Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BNVDSR.com and others


  • This topic is locked This topic is locked
13 replies to this topic

#1 packbacker83

packbacker83

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 04 September 2014 - 08:43 PM

My pc is running ok but chrome browser has become very annoying.  If I stay on any website more than a minute, an advertisement opens in a video in the bottom right corner of the screen.  Also, about every 10th click or so a new window opens and the url is bnvdrs.com and it redirects to an advertisement related to my original destination.  Can anyone help?


Edited by packbacker83, 04 September 2014 - 08:53 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:24 PM

Posted 05 September 2014 - 02:39 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 05 September 2014 - 09:33 AM

Thanks for helping.

 

Here is addition.txt ...

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02

Ran by Owner at 2014-09-05 10:30:16

Running from C:\Users\Owner\Desktop\Bleeping

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

Ailt TIFF TIF to PPT PPTX Converter 6.1 (HKLM-x32\...\Ailt TIFF TIF to PPT PPTX Converter_is1) (Version:  - Ailtware,Inc.)

Audiggle version 3.0.0.2 (HKLM-x32\...\{FCAD9ED0-C00F-45FA-91DB-F89140EFAB3A}_is1) (Version: 3.0.0.2 - Audiggle LTD)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)

AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden

AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.2.101 - AVG Technologies)

Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)

BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32550 - BitTorrent Inc.)

CarbonPoker (HKCU\...\CarbonPoker) (Version: 6.0 - )

CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)

Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden

Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)

Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden

Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden

Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

Citrix Receiver(DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

Citrix Receiver(USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)

DIRECTV Player (HKLM-x32\...\{a1bb9be6-729f-4049-a36a-aad335c86c01}) (Version: 9.2 - DIRECTV)

DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden

DRoster (HKLM-x32\...\DRosterByKappix_is1) (Version:  - Kappix, Inc.)

DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)

EaseUS Data Recovery Wizard 7.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.0_is1) (Version:  - EaseUS)

EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Excel Password Recovery Lastic 1.1 (HKLM-x32\...\Excel Password Recovery Lastic_is1) (Version:  - )

Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)

FlyMusic (HKCU\...\df3d9512998b9acb) (Version: 1.0.0.8 - Luong Hoang)

Free Audio Converter version 5.0.39.430 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.39.430 - DVDVideoSoft Ltd.)

Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.12.925 - DVDVideoSoft Ltd.)

Gamers Unite! Snag Bar (HKCU\...\Gamers Unite! Snag Bar) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)

Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.600 - Oracle)

Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden

Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)

MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.41 - DJI Interprises, LLC)

Nitro Pro 9 (HKLM-x32\...\{60509e25-e3ff-47b9-8275-dbb2127487c9}) (Version: 9.0.5.9 - Nitro)

Nitro Pro 9 (Version: 9.0.5.9 - Nitro) Hidden

Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)

O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{1B63EC30-5A9F-449D-BBCA-8DA4214FBFA9}) (Version: 2.0.26.D - O2Micro International LTD.)

O2Micro Flash Memory Card Windows Driver (Version: 2.0.26.D - O2Micro International LTD.) Hidden

Okdo Gif Tif to PowerPoint Converter 4.9 (HKLM-x32\...\Okdo Gif Tif to PowerPoint Converter_is1) (Version:  - Okdo Software, Inc.)

Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

Passware Kit Basic Demo 13.3 (32-bit) (HKLM-x32\...\{8FA9E41F-E146-46FF-8236-61BFE239F8B9}) (Version: 13.3.8047 - Passware)

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

PokerStove version 1.24 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version:  - )

PostgreSQL 9.3  (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)

PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)

QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden

Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)

Roxio Creator Premier 10 (x32 Version: 10.2.606 - Roxio) Hidden

Search Protection (HKCU\...\Search Protection) (Version: 9.7.0.4 - Spigot, Inc.) <==== ATTENTION

Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden

Sendori (HKLM-x32\...\Sendori) (Version: 2.0.17 - Sendori, Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

ShiftPlanning (HKLM-x32\...\{2275C691-2597-4A85-B24A-7CB43416DB25}) (Version: 2.0.0 - None provided)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Snap Schedule 2013 (HKLM-x32\...\Snap Schedule 2013) (Version: 5.0.4.0 - Business Management Systems, Inc.)

Snap Schedule 2013 (x32 Version: 5.0.4.1 - Business Management Systems, Inc.) Hidden

SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )

Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.3.0 - Synaptics Incorporated)

Tag&Rename 3.7.5 beta 1 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7.5 beta 1 - Softpointer Inc)

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1925 - Intuit Inc.) Hidden

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0433 - Intuit Inc.) Hidden

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden

TurboTax 2012 wnciper (x32 Version: 012.000.1276 - Intuit Inc.) Hidden

TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden

TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden

TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden

TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden

TurboTax 2013 wnciper (x32 Version: 013.000.1266 - Intuit Inc.) Hidden

TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3701043139-4236647081-2378084655-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3701043139-4236647081-2378084655-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3701043139-4236647081-2378084655-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3701043139-4236647081-2378084655-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

05-09-2014 04:30:55 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0F79A8A9-1EE6-45CD-B150-820A88E8F783} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe

Task: {15CA5B62-1812-441E-B630-DCEBA46A506C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)

Task: {696E4C7E-4AFB-477A-954D-6AB03B7A8974} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)

Task: {7AD6BFFF-78D4-4448-9BC6-6B3A149C0AE2} - System32\Tasks\HP AR Program Upload - bb82975ee7194b3980cebb094439b28265c592a90da942458019f227ac44115c => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: {82E445F4-E8D1-4D6B-B29E-FBA1E77DBD3A} - System32\Tasks\HP AR Program Upload - 9d379e16ef4944a0b29e69361d18b280d99523d5b5634f3b85cd3318c2827e51 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: {A1CE7B56-C835-4104-99F9-C9FF493C9176} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)

Task: {A55EAAD5-708B-4EEF-B615-CC00E801C155} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {AC1284D1-95B8-4F29-B207-7087F504C146} - System32\Tasks\HP AR Program Upload - 853f5e690fbc419cb77909e403a080362fa602f1d0344b42a537fc2b61a467ed => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: {B793CC7D-75E8-4989-ACD4-C0977B1D92F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)

Task: {D39395E0-77E0-46A4-9B5C-C99A49914233} - System32\Tasks\HP AR Program Upload - 590a48656627473eb57db018fb3060c35486061974624ecfb5e437dea4682a08 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: {E48A5DC7-BC6B-439D-AABC-5FCF6C81B802} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {F4EB126A-6DA4-4EF9-8CAC-AE2C40C8DCB1} - System32\Tasks\HP AR Program Upload - 1a3348ff67194f70965902aa8c9a21aaf66f9bbd6bb544389720cdc772a51feb => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-04-05 01:17 - 2014-03-30 19:29 - 00177664 _____ () C:\Program Files\PostgreSQL\bin\LIBPQ.dll

2014-04-05 01:18 - 2014-02-05 05:16 - 01336832 _____ () C:\Program Files\PostgreSQL\bin\libxml2.dll

2013-11-17 12:44 - 2013-11-17 12:44 - 07877480 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

2014-05-14 12:45 - 2014-05-14 12:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll

2013-11-17 12:45 - 2013-11-17 12:45 - 00332128 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\ndsLogStore.dll

2013-11-17 12:44 - 2013-11-17 12:44 - 03094880 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\DrmSingleton.dll

2013-11-17 12:44 - 2013-11-17 12:44 - 02157928 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\DiscoveryManager.dll

2013-11-17 12:44 - 2013-11-17 12:44 - 07554400 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\gsttspplugin.dll

2013-11-17 12:45 - 2013-11-17 12:45 - 00689000 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll

2013-11-17 12:45 - 2013-11-17 12:45 - 01403224 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\libxml2-2.dll

2013-11-17 12:45 - 2013-11-17 12:45 - 00091976 _____ () C:\Users\Owner\AppData\Local\DIRECTV Player\z.dll

2014-09-03 13:08 - 2014-08-29 22:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll

2014-09-03 13:08 - 2014-08-29 22:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll

2014-09-03 13:08 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll

2014-09-03 13:08 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll

2014-09-03 13:08 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll

2014-09-03 13:08 - 2014-08-29 22:49 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Windows:nlsPreferences

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/05/2014 00:26:11 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (09/02/2014 00:44:23 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (08/31/2014 02:56:41 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (08/30/2014 11:51:30 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (08/30/2014 00:27:00 AM) (Source: MsiInstaller) (EventID: 11706) (User: Owner-PC)

Description: Product: Roxio CinePlayer Decoder Pack -- Error 1706. An installation package for the product Roxio CinePlayer Decoder Pack cannot be found. Try the installation again using a valid copy of the installation package 'CPDP.msi'.

