Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dllhost.exe / COM Surrogate invasion!


  • This topic is locked This topic is locked
13 replies to this topic

#1 PaulNewman

PaulNewman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 22 September 2014 - 02:12 PM

Hi, I have an issue with computer slowdown due to at least one issue: malware resulting in 20-50 dllhost.exe com surrogate processes eating up my memory. There may be per issues masked by this, but not sure. I've run a bunch of things, including MBAM and Norton Power Eraser, but no luck.

Can somebody walk e through some steps to get me back up and running?

Thanks!

BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 22 September 2014 - 02:39 PM

Hi there,

please run a FRST scan to start with:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 PaulNewman

PaulNewman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 22 September 2014 - 03:27 PM

Thanks for the quick reply! Here are the log files.

 

==================== FRST Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by paul (administrator) on PNEWMAN on 22-09-2014 11:41:36
Running from C:\Users\paul\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\ComboFix\CF27688.3XE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Driver Genius] => [X]
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1266335906-3310993854-2177237475-1002\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-17] (Google Inc.)
HKU\S-1-5-21-1266335906-3310993854-2177237475-1002\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
HKU\S-1-5-21-1266335906-3310993854-2177237475-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: c:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)
AppInit_DLLs:  c:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {35E95AA2-9202-4912-A816-53421B9FDE8B} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=9u6EQGM5hu-XQpYS1hc9k14aoKM?q={searchTerms}
SearchScopes: HKCU - {71443010-0A11-45FE-97CA-87509A0BCC68} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {DD66BDD5-5408-4FE9-B3D6-1CE040BAD800} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
BHO: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://blizzard.buckhill.com:22222/SysCamInst.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ukmeeting.webex.com/client/T26L/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-09-05] (SuperAdBlocker.com)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a6dfe304-571a-4153-89fb-51226c22a94b}: [NameServer] 10.39.48.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\paul\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox [2010-03-05]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2010-12-21]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2013-09-29]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2013-09-29]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-06]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR CustomProfile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (McAfee Security Scan+) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-28]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-02]
CHR Extension: (Search by Image (by Google)) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-12-22]
CHR Extension: (AdBlock) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-27]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2012-12-28]
CHR Extension: (Google Wallet) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2010-12-21]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-09] (SUPERAntiSpyware.com) [File not signed]
S4 AdobeActiveFileMonitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] () [File not signed]
S4 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95232 2012-12-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [189440 2014-03-23] (NETGEAR) [File not signed]
S4 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] () [File not signed]
S4 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]
S2 RoxLiveShare9; No ImagePath
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35560 2012-08-01] (AnchorFree Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [3200 2010-01-18] (Windows ® Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-09-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-12] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2011-09-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-08-01] (AnchorFree Inc)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2012-01-04] (Windows ® Win 7 DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 jgydert; System32\drivers\kiadsqto.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pepifilter; system32\DRIVERS\lv302af.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 2F8ECE2699E7E2070545E9B0960A8ED2
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\DRIVERS\lvrs.sys B895839B8743E400D7C7DAE156F74E7E
C:\Windows\System32\drivers\LVUSBSta.sys 23F8EF78BB9553E465A476F3CEE5CA18
C:\Windows\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92
C:\Windows\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3
C:\Windows\system32\drivers\mwac.sys 799613BA73D25641402AA81B6403EFF8
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 2681302B63B318CBEA6C82902AC5428C
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\drivers\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 6A4A98CEE84CF9E99564510DDA4BAA47
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys 055081FD5076401C1EE1BCAB08D81911
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LV302V32.SYS 4BB5AC2DD485B8EEFCCB977EE66A68AD
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys 03E0FE281823BA64B3782F5B38950E73
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\atikmdag.sys E642B131FB74CAF4BB8A014F31113142
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rcmirror.sys A7BAD9853A70E2E7808BE027EFE0522A
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys 0245418224CFA77BF4B41C2FE0622258
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\Drivers\RimUsb.sys 4F4A4C09CC5BE58A76CAC1C337E004E6
