Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM Found & Quarantined Spware.Zbot.VXGen (file GwHH.exe)


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mojo Risin'

Mojo Risin'

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Shores of Lake Erie
  • Local time:08:47 AM

Posted 22 October 2014 - 09:14 AM

Greetings good folks at Bleeping Computer. This issue only surfaced several days ago. During a routine scan MBAM Premium prompted that it detected a threat, however it did not list the threat found and was locked. It offered a "Fix Now" command button but was non-responsive when I clicked on it. After several attempts to get it to respond, I manually shut the PC down. When I started it back up I tried to perform another MBAM scan several times and each time it would lock up shortly after it started. I uninstalled/reinstalled MBAM and it was back to performing as normal. When I ran a scan it did not detect any threats or malware. Three days ago a scheduled overnight scan detected the following threat: Spyware.Zbot.VXGen located at: C:\Program Files (x86)\SmarThru 4\GwHH.exe. (SmarThru 4 is a program for my Samsung All-In-One laser printer.) I elected to quarantine it and it no longer resides in my Program Files. I found nothing suspicious in my Startup folder or in MSCONFIG. I did find the file name still located in two places in my Registry with the paths, Value Name and Data as:

Computer\System\ControlSet001\Control\Session Manager

Value Name = PendingFileRenameOperations

Data = \??\C:\Program Files (x86)\SmarThru 4\GwHH.exe

And

Computer\HKEY_Local_Machine\System\CurrentControlSet\Control\Session Manager

Value Name = PendingFileRenameOperations

Data = \??\C:\Program Files (x86)\SmarThru 4\GwHH.exe

 

(I decided to hold off deleting the Registry Data Values until I touched base with you folks for advice.)

 

Overall, the system pretty much seems OK operational wise, however I'm not comfortable with it realizing that this Trojan can lead to ashes and tears. For some time, Firefox and my email app lags a little at times to connect to the IP Internet server. However, I attributed it to the IP server. Now, I'm not sure. I saw a bunch of removal tools online, which I don't trust. I prefer to work with trusted, bonafide experts. For the record, I am staying out of my network as much as I can and am only using it to update W7 and my Security apps (ESET, MBAM, SpywareBlaster, HOSTS Manager, KeyScrambler) and work with you good people. Below is my DDS Screen log and the attachment.zip file. Thanks in advance for your help.

 

Regards,

Mojo

 

**********************************************************

**********************************************************


DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16584  BrowserJavaVersion: 10.67.2

Run by Dad at 19:05:13 on 2014-10-21

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7863.4267 [GMT -4:00]

.

AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Classic Shell\ClassicStartMenu.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\SpeedFan\speedfan.exe

C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Samsung\Samsung CLX-3170 Series\Install\Application\SPANEL\PanelMgr\SSMMgr.exe

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\Samsung\Samsung CLX-3170 Series\Install\Application\SPANEL\PanelMgr\caller64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\StudioLine Photo Basic\NMSAccess32.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>

BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

uRun: [TVPlanet] <no file>

mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Samsung PanelMgr] C:\Program Files (x86)\Samsung\Samsung CLX-3170 Series\Install\Application\SPANEL\PanelMgr\SSMMgr.exe /autorun

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a

mRun: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"

dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

StartupFolder: C:\Users\Dad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

StartupFolder: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.BackupManager\BackupManager.list

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\SetPoint\SetPoint.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Converter 8\cnvres_eng.dll /100

IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{5B06C18E-015F-42E8-9FBF-180274B89ED6} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{5B06C18E-015F-42E8-9FBF-180274B89ED6}\14454553B473D6935333 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{5B06C18E-015F-42E8-9FBF-180274B89ED6}\2375942554131373 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{5B06C18E-015F-42E8-9FBF-180274B89ED6}\2456C6B696E6F5E4F575962756C6563737F5542364030333 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{5B06C18E-015F-42E8-9FBF-180274B89ED6}\2516D6164616532676 : DHCPNameServer = 67.23.145.10 67.23.145.11 67.23.145.12

TCP: Interfaces\{5B06C18E-015F-42E8-9FBF-180274B89ED6}\2716D61646161303 : DHCPNameServer = 8.8.8.8 208.67.222.222

TCP: Interfaces\{5B06C18E-015F-42E8-9FBF-180274B89ED6}\2716D61646161313 : DHCPNameServer = 8.8.8.8 208.67.222.222