 

Error: (08/29/2014 09:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (08/29/2014 09:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (08/29/2014 09:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (08/29/2014 06:01:47 AM) (Source: System Restore) (EventID: 8211) (User: )

Description: The scheduled restore point could not be created.  Additional information: (0x80070070).

 

Error: (08/29/2014 06:01:47 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).

 

 

System errors:

=============

Error: (09/05/2014 09:09:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (09/05/2014 05:08:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (09/05/2014 01:07:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (09/04/2014 09:06:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SessionLauncher service failed to start due to the following error: 

%%2

 

Error: (09/04/2014 09:06:15 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

 

Error: (09/04/2014 09:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Service Sendori service failed to start due to the following error: 

%%109

 

Error: (09/04/2014 09:03:02 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

 

Error: (09/04/2014 09:02:52 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}

 

Error: (09/04/2014 09:02:45 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}

 

Error: (09/04/2014 09:02:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

 

Microsoft Office Sessions:

=========================

Error: (09/05/2014 00:26:11 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

 

Error: (09/02/2014 00:44:23 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

 

Error: (08/31/2014 02:56:41 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

 

Error: (08/30/2014 11:51:30 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

 

Error: (08/30/2014 00:27:00 AM) (Source: MsiInstaller) (EventID: 11706) (User: Owner-PC)

Description: Product: Roxio CinePlayer Decoder Pack -- Error 1706. An installation package for the product Roxio CinePlayer Decoder Pack cannot be found. Try the installation again using a valid copy of the installation package 'CPDP.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (08/29/2014 09:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe

 

Error: (08/29/2014 09:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Downloads\esetsmartinstaller_enu (2).exe

 

Error: (08/29/2014 09:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Downloads\esetsmartinstaller_enu.exe

 

Error: (08/29/2014 06:01:47 AM) (Source: System Restore) (EventID: 8211) (User: )

Description: 0x80070070

 

Error: (08/29/2014 06:01:47 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070070

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-01-25 11:24:37.744

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-25 11:24:37.697

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-25 11:24:33.236

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-25 11:24:33.204

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz

Percentage of memory in use: 39%

Total physical RAM: 3764.54 MB

Available physical RAM: 2264.16 MB

Total Pagefile: 7527.27 MB

Available Pagefile: 5015.2 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:15.73 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1A9F0BFB)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

 

 

 

 

Here is frst.txt ...

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02

Ran by Owner (administrator) on OWNER-PC on 05-09-2014 10:28:59

Running from C:\Users\Owner\Desktop\Bleeping

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(O2Micro International) C:\Windows\System32\drivers\o2flash.exe

(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\pg_ctl.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe

(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe

(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe

(NDS Technologies) C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

(S p i g o t, I n c.) C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe

() C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)

HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)

HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)

HKLM-x32\...\Run: [Sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2014-05-07] (Sendori, Inc.)

HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [PCShowServer] => C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-11-17] (NDS Technologies)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [SearchProtection] => C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE [1109352 2014-08-22] (S p i g o t, I n c.)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-28] (Spotify Ltd)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-28] (Spotify Ltd)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\MountPoints2: {a627f0fc-1592-11e4-a29a-0026b9dbb059} - E:\VZW_Software_upgrade_assistant.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9D47C9E615FBCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {02A5922A-3656-4515-82B3-35DA5112A345} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}

SearchScopes: HKCU - {02A5922A-3656-4515-82B3-35DA5112A345} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default

FF DefaultSearchEngine: Yahoo!

FF SelectedSearchEngine: Yahoo!

FF Homepage: https://search.yahoo.com/?type=282369&fr=spigot-yhp-ff

FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default\searchplugins\yahoo_ff.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn

FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-09-04]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "https://www.google.com/"

CHR DefaultSearchKeyword: Default -> ask

CHR DefaultSearchProvider: Default -> Norton Safe Search

CHR DefaultSearchURL: Default -> http://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-25]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-25]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-25]

CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-29]

CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]

CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-10]

CHR Extension: (Gamers Unite! Snag Bar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg [2013-01-25]

CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-08-11]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Norton Security Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-03-16]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-25]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-10-10]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-07]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2014-05-07] (Sendori, Inc.)

S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]

R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)

R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software)

R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]

R2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\bin\pg_ctl.exe [89088 2014-03-30] (PostgreSQL Global Development Group) [File not signed]

R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2014-05-07] (sendori)

R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2014-05-07] (Sendori)

S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2013-01-25] (Creative Labs) [File not signed]

S2 SessionLauncher; C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-10] (AVG Technologies)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-26] (Duplex Secure Ltd.)

U3 afrmjejk; C:\Windows\System32\Drivers\afrmjejk.sys [0 ] (Advanced Micro Devices)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-01 08:14 - 2014-09-01 08:14 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 590a48656627473eb57db018fb3060c35486061974624ecfb5e437dea4682a08

2014-08-29 20:54 - 2014-08-29 20:56 - 00000000 ____D () C:\Users\Owner\Downloads\0000011 Fitness

2014-08-29 20:41 - 2014-08-29 23:55 - 00000000 ____D () C:\Users\Owner\Downloads\0000007 Books

2014-08-29 20:41 - 2014-08-29 21:17 - 00000000 ____D () C:\Users\Owner\Downloads\0000008 Poker

2014-08-29 20:40 - 2014-08-29 21:18 - 00000000 ____D () C:\Users\Owner\Downloads\0000006 Hill

2014-08-29 20:39 - 2014-08-29 23:41 - 00000000 ____D () C:\Users\Owner\Downloads\0000005 Christian

2014-08-27 14:34 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-27 14:34 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-27 14:34 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-23 05:55 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-23 05:55 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-23 05:55 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-23 05:55 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-23 05:54 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-23 05:54 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-23 05:54 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-23 05:54 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-23 05:54 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-23 05:54 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-23 05:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-23 05:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-23 05:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-23 05:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-08-15 04:05 - 2014-08-15 04:05 - 00000000 _____ () C:\Windows\SysWOW64\shoA18C.tmp

2014-08-15 03:04 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-15 03:04 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-15 03:04 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-15 03:04 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-15 03:04 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-15 03:04 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-15 03:03 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-15 03:03 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-14 23:53 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-14 23:53 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-14 23:53 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-14 23:53 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-14 23:53 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-14 23:53 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-14 23:53 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-14 23:53 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-14 23:53 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-14 23:53 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-14 23:53 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-14 23:53 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-14 23:52 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-14 23:52 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-14 23:52 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-14 23:52 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-14 23:52 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-14 23:52 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-14 23:52 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-14 23:52 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-14 23:52 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-14 23:52 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-14 23:52 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-14 23:52 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-14 23:52 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-14 23:52 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-14 23:52 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-14 23:52 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-14 23:52 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-14 23:52 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-14 23:52 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-14 23:52 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-14 23:52 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-14 23:52 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-14 23:52 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-14 23:52 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-14 23:52 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-14 23:52 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-14 23:52 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-14 23:52 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-14 23:52 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-14 23:52 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-14 23:52 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-14 23:52 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-14 23:52 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-14 23:52 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-14 23:52 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-14 23:52 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-14 23:52 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-14 23:52 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-14 23:52 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-14 23:52 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-14 23:52 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-14 23:52 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-14 23:52 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-14 23:52 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-14 23:52 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-14 23:52 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-14 23:52 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-14 23:52 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-14 23:52 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-14 23:52 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-14 23:52 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-14 23:51 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-14 23:51 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-14 23:51 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-14 23:51 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-14 23:51 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-14 23:51 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-14 23:51 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-14 23:51 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-14 23:50 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-14 23:50 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-14 23:50 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-14 23:50 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 22:29 - 2014-08-12 22:29 - 00032256 _____ () C:\Users\Owner\Downloads\Actual Hours Worked 080314 to 080914.xls