C:\Windows\System32\DRIVERS\RimSerial.sys 3A5633AD615E2B15291BD0B1B97CCD8A
C:\Windows\System32\Drivers\RootMdm.sys 75E8A6BFA7374ABA833AE92BF41AE4E6
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 7CE61C25C159F50F9EAF6D77FC83FA35
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 77B9FC20084B48408AD3E87570EB4A85
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 51CF56AA8BCC241F134B420B8F850406
C:\Windows\system32\drivers\sffp_mmc.sys 96DED8B20C734AC41641CE275250E55D
C:\Windows\system32\drivers\sffp_sd.sys 8B08CAB1267B2C377883FC9E56981F90
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 08072B2FB92477FC813271A84B3A8698
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\serscan.sys EF70B3D22B4BFFDA6EA851ECB063EFAA
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\taphss.sys FD90A16CEB10D4FDAA00AAF39B8FF58F
C:\Windows\System32\drivers\tcpip.sys 27D470DABC77BC60D0A3B0E4DEB6CB91
C:\Windows\System32\DRIVERS\tcpip.sys 27D470DABC77BC60D0A3B0E4DEB6CB91
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\gtkdrv.sys 113384367C3999E084FE156B18C7625E
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys 6D72EF05921ABDF59FC45C7EBFE7E8DD
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys 73B41F4EAD65F355962168D766AF0F2E
C:\Windows\System32\drivers\usbaudio.sys 32DB9517628FF0D070682AAB61E688F0
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys D5929A28BDFF4367A12CAF06AF901971
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys 689547CE911998D1E0DA7A5992E025FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 6D2350BB6E77E800FC4BE4E5B7A2E89A
C:\Windows\system32\drivers\wmiacpi.sys 17EAC0D023A65FA9B02114CC2BAACAD5
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WSDPrint.sys 4422AC5ED8D4C2F0DB63E71D4C069DD7
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys 5A7FF9A18FF6D7E0527FE3ABF9204EF8
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 11:41 - 2014-09-22 11:49 - 00036193 _____ () C:\Users\paul\Downloads\FRST.txt
2014-09-22 11:11 - 2014-09-22 11:45 - 00000000 ____D () C:\FRST
2014-09-22 10:59 - 2014-09-22 11:00 - 01097728 _____ (Farbar) C:\Users\paul\Downloads\FRST.exe
2014-09-22 10:44 - 2014-09-22 10:44 - 00020261 _____ () C:\ComboFix.txt
2014-09-22 08:20 - 2014-09-22 08:22 - 00000000 ____D () C:\Users\paul\Desktop\DesktopPics
2014-09-21 22:05 - 2014-09-21 22:05 - 05578824 ____R (Swearware) C:\Users\paul\Downloads\ComboFix.exe
2014-09-21 22:05 - 2014-09-21 22:05 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\paul\Downloads\rkill.exe
2014-09-21 21:04 - 2014-09-21 21:06 - 00918440 _____ (Oracle Corporation) C:\Users\paul\Downloads\chromeinstall-7u67.exe
2014-09-21 17:57 - 2014-09-21 17:58 - 00000000 ____D () C:\NPE
2014-09-21 17:29 - 2014-09-21 17:31 - 03060320 ____N (Symantec Corporation) C:\Users\paul\Downloads\NPE (2).exe
2014-09-21 17:29 - 2014-09-21 17:30 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (7).exe
2014-09-21 17:29 - 2014-09-21 17:30 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (6).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 03060320 ____N (Symantec Corporation) C:\Users\paul\Downloads\NPE (1).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue.exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (5).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (4).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (3).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (2).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (1).exe
2014-09-21 17:15 - 2014-09-21 17:15 - 00083064 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR300.SYS
2014-09-21 17:15 - 2014-09-21 17:15 - 00000020 _____ () C:\Windows\system32\Drivers\SMR300.dat
2014-09-21 17:07 - 2014-09-21 17:29 - 20119464 _____ (White Sky, Inc.) C:\Users\paul\Downloads\constantguard.exe
2014-09-21 16:57 - 2014-09-21 16:57 - 00143208 _____ () C:\Windows\Minidump\Mini092114-01.dmp
2014-09-21 16:08 - 2014-09-21 16:43 - 00000000 ____D () C:\ProgramData\j9tbgsdger04r
2014-09-21 16:07 - 2014-09-21 16:08 - 30856384 _____ (Microsoft Corporation) C:\Users\paul\Downloads\Windows-KB890830-V5.16 (1).exe
2014-09-21 16:05 - 2014-09-21 16:13 - 30856384 _____ (Microsoft Corporation) C:\Users\paul\Downloads\Windows-KB890830-V5.16.exe
2014-09-18 23:06 - 2014-09-22 11:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-18 23:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 23:05 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 23:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 22:48 - 2014-09-18 22:49 - 00321848 _____ (Malwarebytes Corporation) C:\Users\paul\Downloads\mbam-clean-2.1.1.1001.exe
2014-09-18 22:31 - 2014-09-18 22:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\paul\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 03:49 - 2014-09-18 23:52 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Ywgayc
2014-09-16 03:46 - 2014-09-21 16:05 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 11:55 - 2012-12-19 21:08 - 00000000 ____D () C:\Qoobox
2014-09-22 11:49 - 2014-09-22 11:41 - 00036193 _____ () C:\Users\paul\Downloads\FRST.txt
2014-09-22 11:45 - 2014-09-22 11:11 - 00000000 ____D () C:\FRST
2014-09-22 11:32 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 11:32 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 11:30 - 2014-01-26 00:21 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266335906-3310993854-2177237475-1002UA.job
2014-09-22 11:30 - 2012-05-17 15:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 11:30 - 2010-02-11 04:22 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 11:12 - 2014-09-18 23:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 11:00 - 2014-09-22 10:59 - 01097728 _____ (Farbar) C:\Users\paul\Downloads\FRST.exe
2014-09-22 10:44 - 2014-09-22 10:44 - 00020261 _____ () C:\ComboFix.txt
2014-09-22 10:21 - 2011-02-26 11:59 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-09-22 09:50 - 2008-07-03 07:33 - 02079463 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 09:36 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 09:35 - 2010-02-11 04:22 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 09:30 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 09:30 - 2006-11-02 07:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-22 09:29 - 2008-07-03 08:03 - 02057588 _____ () C:\Windows\PFRO.log
