A3F3-F3044500BA17} canceled.
{F22C6813-0BDF-4D2E-8217-604B80EF4FB5} canceled.
{08B36321-E97B-4868-AFE8-C56B009C433F} canceled.
{E9195840-EFBD-4668-AC98-FE701A6E2C80} canceled.
{AF4BAD00-3129-442B-BE21-1A70D291B085} canceled.
60 out of 61 jobs canceled.
========= End of CMD: =========


The system needed a reboot.
==== End of Fixlog 18:19:50 ====
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
First, How is your system running now?

Next, scan with AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  1. Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

  2. Click the Scan button and wait for the scan to finish.
  3. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  4. Click the Clean button.
  5. Everything checked will be deleted.
  6. When the program has finished cleaning a report appears.
  7. Once done it will ask to reboot, allow this

  8. On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Finally, install and scan with Malwarebytes' Anti-Malware

Please download the latest version of Malwarebytes' Anti-Malware from here .

Double Click on the mbam-setup.exe file to install the application.

Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link


Once the program has loaded and updated, select "Scan Now >>" to start the scan.


The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.


Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please attach the report file to a post here; I will review the file and script what needs to be removed.
 

Gulfdiver

Thread Starter
Joined
May 12, 2013
Messages
72
# AdwCleaner v4.110 - Logfile created 07/02/2015 at 08:06:03
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>erride;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v29.0.1 (en-US)

-\\ Google Chrome v

*************************
AdwCleaner[R0].txt - [6410 bytes] - [01/12/2013 10:05:59]
AdwCleaner[R1].txt - [1018 bytes] - [01/12/2013 13:47:41]
AdwCleaner[R2].txt - [2537 bytes] - [21/09/2014 10:34:43]
AdwCleaner[R3].txt - [1713 bytes] - [28/12/2014 11:24:41]
AdwCleaner[R4].txt - [3418 bytes] - [07/02/2015 07:50:32]
AdwCleaner[R5].txt - [3477 bytes] - [07/02/2015 07:58:05]
AdwCleaner[S0].txt - [6221 bytes] - [01/12/2013 10:09:48]
AdwCleaner[S1].txt - [1080 bytes] - [01/12/2013 13:48:26]
AdwCleaner[S2].txt - [2573 bytes] - [21/09/2014 10:36:40]
AdwCleaner[S3].txt - [1673 bytes] - [28/12/2014 11:35:00]
AdwCleaner[S4].txt - [3406 bytes] - [07/02/2015 08:06:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3465 bytes] ##########
 

Gulfdiver

Thread Starter
Joined
May 12, 2013
Messages
72
There is no download link working on MWB. I get a 404 error page not found?
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Hold off on the Malwarebytes scan for a bit. Move on to this scan please >>>


This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).



For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.



Double click on the icon on your desktop.



Check (accept) the Terms of Use.



Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start




ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.






When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.



At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).



Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.



Attach the saved log file in your next reply please. Thanks.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top