2014-08-12 22:17 - 2014-08-12 22:17 - 13258240 _____ () C:\Users\Owner\Downloads\NC BLANK MATRIX THROUGH 2016.xls

2014-08-12 09:48 - 2014-08-12 09:48 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 1a3348ff67194f70965902aa8c9a21aaf66f9bbd6bb544389720cdc772a51feb

2014-08-09 21:09 - 2014-08-09 21:09 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 9d379e16ef4944a0b29e69361d18b280d99523d5b5634f3b85cd3318c2827e51

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-05 10:29 - 2014-02-22 03:19 - 00000000 ____D () C:\FRST

2014-09-05 10:28 - 2014-02-22 03:18 - 00000000 ____D () C:\Users\Owner\Desktop\Bleeping

2014-09-05 10:18 - 2014-02-17 23:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-05 10:04 - 2013-01-25 19:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-05 09:41 - 2014-03-16 19:24 - 00000000 ____D () C:\ProgramData\MFAData

2014-09-05 08:46 - 2014-07-29 21:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Spotify

2014-09-05 06:03 - 2013-01-25 19:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-05 03:00 - 2013-01-23 16:07 - 01465496 _____ () C:\Windows\WindowsUpdate.log

2014-09-04 21:15 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-04 21:15 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-04 21:06 - 2014-02-23 17:18 - 00477342 _____ () C:\Windows\PFRO.log

2014-09-04 21:06 - 2014-02-20 23:46 - 00007398 _____ () C:\Windows\setupact.log

2014-09-04 21:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-03 07:01 - 2014-01-09 22:24 - 00000000 ____D () C:\Users\Owner\Desktop\entertainer

2014-09-01 08:14 - 2014-09-01 08:14 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 590a48656627473eb57db018fb3060c35486061974624ecfb5e437dea4682a08

2014-08-31 14:13 - 2013-04-05 20:47 - 00000000 ____D () C:\Users\postgres

2014-08-30 20:14 - 2013-05-06 20:35 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9895B688-BF59-452B-B4E9-1EF074C27458}

2014-08-30 00:31 - 2014-07-24 20:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent

2014-08-30 00:29 - 2013-05-17 06:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc

2014-08-30 00:03 - 2013-01-27 20:14 - 00000000 ____D () C:\Users\Owner\Documents\Newsbin

2014-08-29 23:55 - 2014-08-29 20:41 - 00000000 ____D () C:\Users\Owner\Downloads\0000007 Books

2014-08-29 23:41 - 2014-08-29 20:39 - 00000000 ____D () C:\Users\Owner\Downloads\0000005 Christian

2014-08-29 21:18 - 2014-08-29 20:40 - 00000000 ____D () C:\Users\Owner\Downloads\0000006 Hill

2014-08-29 21:17 - 2014-08-29 20:41 - 00000000 ____D () C:\Users\Owner\Downloads\0000008 Poker

2014-08-29 21:15 - 2013-11-17 22:53 - 00000000 ____D () C:\Users\Owner\Downloads\00000000Dementia Stuff

2014-08-29 21:09 - 2013-11-07 00:33 - 00000000 ____D () C:\Users\Owner\Downloads\0000004 Country

2014-08-29 20:56 - 2014-08-29 20:54 - 00000000 ____D () C:\Users\Owner\Downloads\0000011 Fitness

2014-08-28 22:13 - 2013-10-10 22:09 - 00000000 ____D () C:\Program Files (x86)\PasswordBox

2014-08-28 03:58 - 2014-04-09 08:21 - 00000000 ____D () C:\Windows\rescache

2014-08-28 03:22 - 2014-07-29 22:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Spotify

2014-08-28 03:20 - 2009-07-14 00:45 - 00483024 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-24 19:50 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-22 22:07 - 2014-08-27 14:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 21:45 - 2014-08-27 14:34 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 20:59 - 2014-08-27 14:34 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 00:43 - 2013-04-05 20:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HoldemManager

2014-08-21 00:42 - 2013-07-22 09:22 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker

2014-08-16 08:06 - 2014-01-08 08:46 - 00000000 ____D () C:\Program Files (x86)\Sendori

2014-08-15 04:05 - 2014-08-15 04:05 - 00000000 _____ () C:\Windows\SysWOW64\shoA18C.tmp

2014-08-15 04:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-15 03:41 - 2013-01-26 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-15 03:27 - 2013-07-27 03:01 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-15 03:19 - 2013-01-24 15:32 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-15 03:02 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-14 09:12 - 2014-07-31 19:32 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

2014-08-14 09:12 - 2014-04-14 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-08-14 08:19 - 2014-01-20 20:44 - 00000000 ____D () C:\Users\Owner\Desktop\The Haven

2014-08-12 22:29 - 2014-08-12 22:29 - 00032256 _____ () C:\Users\Owner\Downloads\Actual Hours Worked 080314 to 080914.xls

2014-08-12 22:17 - 2014-08-12 22:17 - 13258240 _____ () C:\Users\Owner\Downloads\NC BLANK MATRIX THROUGH 2016.xls

2014-08-12 09:48 - 2014-08-12 09:48 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 1a3348ff67194f70965902aa8c9a21aaf66f9bbd6bb544389720cdc772a51feb

2014-08-11 17:11 - 2014-03-16 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe

2014-08-11 13:10 - 2014-03-15 22:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe

2014-08-11 13:10 - 2014-03-15 22:08 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64

2014-08-10 12:22 - 2014-07-30 05:58 - 00286941 _____ () C:\Users\Owner\Documents\HHC 08102014.xlsx

2014-08-10 12:18 - 2013-12-30 10:55 - 00016115 _____ () C:\Users\Owner\Documents\12302013MedBills.xlsx

2014-08-09 21:09 - 2014-08-09 21:09 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 9d379e16ef4944a0b29e69361d18b280d99523d5b5634f3b85cd3318c2827e51

2014-08-08 01:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-08-06 22:06 - 2014-08-14 23:50 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-06 22:01 - 2014-08-14 23:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

 

Some content of TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\javasysmo1049142261926144463.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo1309980312199543338.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo1686669157442758519.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo174430422083665080.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo177589541974034335.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2089469842885307640.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2148497153904217457.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2220888026394918770.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2275732991638065013.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2279377338335035248.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2288873973208970796.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo232190194281015254.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2323494471899196384.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2536068159459077775.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2936626959501070758.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo2985121528103029957.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3130730979679585900.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3143027218524194069.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3497810870016445704.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3554747907111127642.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3794820868356615781.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3799282757625900500.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3812390657188440054.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3836913673556534093.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3959808600878016604.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo3971261978287653276.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo4068464716190681963.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo4138418981680054806.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo42972248025713581.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo4337642758406579493.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo4359921728012505904.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo4486842605112730077.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo46385634255720474.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo4730261727758169728.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo4829636208379088913.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo5025241913277513801.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo5054623202425808272.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo5554020088846031631.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo5662254505342687337.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo5797931772656801375.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo5923410308107369326.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo6087235886146309730.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo6132727410160207395.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo6304292082526745906.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo6428947869229387408.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo6560122127240089115.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo6631012420985819278.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo6651848068041280171.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo702049665908389353.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo7081038642435404788.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo7143451508079105351.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo7247428763675547985.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo7498134583722344988.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo7674433248228156770.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo7773053519766046207.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo7885350793489896774.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo8103351518249347820.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo816545727106149125.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo8260607674682908072.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo8347475097141297632.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo8693960065784159540.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo8738063803705176129.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo8748240685453371613.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo8863440212682392728.dll

C:\Users\Owner\AppData\Local\Temp\javasysmo8939774107678347569.dll

C:\Users\Owner\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\SearchProtectionSetup.exe

C:\Users\Owner\AppData\Local\Temp\shutdown1396674606.exe

C:\Users\Owner\AppData\Local\Temp\ssdl72531.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-27 00:48

 

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:24 PM

Posted 07 September 2014 - 07:02 AM

Hi,
please start with the following steps:

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Search Protection
    
    Sendori
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 07 September 2014 - 08:57 AM

search protection uninstalled as expected.  The program halted during the removal of sendori and said the uninstall was unsuccessful ... "probably due to an invalid uninstall command"  So I did not go any further with the above instructions.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:24 PM

Posted 07 September 2014 - 09:50 AM

Hi,
thank you for letting me know. Please try also this.