2014-09-22 09:28 - 2006-11-02 08:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-22 09:28 - 2006-11-02 05:22 - 58982400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 43778048 _____ () C:\Windows\system32\config\COMPON~1.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 28573696 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-22 09:27 - 2012-12-19 21:06 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 08:22 - 2014-09-22 08:20 - 00000000 ____D () C:\Users\paul\Desktop\DesktopPics
2014-09-22 07:49 - 2009-05-23 18:16 - 00000000 ____D () C:\Users\Guest\Tracing
2014-09-21 22:05 - 2014-09-21 22:05 - 05578824 ____R (Swearware) C:\Users\paul\Downloads\ComboFix.exe
2014-09-21 22:05 - 2014-09-21 22:05 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\paul\Downloads\rkill.exe
2014-09-21 21:21 - 2012-12-21 14:53 - 00000000 ____D () C:\Users\paul\AppData\Local\NPE
2014-09-21 21:10 - 2008-07-03 07:48 - 00000000 ____D () C:\Program Files\Java
2014-09-21 21:06 - 2014-09-21 21:04 - 00918440 _____ (Oracle Corporation) C:\Users\paul\Downloads\chromeinstall-7u67.exe
2014-09-21 18:56 - 2009-08-02 01:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-21 18:31 - 2008-07-10 15:29 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2014-09-21 17:58 - 2014-09-21 17:57 - 00000000 ____D () C:\NPE
2014-09-21 17:31 - 2014-09-21 17:29 - 03060320 ____N (Symantec Corporation) C:\Users\paul\Downloads\NPE (2).exe
2014-09-21 17:30 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (7).exe
2014-09-21 17:30 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (6).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 03060320 ____N (Symantec Corporation) C:\Users\paul\Downloads\NPE (1).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue.exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (5).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (4).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (3).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (2).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (1).exe
2014-09-21 17:29 - 2014-09-21 17:07 - 20119464 _____ (White Sky, Inc.) C:\Users\paul\Downloads\constantguard.exe
2014-09-21 17:15 - 2014-09-21 17:15 - 00083064 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR300.SYS
2014-09-21 17:15 - 2014-09-21 17:15 - 00000020 _____ () C:\Windows\system32\Drivers\SMR300.dat
2014-09-21 16:57 - 2014-09-21 16:57 - 00143208 _____ () C:\Windows\Minidump\Mini092114-01.dmp
2014-09-21 16:57 - 2009-06-02 08:05 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 16:56 - 2009-06-02 08:04 - 467730398 _____ () C:\Windows\MEMORY.DMP
2014-09-21 16:43 - 2014-09-21 16:08 - 00000000 ____D () C:\ProgramData\j9tbgsdger04r
2014-09-21 16:13 - 2014-09-21 16:05 - 30856384 _____ (Microsoft Corporation) C:\Users\paul\Downloads\Windows-KB890830-V5.16.exe
2014-09-21 16:08 - 2014-09-21 16:07 - 30856384 _____ (Microsoft Corporation) C:\Users\paul\Downloads\Windows-KB890830-V5.16 (1).exe
2014-09-21 16:05 - 2014-09-16 03:46 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-21 15:53 - 2013-07-02 17:33 - 00000000 ____D () C:\Users\paul\Documents\PhraseExpress
2014-09-21 15:50 - 2012-01-09 21:11 - 00000000 ____D () C:\Windows\pss
2014-09-21 15:40 - 2012-12-21 12:56 - 00000000 ____D () C:\Users\paul\AppData\Roaming\uTorrent
2014-09-21 15:40 - 2012-12-21 12:54 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Dropbox
2014-09-21 14:28 - 2014-01-26 00:21 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266335906-3310993854-2177237475-1002Core.job
2014-09-21 13:49 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Provisioning
2014-09-21 13:48 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-09-20 20:46 - 2013-09-04 13:43 - 00000404 ____H () C:\Windows\Tasks\Norton Security Scan for paul.job
2014-09-18 23:52 - 2014-09-16 03:49 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Ywgayc
2014-09-18 23:51 - 2014-07-14 15:25 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Search Protection
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-18 22:50 - 2012-12-21 14:43 - 00000000 ____D () C:\Users\paul\AppData\Local\CrashDumps
2014-09-18 22:49 - 2014-09-18 22:48 - 00321848 _____ (Malwarebytes Corporation) C:\Users\paul\Downloads\mbam-clean-2.1.1.1001.exe
2014-09-18 22:31 - 2014-09-18 22:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\paul\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-18 19:45 - 2014-06-30 22:48 - 00000000 ____D () C:\Users\paul\AppData\Local\NETGEARGenie
2014-09-18 19:38 - 2013-08-26 13:17 - 00000000 ____D () C:\Users\Guest\Documents\PhraseExpress
2014-09-17 21:19 - 2011-09-14 20:12 - 00000000 ____D () C:\Users\Guest\Desktop\VALERIE DOCS
2014-09-15 17:31 - 2012-05-17 15:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-15 17:31 - 2011-07-07 09:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-13 22:24 - 2012-12-21 12:54 - 00000000 ____D () C:\Users\paul\AppData\Roaming\HpUpdate
2014-09-13 18:21 - 2006-11-02 05:33 - 00707520 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 18:20 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\twain_32
2014-09-13 18:20 - 2006-11-02 05:23 - 00000254 _____ () C:\Windows\win.ini
2014-09-08 18:40 - 2012-12-21 13:08 - 00000000 ____D () C:\Users\paul\Desktop\Random pics
2014-09-02 14:43 - 2012-12-21 14:43 - 00206848 _____ () C:\Users\paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-31 23:40 - 2012-12-21 12:54 - 00000000 ____D () C:\Users\paul\AppData\Roaming\HandBrake
2014-08-29 13:01 - 2006-11-02 05:24 - 98758480 ____N (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-25 06:53 - 2009-10-02 18:29 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\temp\InstallManager_BAB_BAB.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7fdd6ac6-70be-11db-ba26-a0b016378059}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No
 
Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  partition=E:
path                    \Windows\System32\boot\winload.exe
description             Windows Recovery Environment
osdevice                partition=E:
systemroot              \Windows
resumeobject            {ffc392b0-4919-11dd-a1b3-806e6f6e6963}
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7fdd6ac6-70be-11db-ba26-a0b016378059}
nx                      OptIn
bootlog                 No
 
Resume from Hibernate
---------------------
identifier              {7fdd6ac6-70be-11db-ba26-a0b016378059}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {ffc392b0-4919-11dd-a1b3-806e6f6e6963}
device                  partition=E:
path                    \Windows\System32\boot\winresume.exe
description             Windows Recovery Environment
inherit                 {resumeloadersettings}
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
 
LastRegBack: 2014-09-22 12:17
 
==================== End Of Log ============================
 
 
 
====================Addition Log============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2014 01
Ran by paul at 2014-09-22 12:10:27
Running from C:\Users\paul\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 3.0 (HKLM\...\{851C67EF-068A-4060-9EF5-2E3DDCD68382}) (Version: 003.000.0000 - Adobe Systems Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32 - Research In Motion Ltd.) Hidden
BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone (HKLM\...\{E896DA69-F993-440E-8515-EB197EFB284F}) (Version: 4.5.0.81 (Platform 2.7.0.78) - Research In Motion Ltd.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C410 (Version: 140.0.273.000 - Hewlett-Packard) Hidden
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.2.0.1 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.3.0.11 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.2.0.11 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.3.0.19 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.6.0.9 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.0.4.18 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Cyberduck 4.2.1 (9350) (HKLM\...\Cyberduck) (Version: 4.2.1 (9350) - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
DocProc (Version: 140.0.99.000 - Hewlett-Packard) Hidden
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Driver Genius Professional Edition (HKLM\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)
DVDFab 9.0.3.8 (29/04/2013) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Edmark Mighty Math Zoo Zillions (HKLM\...\Mighty Math Zoo Zillions) (Version:  - )
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Fax (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server UK) (Version: 2.0.1.13 - MAGIX AG)
Free Mp3 Wma Ogg Converter 7.1.1 (HKLM\...\{ACF1662C-404B-47AD-9D57-5CA7C9307284}_is1) (Version:  - CyberPower Tech, Inc.)
Free Window Registry Repair (HKLM\...\Free Window Registry Repair) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gears (HKLM\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
HandBrake 0.9.6 (HKLM\...\HandBrake) (Version: 0.9.6 - )
honestech Claymation Studio (Version: 3.0.0 - honestech) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden
iPod for Windows 2005-09-23 (HKLM\...\InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}) (Version: 4.3.0 - Apple Computer, Inc.)
iPod for Windows 2005-09-23 (Version: 4.3.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 4.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.9.5 - )
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.26 - Symantec Corporation)
MAGIX 3D Maker (embeded) (HKLM\...\MAGIX 3D Maker UK) (Version: 6.0.0.10 - MAGIX AG)
MAGIX Movie Edit Pro 15 Plus Download version 8.0.5.8 (UK) (HKLM\...\MAGIX Movie Edit Pro 15 Plus Download version UK) (Version: 8.0.5.8 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (UK) (HKLM\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.187 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.1.54.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{BCC7E198-1D10-4B55-956E-550A196F8056}) (Version: 8.0.6362.190 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 2.0.269.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft UI Engine (Version: 6.3.2348.0 - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
MSN Toolbar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0357.1 - Microsoft Corporation)
MSN Toolbar Platform (Version: 4.0.0357.1 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PhraseExpress v10.1.28 (HKLM\...\PhraseExpress_is1) (Version: 10.1.28 - Bartels Media GmbH)
PlayMemories Home (HKLM\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation)
PS_AIO_07_C410_SW_Min (Version: 140.0.273.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.27.0.1000 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TinEye Internet Explorer plugin 1.2 (HKLM\...\{AD1C7ACE-30DC-4107-B6A7-9495D12DC846}) (Version: 1.2.0 - Idée Inc.)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.14 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2836940) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{525A4A44-8940-40AD-ABA0-14501199D2F0}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2343F7D1-9E41-4CD7-AC67-264E8E9968BD}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
Videora Apple TV Converter 6 (HKLM\...\Videora Apple TV Converter) (Version: 6 - Red Kawa)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Widevine Media Optimizer Chrome 6.0.0 (HKCU\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Browser Services (HKLM\...\Yahoo! Extras) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\paul\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{defa762b-ebc6-4ce2-a48c-32b232aac64d}\InprocServer32 -> C:\Users\paul\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1266335906-3310993854-2177237475-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
28-08-2014 05:19:20 Scheduled Checkpoint
29-08-2014 06:10:25 Scheduled Checkpoint
30-08-2014 11:21:03 Scheduled Checkpoint
31-08-2014 18:51:30 Scheduled Checkpoint
02-09-2014 15:07:10 Windows Update
03-09-2014 15:54:24 Scheduled Checkpoint
04-09-2014 22:20:01 Scheduled Checkpoint
05-09-2014 20:56:03 Scheduled Checkpoint
05-09-2014 20:59:55 Windows Update
06-09-2014 17:05:55 Scheduled Checkpoint
08-09-2014 17:32:34 Scheduled Checkpoint
09-09-2014 21:55:35 Windows Update
10-09-2014 08:00:46 Windows Update
11-09-2014 06:19:47 Scheduled Checkpoint
12-09-2014 08:00:31 Windows Update
12-09-2014 22:01:48 Scheduled Checkpoint
16-09-2014 07:07:29 Windows Update
16-09-2014 23:20:26 Scheduled Checkpoint
17-09-2014 08:00:31 Windows Update
18-09-2014 18:13:51 Scheduled Checkpoint
19-09-2014 08:00:33 Windows Update
20-09-2014 08:00:25 Windows Update
21-09-2014 08:01:58 Windows Update
22-09-2014 01:15:34 Norton_Power_Eraser_20140921201534317
22-09-2014 01:57:11 Removed Java 7 Update 25
22-09-2014 08:00:31 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2014-09-22 09:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {015F9D2A-A82C-482D-9012-400F7339C7A9} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-31] (Google)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5845931F-F60F-4245-A50F-4A21D07C5E7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.)
Task: {6A52979C-1261-4FDE-9846-957B52D3D300} - \35811200 No Task File <==== ATTENTION
Task: {75A05597-46A5-4A31-94DD-7898AA3D4168} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1266335906-3310993854-2177237475-1002Core => C:\Users\paul\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)
Task: {7752A35E-A681-4028-AAAB-E311C3B53E2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.)
Task: {836317B4-9639-4CA2-A715-75D220DFBAFF} - System32\Tasks\Norton Security Scan for paul => C:\Program Files\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-08-21] (Symantec Corporation)
Task: {84FAA406-BCA8-42C5-8CD1-568D178042B7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9988A60C-14CD-407D-B3DE-CEDA8062A98B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-15] (Adobe Systems Incorporated)
Task: {A94D0CB5-A051-48AD-8A83-2B9061921CB8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BA3DE1FD-8866-47B2-B3EC-D346071C2ED6} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {CB25AA95-C4DA-40A8-8A13-4F8CF79AF7D3} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (admin) => C:\Users\admin\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2009-01-16] (Leader Technologies/Seagate)
Task: {D5090516-134E-4728-A982-4FDE8DD4AE00} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\paul\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {D765A7FC-138F-42A4-93FE-2C9F476946DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1266335906-3310993854-2177237475-1002UA => C:\Users\paul\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)
Task: {E3176F41-842B-4473-A86D-A337BE14105C} - System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => C:\Users\admin\AppData\Local\Temp\b.exe <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266335906-3310993854-2177237475-1002Core.job => C:\Users\paul\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266335906-3310993854-2177237475-1002UA.job => C:\Users\paul\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for paul.job => C:\PROGRA~1\NORTON~2\Engine\410~1.28\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-12 15:34 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 15:34 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 15:34 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeActiveFileMonitor => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CCALib8 => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdate => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: PhotoshopElementsDeviceConnect => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: XAudioService => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PhraseExpress.lnk => C:\Windows\pss\PhraseExpress.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aim => "C:\Program Files\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\paul\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/22/2014 08:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 9.1.168.192.in-addr.arpa. PTR PNewman.local.
 
Error: (09/22/2014 08:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.9:5353   17 9.1.168.192.in-addr.arpa. PTR PNewman-2.local.
 
Error: (09/22/2014 03:03:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4507072
 
Error: (09/22/2014 03:03:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4507072
 
Error: (09/22/2014 03:03:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/22/2014 03:03:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4491487
 
Error: (09/22/2014 03:03:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4491487
 
Error: (09/22/2014 03:03:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/22/2014 03:03:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4475887
 
Error: (09/22/2014 03:03:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4475887
 
 
System errors:
=============
Error: (09/22/2014 09:37:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/22/2014 09:37:48 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
 
Error: (09/22/2014 09:34:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Spooler
 
Error: (09/22/2014 09:33:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000PlugPlay
 
Error: (09/22/2014 09:31:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/22/2014 09:31:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: jgydert
 
Error: (09/22/2014 09:31:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NETGEARGenieDaemon%%1053
 
Error: (09/22/2014 09:31:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000NETGEARGenieDaemon
 
Error: (09/22/2014 09:28:21 AM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
 
Error: (09/22/2014 09:27:50 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
 
Microsoft Office Sessions:
=========================
Error: (05/25/2014 08:04:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 75 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (05/25/2014 08:02:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/25/2014 08:02:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 458 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (11/21/2013 05:26:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 191647 seconds with 2220 seconds of active time.  This session ended with a crash.
 