Otherwise go ahead to step 2 and 3. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 07 September 2014 - 11:15 AM

When i tried the normal uninstall, windows said the program was not found and simply removed the shortcut to Sendori.

 

Here is the adware log:

 

# AdwCleaner v3.309 - Report created 07/09/2014 at 12:04:04

# Updated 02/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Owner - OWNER-PC

# Running from : C:\Users\Owner\Desktop\Bleeping\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage

File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17239

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

 

-\\ Mozilla Firefox v25.0 (en-US)

 

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default\prefs.js ]

 

Line Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff");

 

-\\ Google Chrome v37.0.2062.103

 

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869

Deleted [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp

Deleted [Extension] : nppllibpnmahfaklnpggkibhkapjkeob

 

*************************

 

AdwCleaner[R0].txt - [7188 octets] - [14/02/2014 22:22:33]

AdwCleaner[R1].txt - [8127 octets] - [07/09/2014 12:01:28]

AdwCleaner[S0].txt - [7239 octets] - [14/02/2014 22:27:27]

AdwCleaner[S1].txt - [8286 octets] - [07/09/2014 12:04:04]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8346 octets] ##########

 
 
 
 
Here is the FRST log:
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Owner (administrator) on OWNER-PC on 07-09-2014 12:12:34
Running from C:\Users\Owner\Desktop\Bleeping
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(NDS Technologies) C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\pg_ctl.exe
() C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2014-05-07] (Sendori, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [PCShowServer] => C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-11-17] (NDS Technologies)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-28] (Spotify Ltd)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-28] (Spotify Ltd)
HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\MountPoints2: {a627f0fc-1592-11e4-a29a-0026b9dbb059} - E:\VZW_Software_upgrade_assistant.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9D47C9E615FBCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {02A5922A-3656-4515-82B3-35DA5112A345} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default\searchplugins\yahoo_ff.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-09-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> ask
CHR DefaultSearchProvider: Default -> Norton Safe Search
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-25]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-25]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-29]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-10]
CHR Extension: (Gamers Unite! Snag Bar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg [2013-01-25]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2014-05-07] (Sendori, Inc.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\bin\pg_ctl.exe [89088 2014-03-30] (PostgreSQL Global Development Group) [File not signed]
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2014-05-07] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2014-05-07] (Sendori)
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2013-01-25] (Creative Labs) [File not signed]
S2 SessionLauncher; C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-10] (AVG Technologies)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-26] (Duplex Secure Ltd.)
U3 agmosarn; C:\Windows\System32\Drivers\agmosarn.sys [0 ] (Advanced Micro Devices)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-07 12:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-07 09:37 - 2014-09-07 09:37 - 00001268 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2014-09-07 09:37 - 2014-09-07 09:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-05 21:19 - 2014-09-05 21:19 - 00000000 ____D () C:\Users\Owner\Downloads\Divergent (2014)
2014-09-05 21:17 - 2014-09-05 21:23 - 00000000 ____D () C:\Users\Owner\Downloads\The Fault in Our Stars (2014)
2014-09-01 08:14 - 2014-09-01 08:14 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 590a48656627473eb57db018fb3060c35486061974624ecfb5e437dea4682a08
2014-08-29 20:54 - 2014-08-29 20:56 - 00000000 ____D () C:\Users\Owner\Downloads\0000011 Fitness
2014-08-29 20:41 - 2014-08-29 23:55 - 00000000 ____D () C:\Users\Owner\Downloads\0000007 Books
2014-08-29 20:41 - 2014-08-29 21:17 - 00000000 ____D () C:\Users\Owner\Downloads\0000008 Poker
2014-08-29 20:40 - 2014-08-29 21:18 - 00000000 ____D () C:\Users\Owner\Downloads\0000006 Hill
2014-08-29 20:39 - 2014-08-29 23:41 - 00000000 ____D () C:\Users\Owner\Downloads\0000005 Christian
2014-08-27 14:34 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 14:34 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 14:34 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 05:55 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 05:55 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 05:55 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 05:55 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 05:54 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 05:54 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-23 05:54 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 05:54 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-23 05:54 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 05:54 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-23 05:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 05:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-23 05:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 05:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-15 04:05 - 2014-08-15 04:05 - 00000000 _____ () C:\Windows\SysWOW64\shoA18C.tmp
2014-08-15 03:04 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:04 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:04 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:04 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:04 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:04 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:03 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:03 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 23:53 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 23:53 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 23:53 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 23:53 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 23:53 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 23:53 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 23:53 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 23:53 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 23:53 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 23:53 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 23:53 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 23:53 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 23:53 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 23:53 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 23:53 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 23:53 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 23:53 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 23:52 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 23:52 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 23:52 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 23:52 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 23:52 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 23:52 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 23:52 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 23:52 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 23:52 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 23:52 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 23:52 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 23:52 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 23:52 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 23:52 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 23:52 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 23:52 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 23:52 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 23:52 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 23:52 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 23:52 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 23:52 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 23:52 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 23:52 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 23:52 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 23:52 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 23:52 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 23:52 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 23:52 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 23:52 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 23:52 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 23:52 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 23:52 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 23:52 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 23:52 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 23:52 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 23:52 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 23:52 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 23:52 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 23:52 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 23:52 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 23:52 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 23:52 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 23:52 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 23:52 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 23:52 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 23:52 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 23:52 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 23:52 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 23:52 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 23:52 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 23:52 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 23:51 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 23:51 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 23:51 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 23:51 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 23:51 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 23:51 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 23:51 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 23:51 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 23:50 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 23:50 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 23:50 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 23:50 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 22:29 - 2014-08-12 22:29 - 00032256 _____ () C:\Users\Owner\Downloads\Actual Hours Worked 080314 to 080914.xls
2014-08-12 22:17 - 2014-08-12 22:17 - 13258240 _____ () C:\Users\Owner\Downloads\NC BLANK MATRIX THROUGH 2016.xls
2014-08-12 09:48 - 2014-08-12 09:48 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 1a3348ff67194f70965902aa8c9a21aaf66f9bbd6bb544389720cdc772a51feb
2014-08-09 21:09 - 2014-08-09 21:09 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 9d379e16ef4944a0b29e69361d18b280d99523d5b5634f3b85cd3318c2827e51
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-07 12:12 - 2014-02-22 03:19 - 00000000 ____D () C:\FRST
2014-09-07 12:12 - 2014-02-22 03:18 - 00000000 ____D () C:\Users\Owner\Desktop\Bleeping
2014-09-07 12:09 - 2014-07-29 21:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Spotify
2014-09-07 12:07 - 2014-02-20 23:46 - 00007454 _____ () C:\Windows\setupact.log
2014-09-07 12:07 - 2013-01-25 19:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-07 12:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 12:06 - 2014-02-23 17:18 - 00477648 _____ () C:\Windows\PFRO.log
2014-09-07 12:05 - 2013-01-23 16:07 - 01530188 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 12:04 - 2014-02-14 22:22 - 00000000 ____D () C:\AdwCleaner
2014-09-07 12:04 - 2013-01-25 19:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 11:18 - 2014-02-17 23:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 09:37 - 2014-09-07 09:37 - 00001268 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2014-09-07 09:37 - 2014-09-07 09:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-07 09:08 - 2014-03-16 19:24 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-06 01:42 - 2014-07-24 20:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent
2014-09-05 21:23 - 2014-09-05 21:17 - 00000000 ____D () C:\Users\Owner\Downloads\The Fault in Our Stars (2014)
2014-09-05 21:19 - 2014-09-05 21:19 - 00000000 ____D () C:\Users\Owner\Downloads\Divergent (2014)
2014-09-04 21:15 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 21:15 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 07:01 - 2014-01-09 22:24 - 00000000 ____D () C:\Users\Owner\Desktop\entertainer
2014-09-01 08:14 - 2014-09-01 08:14 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 590a48656627473eb57db018fb3060c35486061974624ecfb5e437dea4682a08
2014-08-31 14:13 - 2013-04-05 20:47 - 00000000 ____D () C:\Users\postgres
2014-08-30 20:14 - 2013-05-06 20:35 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9895B688-BF59-452B-B4E9-1EF074C27458}
2014-08-30 00:29 - 2013-05-17 06:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-08-30 00:03 - 2013-01-27 20:14 - 00000000 ____D () C:\Users\Owner\Documents\Newsbin
2014-08-29 23:55 - 2014-08-29 20:41 - 00000000 ____D () C:\Users\Owner\Downloads\0000007 Books
2014-08-29 23:41 - 2014-08-29 20:39 - 00000000 ____D () C:\Users\Owner\Downloads\0000005 Christian
2014-08-29 21:18 - 2014-08-29 20:40 - 00000000 ____D () C:\Users\Owner\Downloads\0000006 Hill
2014-08-29 21:17 - 2014-08-29 20:41 - 00000000 ____D () C:\Users\Owner\Downloads\0000008 Poker
2014-08-29 21:15 - 2013-11-17 22:53 - 00000000 ____D () C:\Users\Owner\Downloads\00000000Dementia Stuff
2014-08-29 21:09 - 2013-11-07 00:33 - 00000000 ____D () C:\Users\Owner\Downloads\0000004 Country
2014-08-29 20:56 - 2014-08-29 20:54 - 00000000 ____D () C:\Users\Owner\Downloads\0000011 Fitness
2014-08-28 22:13 - 2013-10-10 22:09 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-08-28 03:58 - 2014-04-09 08:21 - 00000000 ____D () C:\Windows\rescache
2014-08-28 03:22 - 2014-07-29 22:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Spotify
2014-08-28 03:20 - 2009-07-14 00:45 - 00483024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 19:50 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 22:07 - 2014-08-27 14:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 14:34 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 14:34 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 00:43 - 2013-04-05 20:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HoldemManager
2014-08-21 00:42 - 2013-07-22 09:22 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker
2014-08-16 08:06 - 2014-01-08 08:46 - 00000000 ____D () C:\Program Files (x86)\Sendori
2014-08-15 04:05 - 2014-08-15 04:05 - 00000000 _____ () C:\Windows\SysWOW64\shoA18C.tmp
2014-08-15 04:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 03:41 - 2013-01-26 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 03:27 - 2013-07-27 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:19 - 2013-01-24 15:32 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 03:02 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 09:12 - 2014-07-31 19:32 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-14 09:12 - 2014-04-14 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-14 08:19 - 2014-01-20 20:44 - 00000000 ____D () C:\Users\Owner\Desktop\The Haven
2014-08-12 22:29 - 2014-08-12 22:29 - 00032256 _____ () C:\Users\Owner\Downloads\Actual Hours Worked 080314 to 080914.xls
2014-08-12 22:17 - 2014-08-12 22:17 - 13258240 _____ () C:\Users\Owner\Downloads\NC BLANK MATRIX THROUGH 2016.xls
2014-08-12 09:48 - 2014-08-12 09:48 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 1a3348ff67194f70965902aa8c9a21aaf66f9bbd6bb544389720cdc772a51feb
2014-08-11 17:11 - 2014-03-16 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-08-11 13:10 - 2014-03-15 22:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-11 13:10 - 2014-03-15 22:08 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-10 12:22 - 2014-07-30 05:58 - 00286941 _____ () C:\Users\Owner\Documents\HHC 08102014.xlsx
2014-08-10 12:18 - 2013-12-30 10:55 - 00016115 _____ () C:\Users\Owner\Documents\12302013MedBills.xlsx
2014-08-09 21:09 - 2014-08-09 21:09 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 9d379e16ef4944a0b29e69361d18b280d99523d5b5634f3b85cd3318c2827e51
2014-08-08 01:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\javasysmo1049142261926144463.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo1309980312199543338.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo1686669157442758519.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo174430422083665080.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo177589541974034335.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2089469842885307640.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2148497153904217457.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2220888026394918770.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2275732991638065013.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2279377338335035248.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2288873973208970796.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo232190194281015254.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2323494471899196384.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2536068159459077775.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2936626959501070758.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo2985121528103029957.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3130730979679585900.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3143027218524194069.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3497810870016445704.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3554747907111127642.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3794820868356615781.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3799282757625900500.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3812390657188440054.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3836913673556534093.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3959808600878016604.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo3971261978287653276.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo4068464716190681963.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo4138418981680054806.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo42972248025713581.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo4337642758406579493.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo4359921728012505904.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo4486842605112730077.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo46385634255720474.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo4730261727758169728.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo4829636208379088913.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo5025241913277513801.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo5054623202425808272.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo5554020088846031631.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo5662254505342687337.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo5797931772656801375.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo5923410308107369326.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo6087235886146309730.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo6132727410160207395.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo6304292082526745906.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo6428947869229387408.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo6560122127240089115.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo6631012420985819278.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo6651848068041280171.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo702049665908389353.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo7081038642435404788.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo7143451508079105351.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo7247428763675547985.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo7498134583722344988.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo7674433248228156770.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo7773053519766046207.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo7885350793489896774.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo8103351518249347820.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo816545727106149125.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo8260607674682908072.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo8347475097141297632.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo8693960065784159540.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo8738063803705176129.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo8748240685453371613.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo8863440212682392728.dll
C:\Users\Owner\AppData\Local\Temp\javasysmo8939774107678347569.dll
C:\Users\Owner\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Owner\AppData\Local\Temp\shutdown1396674606.exe
C:\Users\Owner\AppData\Local\Temp\ssdl72531.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 00:08
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:24 PM