Error: (11/18/2013 00:54:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 95371 seconds with 1680 seconds of active time.  This session ended with a crash.
 
Error: (11/13/2013 01:58:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/13/2013 01:57:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 94 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (11/13/2013 01:56:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50894 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (09/20/2013 02:03:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 942771 seconds with 3660 seconds of active time.  This session ended with a crash.
 
Error: (06/05/2013 02:25:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 190 seconds with 180 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-22 12:08:56.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-22 12:08:56.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-22 12:08:56.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-22 12:08:55.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-22 12:08:49.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-22 12:08:49.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-22 12:08:48.872
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-22 12:08:48.551
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-22 11:58:31.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-22 11:58:31.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 90%
Total physical RAM: 3060.45 MB
Available physical RAM: 298.12 MB
Total Pagefile: 6331.95 MB
Available Pagefile: 2129.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.47 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:121.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATAPART1) (Fixed) (Total:298.09 GB) (Free:154.53 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.22 GB) NTFS
Drive l: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:1416.8 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 40000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 927F00CA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 22 September 2014 - 03:33 PM

Ok, now let's remove this malware:


Step 1

Please download this attached Attached File  fixlist.txt   1.2KB   20 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 PaulNewman

PaulNewman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 22 September 2014 - 04:45 PM

Ok, looks like the dllhost process is gone! THANK YOU!!! Not sure if there are more issues since there were also some sites popping up with MWBAM notifications, like searchnet.blinkxcore.com. But in the meantime, it looks great. Can't thank you enough.

 

Is there anything else I should do?

 

Paul

 

----------------

 

Here's the Fixlog

 

=======================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-09-2014 01
Ran by paul at 2014-09-22 15:57:48 Run:1
Running from C:\Users\paul\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-1266335906-3310993854-2177237475-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=9u6EQGM5hu-XQpYS1hc9k14aoKM?q={searchTerms}
2014-09-16 03:49 - 2014-09-18 23:52 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Ywgayc
2014-09-16 03:46 - 2014-09-21 16:05 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-21 16:08 - 2014-09-21 16:43 - 00000000 ____D () C:\ProgramData\j9tbgsdger04r
Task: {E3176F41-842B-4473-A86D-A337BE14105C} - System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => C:\Users\admin\AppData\Local\Temp\b.exe <==== ATTENTION
2014-09-18 23:51 - 2014-07-14 15:25 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Search Protection
Task: {D5090516-134E-4728-A982-4FDE8DD4AE00} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\paul\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {6A52979C-1261-4FDE-9846-957B52D3D300} - \35811200 No Task File <==== ATTENTION
EmptyTemp:
 
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-1266335906-3310993854-2177237475-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1266335906-3310993854-2177237475-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key deleted successfully.
"HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key not found.
C:\Users\paul\AppData\Roaming\Ywgayc => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\ProgramData\j9tbgsdger04r => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3176F41-842B-4473-A86D-A337BE14105C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3176F41-842B-4473-A86D-A337BE14105C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BB65B0FB-5712-401b-B616-E69AC55E2757}" => Key deleted successfully.
C:\Users\paul\AppData\Roaming\Search Protection => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5090516-134E-4728-A982-4FDE8DD4AE00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5090516-134E-4728-A982-4FDE8DD4AE00}" => Key deleted successfully.
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A52979C-1261-4FDE-9846-957B52D3D300}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A52979C-1261-4FDE-9846-957B52D3D300}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\35811200" => Key deleted successfully.
EmptyTemp: => Removed 5.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Here's the FRST log
 