Posted 08 September 2014 - 01:54 AM

Hi,
our next steps are:

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   838bytes   6 downloads


After Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 08 September 2014 - 08:38 PM

Here is fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01

Ran by Owner at 2014-09-08 21:21:19 Run:2

Running from C:\Users\Owner\Desktop\Bleeping

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2014-05-07] (sendori)

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2014-05-07] (Sendori, Inc.)

S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2014-05-07] (Sendori)

HKLM-x32\...\Run: [Sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2014-05-07] (Sendori, Inc.)

C:\Program Files (x86)\Sendori\

CHR DefaultSearchKeyword: Default -> ask

CHR DefaultSearchURL: Default -> http://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869

Task: {0F79A8A9-1EE6-45CD-B150-820A88E8F783} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe

C:\Windows\AutoKMS.exe

AlternateDataStreams: C:\Windows:nlsPreferences

EmptyTemp:

*****************

 

Service Sendori => Service stopped successfully.

Service Sendori => Service deleted successfully.

Application Sendori => Service stopped successfully.

Application Sendori => Service deleted successfully.

sndappv2 => Service deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Sendori Tray => value deleted successfully.

C:\Program Files (x86)\Sendori => Moved successfully.

Chrome DefaultSearchKeyword deleted successfully.

Chrome DefaultSearchURL deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0F79A8A9-1EE6-45CD-B150-820A88E8F783}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F79A8A9-1EE6-45CD-B150-820A88E8F783}" => Key deleted successfully.

C:\Windows\System32\Tasks\AutoKMS => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.

"C:\Windows\AutoKMS.exe" => File/Directory not found.

C:\Windows => ":nlsPreferences" ADS removed successfully.