=========================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by paul (administrator) on PNEWMAN on 22-09-2014 16:35:21
Running from C:\Users\paul\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1266335906-3310993854-2177237475-1002\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-17] (Google Inc.)
HKU\S-1-5-21-1266335906-3310993854-2177237475-1002\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
AppInit_DLLs: c:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)
AppInit_DLLs:  c:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {35E95AA2-9202-4912-A816-53421B9FDE8B} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {71443010-0A11-45FE-97CA-87509A0BCC68} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {DD66BDD5-5408-4FE9-B3D6-1CE040BAD800} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
BHO: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://blizzard.buckhill.com:22222/SysCamInst.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ukmeeting.webex.com/client/T26L/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-09-05] (SuperAdBlocker.com)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a6dfe304-571a-4153-89fb-51226c22a94b}: [NameServer] 10.39.48.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\paul\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox [2010-03-05]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2010-12-21]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2013-09-29]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2013-09-29]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-06]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR CustomProfile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (McAfee Security Scan+) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-28]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-02]
CHR Extension: (Search by Image (by Google)) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-12-22]
CHR Extension: (AdBlock) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-27]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2012-12-28]
CHR Extension: (Google Wallet) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2010-12-21]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-09] (SUPERAntiSpyware.com) [File not signed]
S4 AdobeActiveFileMonitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] () [File not signed]
S4 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95232 2012-12-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [189440 2014-03-23] (NETGEAR) [File not signed]
S4 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] () [File not signed]
S4 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]
S2 RoxLiveShare9; No ImagePath
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35560 2012-08-01] (AnchorFree Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [3200 2010-01-18] (Windows ® Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-09-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-12] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2011-09-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-08-01] (AnchorFree Inc)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2012-01-04] (Windows ® Win 7 DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 jgydert; System32\drivers\kiadsqto.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pepifilter; system32\DRIVERS\lv302af.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 15:19 - 2014-09-22 15:20 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\paul\Downloads\tdsskiller (1).exe
2014-09-22 14:54 - 2014-09-22 14:55 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\paul\Downloads\tdsskiller.exe
2014-09-22 14:19 - 2014-09-22 14:45 - 00001438 _____ () C:\Users\paul\Desktop\Rkill.txt
2014-09-22 12:25 - 2014-09-22 12:25 - 00148143 _____ () C:\Users\paul\Downloads\Shortcut.txt
2014-09-22 12:10 - 2014-09-22 12:25 - 00052188 _____ () C:\Users\paul\Downloads\Addition.txt
2014-09-22 11:41 - 2014-09-22 16:35 - 00017749 _____ () C:\Users\paul\Downloads\FRST.txt
2014-09-22 11:11 - 2014-09-22 16:35 - 00000000 ____D () C:\FRST
2014-09-22 10:59 - 2014-09-22 11:00 - 01097728 _____ (Farbar) C:\Users\paul\Downloads\FRST.exe
2014-09-22 10:44 - 2014-09-22 10:44 - 00020261 _____ () C:\ComboFix.txt
2014-09-22 08:20 - 2014-09-22 08:22 - 00000000 ____D () C:\Users\paul\Desktop\DesktopPics
2014-09-21 22:05 - 2014-09-21 22:05 - 05578824 ____R (Swearware) C:\Users\paul\Downloads\ComboFix.exe
2014-09-21 22:05 - 2014-09-21 22:05 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\paul\Downloads\rkill.exe
2014-09-21 21:04 - 2014-09-21 21:06 - 00918440 _____ (Oracle Corporation) C:\Users\paul\Downloads\chromeinstall-7u67.exe
2014-09-21 17:57 - 2014-09-22 12:49 - 00000000 ____D () C:\NPE
2014-09-21 17:29 - 2014-09-21 17:31 - 03060320 ____N (Symantec Corporation) C:\Users\paul\Downloads\NPE (2).exe
2014-09-21 17:29 - 2014-09-21 17:30 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (7).exe
2014-09-21 17:29 - 2014-09-21 17:30 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (6).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 03060320 ____N (Symantec Corporation) C:\Users\paul\Downloads\NPE (1).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue.exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (5).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (4).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (3).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (2).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (1).exe
2014-09-21 17:15 - 2014-09-21 17:15 - 00083064 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR300.SYS
2014-09-21 17:15 - 2014-09-21 17:15 - 00000020 _____ () C:\Windows\system32\Drivers\SMR300.dat
2014-09-21 17:07 - 2014-09-21 17:29 - 20119464 _____ (White Sky, Inc.) C:\Users\paul\Downloads\constantguard.exe
2014-09-21 16:57 - 2014-09-21 16:57 - 00143208 _____ () C:\Windows\Minidump\Mini092114-01.dmp
2014-09-21 16:07 - 2014-09-21 16:08 - 30856384 _____ (Microsoft Corporation) C:\Users\paul\Downloads\Windows-KB890830-V5.16 (1).exe
2014-09-21 16:05 - 2014-09-21 16:13 - 30856384 _____ (Microsoft Corporation) C:\Users\paul\Downloads\Windows-KB890830-V5.16.exe
2014-09-18 23:06 - 2014-09-22 16:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-18 23:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 23:05 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 23:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 22:48 - 2014-09-18 22:49 - 00321848 _____ (Malwarebytes Corporation) C:\Users\paul\Downloads\mbam-clean-2.1.1.1001.exe
2014-09-18 22:31 - 2014-09-18 22:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\paul\Downloads\mbam-setup-2.0.2.1012.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 16:35 - 2014-09-22 11:41 - 00017749 _____ () C:\Users\paul\Downloads\FRST.txt
2014-09-22 16:35 - 2014-09-22 11:11 - 00000000 ____D () C:\FRST
2014-09-22 16:33 - 2010-02-11 04:22 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 16:32 - 2014-09-18 23:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 16:32 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 16:32 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 16:32 - 2006-11-02 07:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-22 16:31 - 2008-07-03 08:03 - 02839748 _____ () C:\Windows\PFRO.log
2014-09-22 16:31 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 16:30 - 2008-07-03 07:33 - 02091100 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 16:30 - 2006-11-02 08:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-22 16:28 - 2014-01-26 00:21 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266335906-3310993854-2177237475-1002UA.job
2014-09-22 16:21 - 2010-02-11 04:22 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 16:18 - 2012-05-17 15:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 15:20 - 2014-09-22 15:19 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\paul\Downloads\tdsskiller (1).exe
2014-09-22 14:55 - 2014-09-22 14:54 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\paul\Downloads\tdsskiller.exe
2014-09-22 14:45 - 2014-09-22 14:19 - 00001438 _____ () C:\Users\paul\Desktop\Rkill.txt
2014-09-22 14:30 - 2014-01-26 00:21 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266335906-3310993854-2177237475-1002Core.job
2014-09-22 14:11 - 2012-12-21 14:53 - 00000000 ____D () C:\Users\paul\AppData\Local\NPE
2014-09-22 13:41 - 2012-12-21 14:43 - 00000000 ____D () C:\Users\paul\AppData\Local\CrashDumps
2014-09-22 12:49 - 2014-09-21 17:57 - 00000000 ____D () C:\NPE
2014-09-22 12:25 - 2014-09-22 12:25 - 00148143 _____ () C:\Users\paul\Downloads\Shortcut.txt
2014-09-22 12:25 - 2014-09-22 12:10 - 00052188 _____ () C:\Users\paul\Downloads\Addition.txt
2014-09-22 11:55 - 2012-12-19 21:08 - 00000000 ____D () C:\Qoobox
2014-09-22 11:00 - 2014-09-22 10:59 - 01097728 _____ (Farbar) C:\Users\paul\Downloads\FRST.exe
2014-09-22 10:44 - 2014-09-22 10:44 - 00020261 _____ () C:\ComboFix.txt
2014-09-22 10:21 - 2011-02-26 11:59 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-09-22 09:36 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 09:28 - 2006-11-02 05:22 - 58982400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 43778048 _____ () C:\Windows\system32\config\COMPON~1.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 28573696 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-22 09:28 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-22 09:27 - 2012-12-19 21:06 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 08:22 - 2014-09-22 08:20 - 00000000 ____D () C:\Users\paul\Desktop\DesktopPics
2014-09-22 07:49 - 2009-05-23 18:16 - 00000000 ____D () C:\Users\Guest\Tracing
2014-09-21 22:05 - 2014-09-21 22:05 - 05578824 ____R (Swearware) C:\Users\paul\Downloads\ComboFix.exe
2014-09-21 22:05 - 2014-09-21 22:05 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\paul\Downloads\rkill.exe
2014-09-21 21:10 - 2008-07-03 07:48 - 00000000 ____D () C:\Program Files\Java
2014-09-21 21:06 - 2014-09-21 21:04 - 00918440 _____ (Oracle Corporation) C:\Users\paul\Downloads\chromeinstall-7u67.exe
2014-09-21 18:56 - 2009-08-02 01:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-21 18:31 - 2008-07-10 15:29 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2014-09-21 17:31 - 2014-09-21 17:29 - 03060320 ____N (Symantec Corporation) C:\Users\paul\Downloads\NPE (2).exe
2014-09-21 17:30 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (7).exe
2014-09-21 17:30 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (6).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 03060320 ____N (Symantec Corporation) C:\Users\paul\Downloads\NPE (1).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue.exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (5).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (4).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (3).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (2).exe
2014-09-21 17:29 - 2014-09-21 17:29 - 01525056 _____ (LogMeIn, Inc.) C:\Users\paul\Downloads\Support-LogMeInRescue (1).exe
2014-09-21 17:29 - 2014-09-21 17:07 - 20119464 _____ (White Sky, Inc.) C:\Users\paul\Downloads\constantguard.exe
2014-09-21 17:15 - 2014-09-21 17:15 - 00083064 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR300.SYS
2014-09-21 17:15 - 2014-09-21 17:15 - 00000020 _____ () C:\Windows\system32\Drivers\SMR300.dat
2014-09-21 16:57 - 2014-09-21 16:57 - 00143208 _____ () C:\Windows\Minidump\Mini092114-01.dmp
2014-09-21 16:57 - 2009-06-02 08:05 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 16:56 - 2009-06-02 08:04 - 467730398 _____ () C:\Windows\MEMORY.DMP
2014-09-21 16:13 - 2014-09-21 16:05 - 30856384 _____ (Microsoft Corporation) C:\Users\paul\Downloads\Windows-KB890830-V5.16.exe
2014-09-21 16:08 - 2014-09-21 16:07 - 30856384 _____ (Microsoft Corporation) C:\Users\paul\Downloads\Windows-KB890830-V5.16 (1).exe
2014-09-21 15:53 - 2013-07-02 17:33 - 00000000 ____D () C:\Users\paul\Documents\PhraseExpress
2014-09-21 15:50 - 2012-01-09 21:11 - 00000000 ____D () C:\Windows\pss
2014-09-21 15:40 - 2012-12-21 12:56 - 00000000 ____D () C:\Users\paul\AppData\Roaming\uTorrent
2014-09-21 15:40 - 2012-12-21 12:54 - 00000000 ____D () C:\Users\paul\AppData\Roaming\Dropbox
2014-09-21 13:49 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Provisioning
2014-09-21 13:48 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-09-20 20:46 - 2013-09-04 13:43 - 00000404 ____H () C:\Windows\Tasks\Norton Security Scan for paul.job
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 23:05 - 2014-09-18 23:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-18 22:49 - 2014-09-18 22:48 - 00321848 _____ (Malwarebytes Corporation) C:\Users\paul\Downloads\mbam-clean-2.1.1.1001.exe
2014-09-18 22:31 - 2014-09-18 22:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\paul\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-18 19:45 - 2014-06-30 22:48 - 00000000 ____D () C:\Users\paul\AppData\Local\NETGEARGenie
2014-09-18 19:38 - 2013-08-26 13:17 - 00000000 ____D () C:\Users\Guest\Documents\PhraseExpress
2014-09-17 21:19 - 2011-09-14 20:12 - 00000000 ____D () C:\Users\Guest\Desktop\VALERIE DOCS
2014-09-15 17:31 - 2012-05-17 15:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-15 17:31 - 2011-07-07 09:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-13 22:24 - 2012-12-21 12:54 - 00000000 ____D () C:\Users\paul\AppData\Roaming\HpUpdate
2014-09-13 18:21 - 2006-11-02 05:33 - 00707520 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 18:20 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\twain_32
2014-09-13 18:20 - 2006-11-02 05:23 - 00000254 _____ () C:\Windows\win.ini
2014-09-08 18:40 - 2012-12-21 13:08 - 00000000 ____D () C:\Users\paul\Desktop\Random pics
2014-09-02 14:43 - 2012-12-21 14:43 - 00206848 _____ () C:\Users\paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-31 23:40 - 2012-12-21 12:54 - 00000000 ____D () C:\Users\paul\AppData\Roaming\HandBrake
2014-08-29 13:01 - 2006-11-02 05:24 - 98758480 ____N (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-25 06:53 - 2009-10-02 18:29 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-22 16:14
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 22 September 2014 - 07:25 PM