EmptyTemp: => Removed 2 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 

 

Here is frst.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01

Ran by Owner (administrator) on OWNER-PC on 08-09-2014 21:35:24

Running from C:\Users\Owner\Desktop\Bleeping

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(O2Micro International) C:\Windows\System32\drivers\o2flash.exe

(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(NDS Technologies) C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe

(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

() C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

() C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

() C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\Owner\Downloads\PirateBrowser 0.6b\App\vidalia.exe

() C:\Users\Owner\Downloads\PirateBrowser 0.6b\App\tor.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Mozilla Corporation) C:\Users\Owner\Downloads\PirateBrowser 0.6b\FirefoxPortable\App\Firefox\piratefox.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)

HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)

HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)

HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [PCShowServer] => C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-11-17] (NDS Technologies)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-28] (Spotify Ltd)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-28] (Spotify Ltd)

HKU\S-1-5-21-3701043139-4236647081-2378084655-1000\...\MountPoints2: {a627f0fc-1592-11e4-a29a-0026b9dbb059} - E:\VZW_Software_upgrade_assistant.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9D47C9E615FBCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

SearchScopes: HKCU - {02A5922A-3656-4515-82B3-35DA5112A345} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default

FF DefaultSearchEngine: Yahoo!

FF SelectedSearchEngine: Yahoo!

FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Owner\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xfk5yb8d.default\searchplugins\yahoo_ff.xml

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn

FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-09-08]

 

Chrome: 

=======

CHR HomePage: Default -> A4407805F38E4E236B197D32E90D49E3FA4C3ED38AA25CAAEA5C14DE2284771E

CHR DefaultSearchKeyword: Default -> NortonSafe

CHR DefaultSearchURL: Default -> http://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr

CHR DefaultSuggestURL: Default -> http://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]

CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-29]

CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]

CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-10]

CHR Extension: (Gamers Unite! Snag Bar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg [2013-01-25]

CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-08-11]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]

R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)

R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software)

R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]

S2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\bin\pg_ctl.exe [89088 2014-03-30] (PostgreSQL Global Development Group) [File not signed]

S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2013-01-25] (Creative Labs) [File not signed]

S2 SessionLauncher; C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-10] (AVG Technologies)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-26] (Duplex Secure Ltd.)

U3 au9naghc; C:\Windows\System32\Drivers\au9naghc.sys [0 ] (Advanced Micro Devices)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-07 12:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-07 09:37 - 2014-09-07 09:37 - 00001268 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk

2014-09-07 09:37 - 2014-09-07 09:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-09-05 21:19 - 2014-09-05 21:19 - 00000000 ____D () C:\Users\Owner\Downloads\Divergent (2014)

2014-09-05 21:17 - 2014-09-05 21:23 - 00000000 ____D () C:\Users\Owner\Downloads\The Fault in Our Stars (2014)

2014-09-01 08:14 - 2014-09-01 08:14 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 590a48656627473eb57db018fb3060c35486061974624ecfb5e437dea4682a08

2014-08-29 20:54 - 2014-08-29 20:56 - 00000000 ____D () C:\Users\Owner\Downloads\0000011 Fitness

2014-08-29 20:41 - 2014-08-29 23:55 - 00000000 ____D () C:\Users\Owner\Downloads\0000007 Books

2014-08-29 20:41 - 2014-08-29 21:17 - 00000000 ____D () C:\Users\Owner\Downloads\0000008 Poker

2014-08-29 20:40 - 2014-08-29 21:18 - 00000000 ____D () C:\Users\Owner\Downloads\0000006 Hill

2014-08-29 20:39 - 2014-08-29 23:41 - 00000000 ____D () C:\Users\Owner\Downloads\0000005 Christian

2014-08-27 14:34 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-27 14:34 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-27 14:34 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-23 05:55 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-23 05:55 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-23 05:55 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-23 05:55 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-23 05:54 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-23 05:54 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-23 05:54 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-23 05:54 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-23 05:54 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-23 05:54 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-23 05:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-23 05:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-23 05:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-23 05:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-08-15 04:05 - 2014-08-15 04:05 - 00000000 _____ () C:\Windows\SysWOW64\shoA18C.tmp

2014-08-15 03:04 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-15 03:04 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-15 03:04 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-15 03:04 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-15 03:04 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-15 03:04 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-15 03:03 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-15 03:03 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-14 23:53 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-14 23:53 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-14 23:53 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-14 23:53 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-14 23:53 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-14 23:53 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-14 23:53 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-14 23:53 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-14 23:53 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-14 23:53 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-14 23:53 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-14 23:53 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-14 23:53 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-14 23:53 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-14 23:52 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-14 23:52 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-14 23:52 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-14 23:52 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-14 23:52 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-14 23:52 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-14 23:52 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-14 23:52 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-14 23:52 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-14 23:52 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-14 23:52 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-14 23:52 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-14 23:52 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-14 23:52 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-14 23:52 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-14 23:52 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-14 23:52 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-14 23:52 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-14 23:52 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-14 23:52 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-14 23:52 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-14 23:52 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-14 23:52 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-14 23:52 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-14 23:52 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-14 23:52 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-14 23:52 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-14 23:52 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-14 23:52 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-14 23:52 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-14 23:52 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-14 23:52 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-14 23:52 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-14 23:52 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-14 23:52 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-14 23:52 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-14 23:52 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-14 23:52 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-14 23:52 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-14 23:52 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-14 23:52 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-14 23:52 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-14 23:52 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-14 23:52 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-14 23:52 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-14 23:52 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-14 23:52 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-14 23:52 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-14 23:52 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-14 23:52 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-14 23:52 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-14 23:51 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-14 23:51 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-14 23:51 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-14 23:51 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-14 23:51 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-14 23:51 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-14 23:51 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-14 23:51 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-14 23:50 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-14 23:50 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-14 23:50 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-14 23:50 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 22:29 - 2014-08-12 22:29 - 00032256 _____ () C:\Users\Owner\Downloads\Actual Hours Worked 080314 to 080914.xls

2014-08-12 22:17 - 2014-08-12 22:17 - 13258240 _____ () C:\Users\Owner\Downloads\NC BLANK MATRIX THROUGH 2016.xls

2014-08-12 09:48 - 2014-08-12 09:48 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 1a3348ff67194f70965902aa8c9a21aaf66f9bbd6bb544389720cdc772a51feb

2014-08-09 21:09 - 2014-08-09 21:09 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 9d379e16ef4944a0b29e69361d18b280d99523d5b5634f3b85cd3318c2827e51

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-08 21:35 - 2014-07-29 21:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Spotify

2014-09-08 21:35 - 2014-02-22 03:19 - 00000000 ____D () C:\FRST

2014-09-08 21:35 - 2014-02-22 03:18 - 00000000 ____D () C:\Users\Owner\Desktop\Bleeping

2014-09-08 21:35 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-08 21:35 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-08 21:27 - 2014-07-29 22:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Spotify

2014-09-08 21:25 - 2014-02-23 17:18 - 01877750 _____ () C:\Windows\PFRO.log

2014-09-08 21:25 - 2014-02-20 23:46 - 00007510 _____ () C:\Windows\setupact.log

2014-09-08 21:25 - 2013-01-25 19:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-08 21:25 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-08 21:24 - 2013-01-23 16:07 - 01556541 _____ () C:\Windows\WindowsUpdate.log

2014-09-08 21:18 - 2014-02-17 23:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-08 21:04 - 2013-01-25 19:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-08 09:07 - 2014-03-16 19:24 - 00000000 ____D () C:\ProgramData\MFAData

2014-09-07 12:04 - 2014-02-14 22:22 - 00000000 ____D () C:\AdwCleaner

2014-09-07 09:37 - 2014-09-07 09:37 - 00001268 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk

2014-09-07 09:37 - 2014-09-07 09:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-09-06 01:42 - 2014-07-24 20:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent

2014-09-05 21:23 - 2014-09-05 21:17 - 00000000 ____D () C:\Users\Owner\Downloads\The Fault in Our Stars (2014)

2014-09-05 21:19 - 2014-09-05 21:19 - 00000000 ____D () C:\Users\Owner\Downloads\Divergent (2014)

2014-09-03 07:01 - 2014-01-09 22:24 - 00000000 ____D () C:\Users\Owner\Desktop\entertainer