Hello Paul,

yes there were several different malware types running on your system.

there were also some sites popping up with MWBAM notifications

How is the situation right now? Are there any notifications from MBAM? Or other symptoms or problems that you experience?

Let's do a check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#7 PaulNewman

PaulNewman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 September 2014 - 12:05 AM

So sorry I haven't replied. I've been out of town for work, and away from this computer. I will run the additional tests now.



#8 PaulNewman

PaulNewman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 September 2014 - 09:01 AM

ok, here's the ESET log. Unfortunately, it seems that there are still things being detected. Also, sorry, but I didn't see an option for advanced settings. I will try again.

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=24dbd008cfc0f54aa3950bc516228707
# engine=20307
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-26 06:55:04
# local_time=2014-09-26 01:55:04 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 0 248322032 0 0
# scanned=335305
# found=35
# cleaned=35
# scan_time=6220
sh=E607FD22427C69F5B3499522C5E9CE200C2BCC69 ft=1 fh=0c534d073672cad7 vn="a variant of Win32/Injector.BMFW trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\Windows Genuine Advantage\{9A936BE1-7268-4A6E-9A25-54DA32DAAFAA}\msiexec.exe"
sh=B3B4B8E4AAD756C69EC4E487C3D06684FAD23DBE ft=1 fh=6f1cf8b75ad66fc3 vn="Win32/TrojanDownloader.Blocrypt.F trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\Windows Genuine Advantage\{B4597117-F9AB-43EB-948B-E4002460E221}\msiexec.exe"
sh=D348D21093FC7686D610A25FFF82345193D3FC35 ft=1 fh=c71c00111b15a8be vn="a variant of Win32/InstallCore.PO potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\paul\Downloads\FileZilla_3.8.1_win32-setup.exe"
sh=7C73153A4687243C55E8CF1EC52B676915CB6196 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)" ac=C fn="D:\Downloads\Miley Cyrus - See You Again   [MTV Mobile TOP 100 Ringtone].mp3"
sh=2640D3BE15B501BA3D7FBCB786E3FBCF03A80E93 ft=1 fh=694e21a4bf78d7c5 vn="a variant of Win32/1AntiVirus potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Gridinsoft Trojan Killer 2105 setup and patch\trojankiller2105-setup.exe"
sh=E3F9B84C0A9B601CE942896C9E33067821B891C6 ft=1 fh=c71c0011df74d752 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64bar.dll"
sh=FE1B38EE774C1A8545D32D134D43F5963F4AFEF2 ft=1 fh=5dfb98bbf91e08ca vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64brstub.dll"
sh=193395F91647DBC2FB5476EFE9EC87CB9DB86AA1 ft=1 fh=7899feb856428cc2 vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64datact.dll"
sh=8D311EB2C1072191C5A5E88A85F63628A94A9E10 ft=1 fh=d2d143813830fc81 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64dlghk.dll"
sh=A7910FB47E81453E77119A4543F0CF1024F01FBD ft=1 fh=bce2cd85986f5470 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64dyn.dll"
sh=A5AB4FD80397FA79E5056483B2C2B0DD8F25646D ft=1 fh=b4c837b2ddde41ec vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64feedmg.dll"
sh=73044E6DB3772C6BB337CB45971095E44E06CEA8 ft=1 fh=7c668865de08d5a2 vn="a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64html.dll"
sh=2DB81DE0DF9443EB480C03B2F8500EAB0C8DEBC3 ft=1 fh=89c6ed514b17fcbe vn="a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64htmlmu.dll"
sh=EF39C12407C9E068CE5D5909AE370D14E8F63923 ft=1 fh=fea565580575526c vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64httpct.dll"
sh=080CBC6A092E1F44077B2FCD20D0BE4AF648816D ft=1 fh=452ab24b5d65ab34 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64mlbtn.dll"
sh=CFCAFF4E72D41B2EA5CD9B2658A8CA1A2F8A228D ft=1 fh=7420dc07d818dd52 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64msg.dll"
sh=22AD16C6B1F7B3F692A7FE1607813601720706A3 ft=1 fh=7c95d38b9b2d0258 vn="a variant of Win32/Toolbar.MyWebSearch potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64Plugin.dll"
sh=24BF7E560F06DAD87BFC099D93057750A7368C25 ft=1 fh=3c0a16efd741b452 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64radio.dll"
sh=7C555DE7565FAD6632BAEF176163A9D3D777BEB8 ft=1 fh=26b152655c41ae40 vn="Win32/Toolbar.MyWebSearch potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64regfft.dll"
sh=C05FD92DEA13717F2F8ED91B918D3547DC0DD854 ft=1 fh=a9c629d89db5dffb vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64regiet.dll"
sh=A283D926756068C47168279EF8597BD4559B7C83 ft=1 fh=d320abe94040a011 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64script.dll"
sh=8D23F6B53BBD45D39F838ADE1BD1D49BD05E87E3 ft=1 fh=0c602ec5029dc075 vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64skin.dll"
sh=7768254E16C5AA1A1551B8DA019817A637173858 ft=1 fh=f127a626ec190d2c vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64SrcAs.dll"
sh=A21FD96E8F15C3BBCE707383E1287CA9444498A1 ft=1 fh=67d8b3e59be0aad6 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64tpinst.dll"
sh=A1E642251E5CC24DAA905F32BF77586619B10732 ft=1 fh=befda7a3b360ef0a vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\64uabtn.dll"
sh=5A4822FA6E0AB7DDDBD73FA7E71730DF073F5C83 ft=1 fh=3a2d2c0f03ee985b vn="a variant of Win32/Toolbar.MyWebSearch.AH potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\NP64Stub.dll"
sh=D4ACF772006DE18E13AE46D866C9575C9C2857EC ft=1 fh=c3a01566e00d55c9 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\T8FFTBPR.DLL"
sh=0816A6B785593AD94ACEBBD3DE9D4B6F24A2B758 ft=1 fh=6a882e460f89d45a vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\Program Files\TelevisionFanatic\bar\2.bin\T8PATCH.DLL"
sh=2A587C6727FC52927048DCFA5F1B85F81D0BA2FB ft=1 fh=bf66be21eeec59c3 vn="Win32/Toolbar.Inbox.A potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP544\A0183333.exe"
sh=FC45F56ADF83D11ED25D9B5E371F0FE700BEC753 ft=1 fh=21ac80aa7cbeca19 vn="a variant of Win32/AdInstaller potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP557\A0186447.exe"
sh=FC45F56ADF83D11ED25D9B5E371F0FE700BEC753 ft=1 fh=21ac80aa7cbeca19 vn="a variant of Win32/AdInstaller potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP559\A0186954.exe"
sh=332D78756043CFB17874341A23FC9A6B88D545A4 ft=1 fh=543a155b6f572aec vn="a variant of Win32/AdInstaller potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP559\A0186955.exe"
sh=31E5ABA1C29637E95599B0ACA421011D87033C56 ft=1 fh=38267bd7da0862a2 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP559\A0186973.DLL"
sh=7F205F31D238E4D5B94F91D251BD1BF9B618A80E ft=1 fh=f8d34b347d1f3f00 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP559\A0186974.DLL"
sh=332D78756043CFB17874341A23FC9A6B88D545A4 ft=1 fh=543a155b6f572aec vn="a variant of Win32/AdInstaller potentially unwanted application (deleted - quarantined)" ac=C fn="L:\Mai's Backup\ACER\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP562\A0187034.exe"


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 26 September 2014 - 09:32 AM

These found threats are irrelevant as they are not active malware. Just some stuff that is already quarantined and some adware in an old backup.
How is your computer running now? Is everything ok?

#10 PaulNewman

PaulNewman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 September 2014 - 09:35 AM

Oh, ok. Great. I saw the trojan file and didn't notice it was quarantined. It's definitely much better now, though I still see 6 Chrome processes running even though this is the only window I have open. Is that an issue?

 

and THANK YOU!



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 26 September 2014 - 09:44 AM

I still see 6 Chrome processes running even though this is the only window

Chrome uses multiple instances to run (e.g. every tab that is opened uses its own process), this is not unusual behaviour.
Are there also chrome.exe processes running when you have no browser window open?

#12 PaulNewman

PaulNewman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 September 2014 - 11:14 AM

It doesn't look like there are any processes running when I quit Chrome. I'm just paranoid now! Did my logs give any indication of where the malware was from, or which user was logged on? I stream a lot of sports games through dubious websites with .ru domains, and I try to keep myself covered with AdBlocker, but there are lots of scary pop-ups that make it through.

 

I'm running the ESET scan again. Should I delete the quarantined files?

 

thanks again 



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 26 September 2014 - 03:31 PM

It doesn't look like there are any processes running when I quit Chrome. I'm just paranoid now!

Then it's ok, no need to get paranoid. :)

I cannot tell where it came from. But sports streaming sites from Eastern Europe are dangerous for sure.
If you don't want to stop using them them I'd recommend to visit those sites in a virtual machine only.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Edited by aharonov, 26 September 2014 - 03:31 PM.


#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 29 September 2014 - 09:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users