2014-09-01 08:14 - 2014-09-01 08:14 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 590a48656627473eb57db018fb3060c35486061974624ecfb5e437dea4682a08

2014-08-31 14:13 - 2013-04-05 20:47 - 00000000 ____D () C:\Users\postgres

2014-08-30 20:14 - 2013-05-06 20:35 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9895B688-BF59-452B-B4E9-1EF074C27458}

2014-08-30 00:29 - 2013-05-17 06:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc

2014-08-30 00:03 - 2013-01-27 20:14 - 00000000 ____D () C:\Users\Owner\Documents\Newsbin

2014-08-29 23:55 - 2014-08-29 20:41 - 00000000 ____D () C:\Users\Owner\Downloads\0000007 Books

2014-08-29 23:41 - 2014-08-29 20:39 - 00000000 ____D () C:\Users\Owner\Downloads\0000005 Christian

2014-08-29 21:18 - 2014-08-29 20:40 - 00000000 ____D () C:\Users\Owner\Downloads\0000006 Hill

2014-08-29 21:17 - 2014-08-29 20:41 - 00000000 ____D () C:\Users\Owner\Downloads\0000008 Poker

2014-08-29 21:15 - 2013-11-17 22:53 - 00000000 ____D () C:\Users\Owner\Downloads\00000000Dementia Stuff

2014-08-29 21:09 - 2013-11-07 00:33 - 00000000 ____D () C:\Users\Owner\Downloads\0000004 Country

2014-08-29 20:56 - 2014-08-29 20:54 - 00000000 ____D () C:\Users\Owner\Downloads\0000011 Fitness

2014-08-28 22:13 - 2013-10-10 22:09 - 00000000 ____D () C:\Program Files (x86)\PasswordBox

2014-08-28 03:58 - 2014-04-09 08:21 - 00000000 ____D () C:\Windows\rescache

2014-08-28 03:20 - 2009-07-14 00:45 - 00483024 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-24 19:50 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-22 22:07 - 2014-08-27 14:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 21:45 - 2014-08-27 14:34 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 20:59 - 2014-08-27 14:34 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 00:43 - 2013-04-05 20:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HoldemManager

2014-08-21 00:42 - 2013-07-22 09:22 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker

2014-08-15 04:05 - 2014-08-15 04:05 - 00000000 _____ () C:\Windows\SysWOW64\shoA18C.tmp

2014-08-15 04:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-15 03:41 - 2013-01-26 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-15 03:27 - 2013-07-27 03:01 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-15 03:19 - 2013-01-24 15:32 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-15 03:02 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-14 09:12 - 2014-07-31 19:32 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

2014-08-14 09:12 - 2014-04-14 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-08-14 08:19 - 2014-01-20 20:44 - 00000000 ____D () C:\Users\Owner\Desktop\The Haven

2014-08-12 22:29 - 2014-08-12 22:29 - 00032256 _____ () C:\Users\Owner\Downloads\Actual Hours Worked 080314 to 080914.xls

2014-08-12 22:17 - 2014-08-12 22:17 - 13258240 _____ () C:\Users\Owner\Downloads\NC BLANK MATRIX THROUGH 2016.xls

2014-08-12 09:48 - 2014-08-12 09:48 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 1a3348ff67194f70965902aa8c9a21aaf66f9bbd6bb544389720cdc772a51feb

2014-08-11 17:11 - 2014-03-16 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe

2014-08-11 13:10 - 2014-03-15 22:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe

2014-08-11 13:10 - 2014-03-15 22:08 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64

2014-08-10 12:22 - 2014-07-30 05:58 - 00286941 _____ () C:\Users\Owner\Documents\HHC 08102014.xlsx

2014-08-10 12:18 - 2013-12-30 10:55 - 00016115 _____ () C:\Users\Owner\Documents\12302013MedBills.xlsx

2014-08-09 21:09 - 2014-08-09 21:09 - 00003544 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 9d379e16ef4944a0b29e69361d18b280d99523d5b5634f3b85cd3318c2827e51

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-06 00:08

 

==================== End Of Log ============================



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:24 PM

Posted 09 September 2014 - 07:43 AM

Very good. But we're not done yet.

Let's do a final check up:


Step 1


Please start the eset.pngESET Online Scanner.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 10 September 2014 - 06:24 AM

Here is the log file from ESET

 

 

ESETSmartInstaller@High as downloader log:

all ok

DLL:pipe not connected. attempts=120

DLL:pipe not connected. attempts=120

ESETSmartInstaller@High as downloader log:

all ok

DLL:pipe not connected. attempts=120

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=1e15c8824d4c7d449ef9b53266e6ea90

# engine=17202

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-02-24 06:23:14

# local_time=2014-02-24 01:23:14 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3591 16777213 100 88 0 155772779 0 0

# compatibility_mode=5893 16776574 100 94 18888264 144809644 0 0

# scanned=409222

# found=17

# cleaned=0

# scan_time=17283

sh=FAEC9C07DDBCEF6B8FC9243DC4E01945EF42AA9D ft=1 fh=4b054aeef455a592 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Backup 11292012\desktop\zaSetupWeb_101_101_000_en.exe"

sh=685C5C232AB3620AF3B7C9771F0D0A8E45FF7025 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Backup 11292012\Documents\Archives\MSOffice2010Pro\MS.Office.2010.Pro.Plus.iso"

sh=637FAEC0C76D5FD1F291341514D911553D4FF5C5 ft=0 fh=0000000000000000 vn="a variant of Win32/Injector.JAE trojan" ac=I fn="C:\Backup 11292012\Documents\Newsbin Download\alt.binaries.test\Copy(1) of 3 Daniel Hall - Top 5 Secrets to Writing, Publishing & Profiting from Your .rar"

sh=CD6DD8D923CB6C88FDBFA6487FA65D7CEF7F682D ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.N potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\Alcohol120.Portable.1.96.rar"

sh=9BDA59A26B75C85AF6FB61FD02E1C5C4F1369444 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AS potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\BatchRenamePro.3.70.rar"

sh=20F7F1215C59D0F0B18FBD27429556F261EDBCEE ft=1 fh=bb1f3b8fe6aeca14 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Backup 11292012\downloads\cnet_smart-pdf-converter-pro-setup_exe.exe"

sh=A252331C5D7080E8D4AA0ABB110C834423188361 ft=1 fh=3f9ce49950469d30 vn="Win32/DownloadAdmin.A.Gen potentially unwanted application" ac=I fn="C:\Backup 11292012\downloads\gimp-setup.exe"

sh=6D863C63AEC5D799FCF8FA29BEFAA1A9A62500C9 ft=1 fh=c71c0011d8c1df3d vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Backup 11292012\downloads\iLividSetupV1.exe.dap"

sh=684ED67DD91D6F2E14FA89D42AF7703C5F60B420 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\Office.2010.Activator.rar"

sh=C8FC69153D78859EBB9070B11B697702C5A9BB91 ft=1 fh=40c63596a68a52cd vn="a variant of Win32/Keygen.AS potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\BatchRenamePro.3.70\BatchRenamePro\Keygen and patch\Keygen.exe"

sh=CB5C6545CC7D0108C3315092A10BFC025BAB5799 ft=1 fh=26022cc2739f4681 vn="a variant of Win32/HackTool.Patcher.U potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\NeroBurningROM.11.0.10500\Patch\Patch.exe"

sh=F4A22C0FFB365DF4551E5E2BBFC82C1D62E48069 ft=1 fh=c71c0011ebe5c035 vn="a variant of Win32/Injector.ANEX trojan" ac=I fn="C:\FRST\Quarantine\Rar$EXa0.78023-02-2014_19-49-27\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe"

sh=C02423884B82F50565A8AA2BE8F974E821760F18 ft=0 fh=0000000000000000 vn="Eicar test file" ac=I fn="C:\Users\Owner\AppData\Local\Temp\Av-test.txt"

sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\ccsetup410.exe"

sh=5E6A0950D61C36F74BDDBB3E5123A0A844683BEA ft=1 fh=52470d0f717b11f5 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\epm.exe"

sh=AC331FC17EDB1DB1463BC349FEF9557D034AD635 ft=1 fh=2d193fcb43bbe26d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\FreeStudio.exe"

sh=6C14FB7A268D8941A092BDF2B17A563724454299 ft=1 fh=4a584e441d23f7f9 vn="Win32/Toolbar.Babylon.T potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\ReimageRepair.exe"

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=1e15c8824d4c7d449ef9b53266e6ea90

# engine=20079

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-09-10 11:20:17

# local_time=2014-09-10 07:20:17 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Norton Internet Security'

# compatibility_mode=3595 16777213 100 91 0 172854602 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 0 161891467 0 0

# scanned=399487

# found=34

# cleaned=0

# scan_time=34689

sh=7C840F4CE3A47E709E5771E1927767210D4AB717 ft=1 fh=3c7aa24271d58db1 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\OpenCandy\5DCAF102075643B4B45DB641A8480844\SendoriSetupx11915.exe.vir"

sh=FAEC9C07DDBCEF6B8FC9243DC4E01945EF42AA9D ft=1 fh=4b054aeef455a592 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Backup 11292012\desktop\zaSetupWeb_101_101_000_en.exe"

sh=20F7F1215C59D0F0B18FBD27429556F261EDBCEE ft=1 fh=bb1f3b8fe6aeca14 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Backup 11292012\downloads\cnet_smart-pdf-converter-pro-setup_exe.exe"

sh=A252331C5D7080E8D4AA0ABB110C834423188361 ft=1 fh=3f9ce49950469d30 vn="Win32/DownloadAdmin.A.Gen potentially unwanted application" ac=I fn="C:\Backup 11292012\downloads\gimp-setup.exe"

sh=6D863C63AEC5D799FCF8FA29BEFAA1A9A62500C9 ft=1 fh=c71c0011d8c1df3d vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Backup 11292012\downloads\iLividSetupV1.exe.dap"

sh=C8FC69153D78859EBB9070B11B697702C5A9BB91 ft=1 fh=40c63596a68a52cd vn="a variant of Win32/Keygen.AS potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\BatchRenamePro.3.70\BatchRenamePro\Keygen and patch\Keygen.exe"

sh=CB5C6545CC7D0108C3315092A10BFC025BAB5799 ft=1 fh=26022cc2739f4681 vn="a variant of Win32/HackTool.Patcher.U potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\NeroBurningROM.11.0.10500\Patch\Patch.exe"

sh=07E686F88D99C73190612BB140E91DB1EB122BCB ft=1 fh=b6b98611705305bc vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\DynLib.dll"

sh=93FBA5C2875BB9CA06D4CA330BCCBBE553184A33 ft=1 fh=4a3f55b6aa37e2d2 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\freebl3.dll"

sh=95F3E1B951C760420C2E2B6D92E8733202087E50 ft=1 fh=e6d57f04da06a8be vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\Interop.PCProxyLib.dll"

sh=88855E0F54F64271046477DD8504B21F9D1E1A88 ft=1 fh=b33466698ba90558 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\libnspr4.dll"

sh=8F33765CEE19E262EF48DA4B49EABFBCFBB9A8C2 ft=1 fh=34173d23bfc6e1aa vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\libplc4.dll"

sh=847D3D74B4E730BED6E6B3849E1C707B204E5A42 ft=1 fh=abac262dff277c8e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\libplds4.dll"

sh=0B21D80D329B84031F140EF141CC0BB38BD44113 ft=1 fh=ca812209877442b2 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\nss3.dll"

sh=9874870AE1C97BF327403EF7A3284BA3639CDBAE ft=1 fh=c2148bef0349c162 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\nssckbi.dll"

sh=767D90EC14D9375F8D2BA082F795C685B2A90B16 ft=1 fh=67a56d7c4a0ef74b vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\nssdbm3.dll"

sh=9BCB95CCF28583E681720115B25037C43C072894 ft=1 fh=37e8a8170358956a vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\nssutil3.dll"

sh=62BCA41F15F48AB38E8BE75733F8760C45723330 ft=1 fh=46af81b82dc32f3e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\Sendori.dll"

sh=0D9624E0031FC2632981F3B19B864CE5A0FF7A20 ft=1 fh=e275c2ba31002490 vn="a variant of MSIL/Adware.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\Sendori.Library.dll"

sh=4071258A9DD62913AA38FF2C7FA9077F2C172995 ft=1 fh=14074fec478c7f8d vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\Sendori.Service.exe"

sh=B84A9F0D68BC86BB54296E6E4C72293656906F4F ft=1 fh=0c15462ee78f20b3 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\SendoriControl.exe"

sh=7491A20478190313CF41E9F8E2B7FA16EE8536A9 ft=1 fh=0167fa5c2f1c74c9 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\SendoriLSP.exe"

sh=AE0F96F21E38243B7500822BD7DFAC59E77034B7 ft=1 fh=5e0baee460185b75 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\SendoriLSP64.exe"

sh=6EF473251D606FE7E262B04856C0053B67AF3B29 ft=1 fh=ee44ba2ab0b334a6 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\SendoriSvc.exe"

sh=6D901C00AB5A96AED5ECFDCF53B7F9C18BD4EF37 ft=1 fh=2100f97519b95d50 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\SendoriTray.exe"

sh=7F0DED9B7629CE12A19DC180C5056AD4C7317C87 ft=1 fh=26224417f86f5ff1 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\smime3.dll"

sh=6F9CD84EE6091B586394E7A76CF25A6793572659 ft=1 fh=2e265f0247aa8387 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\sndappv2.exe"

sh=A1BFEF66FE45ED8D27408DF5D5B4CD8D6DAED0CA ft=1 fh=00fa2342475a6be6 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\SndCertDLL.dll"

sh=53DA6669EA70D4A307503564A524F0E1AE48708B ft=1 fh=40ea5479fec4bb4a vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\softokn3.dll"

sh=914A0B504FBA0CADBD5250CCF6D00C8E44FD0491 ft=1 fh=6826a69cce8ec1e3 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\sqlite3.dll"

sh=5412556CE4A48BD8555A4F0402E4043D438D03D6 ft=1 fh=cd605d8e1d9462a9 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Sendori\ssl3.dll"

sh=F4A22C0FFB365DF4551E5E2BBFC82C1D62E48069 ft=1 fh=c71c0011ebe5c035 vn="a variant of Win32/Injector.ANEX trojan" ac=I fn="C:\FRST\Quarantine\Rar$EXa0.78023-02-2014_19-49-27\Nitro.Pro.Enterprise.v8.5.4.11.x86.x64.incl.REG-file.exe"

sh=62BCA41F15F48AB38E8BE75733F8760C45723330 ft=1 fh=46af81b82dc32f3e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Windows\System32\Sendori.dll"

sh=62BCA41F15F48AB38E8BE75733F8760C45723330 ft=1 fh=46af81b82dc32f3e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Windows\SysWOW64\Sendori.dll"



#12 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 10 September 2014 - 06:25 AM

The computer seems to be ok now with neither of the two problems occurring in the past couple of days.  Any protocols to follow to keep it that way?



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:24 PM

Posted 11 September 2014 - 02:22 AM

Hi! :)

Looking good, ESET has found just a few leftovers of adware and....
 
sh=C8FC69153D78859EBB9070B11B697702C5A9BB91 ft=1 fh=40c63596a68a52cd vn="a variant of Win32/Keygen.AS potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\BatchRenamePro.3.70\BatchRenamePro\Keygen and patch\Keygen.exe"

sh=CB5C6545CC7D0108C3315092A10BFC025BAB5799 ft=1 fh=26022cc2739f4681 vn="a variant of Win32/HackTool.Patcher.U potentially unsafe application" ac=I fn="C:\Backup 11292012\downloads\NeroBurningROM.11.0.10500\Patch\Patch.exe"
The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.
 

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB




...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...


http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.



Please run the following fix:

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   292bytes   5 downloads



That's it! abklatsch.gif
Your logs look clean to me at the moment. icon_thumb.gif
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.



Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Mozilla Firefox 25.0
Java 7 Update 60


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:24 PM

Posted 14 September 2014 - 01:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users