TCP: Interfaces\{5B06C18E-015F-42E8-9FBF-180274B89ED6}\B4E696768647370294E6E6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{EB112CCF-0FE6-4CBF-A8E5-30033E1DEC24} : DHCPNameServer = 192.168.1.254

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>

SSODL: WebCheck - <orphaned>

LSA: Authentication Packages =  msv1_0 relog_ap

x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>

x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll

x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 0.0.0.0 fr.a2dfp.net

Hosts: 0.0.0.0 m.fr.a2dfp.net

Hosts: 0.0.0.0 mfr.a2dfp.net

Hosts: 0.0.0.0 ad.a8.net

Hosts: 0.0.0.0 asy.a8ww.net

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\

FF - prefs.js: browser.search.selectedEngine - Ixquick

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Dad\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll

FF - plugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll

FF - plugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]

R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-2-22 325200]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-24 865824]

R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-7 438616]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-15 13336]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-14 1871160]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-14 968504]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2013-12-11 517632]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-1-6 255744]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-9-23 144632]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2007-10-22 11576]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-15 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-15 240160]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-15 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-3-15 158848]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-3-15 271872]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]

R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2010-8-27 222200]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-14 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-14 129752]

R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-14 63704]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-9-23 50424]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-15 239136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-26 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-27 1255736]

S4 Application Updater;Application Updater;"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" --> C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [?]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]

FileExt: .vbe: VBEFile=C:\Windows\SysWow64\CScript.exe "%1" %*

FileExt: .vbs: VBSFile=C:\Windows\SysWow64\CScript.exe "%1" %*

FileExt: .js: JSFile=C:\Windows\SysWow64\CScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*

FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2014-10-20 10:44:35            79064            ----a-w-            C:\Windows\System32\drivers\btibv.sys

2014-10-17 15:03:39            11578928        ----a-w-            C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E9854E6C-0933-43C1-BE63-FC0AB533A5FF}\mpengine.dll

2014-10-15 15:20:16            3198976          ----a-w-            C:\Windows\System32\win32k.sys

2014-10-14 13:24:40            129752            ----a-w-            C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-10-14 13:24:15            93400            ----a-w-            C:\Windows\System32\drivers\mbamchameleon.sys

2014-10-14 13:24:15            63704            ----a-w-            C:\Windows\System32\drivers\mwac.sys

2014-10-14 13:24:14            --------            d-----w-            C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-14 13:21:54            38224            ----a-w-            C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2014-10-14 13:21:50            25816            ----a-w-            C:\Windows\System32\drivers\mbam.sys

2014-10-14 13:21:49            --------            d-----w-            C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-10-05 10:49:52            519680            ----a-w-            C:\Windows\SysWow64\qdvd.dll

2014-10-05 10:49:52            371712            ----a-w-            C:\Windows\System32\qdvd.dll

2014-09-30 14:41:41            2048            ----a-w-            C:\Windows\SysWow64\tzres.dll

2014-09-30 14:41:41            2048            ----a-w-            C:\Windows\System32\tzres.dll

.

==================== Find3M  ====================

.

2014-09-23 21:21:20            71344            ----a-w-            C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-23 21:21:20            701104            ----a-w-            C:\Windows\SysWow64\FlashPlayerApp.exe

2014-09-19 23:55:48            2339328          ----a-w-            C:\Windows\System32\jscript9.dll

2014-09-19 23:49:43            1392128          ----a-w-            C:\Windows\System32\wininet.dll

2014-09-19 23:48:28            1494016          ----a-w-            C:\Windows\System32\inetcpl.cpl

2014-09-19 23:47:21            173056            ----a-w-            C:\Windows\System32\ieUnatt.exe

2014-09-19 23:47:14            599040            ----a-w-            C:\Windows\System32\vbscript.dll

2014-09-19 23:46:03            2382848          ----a-w-            C:\Windows\System32\mshtml.tlb

2014-09-19 23:45:52            12800            ----a-w-            C:\Windows\System32\mshta.exe

2014-09-19 22:44:32            1810432          ----a-w-            C:\Windows\SysWow64\jscript9.dll

2014-09-19 22:38:15            1129472          ----a-w-            C:\Windows\SysWow64\wininet.dll

2014-09-19 22:37:34            1427968          ----a-w-            C:\Windows\SysWow64\inetcpl.cpl

2014-09-19 22:36:04            142848            ----a-w-            C:\Windows\SysWow64\ieUnatt.exe

2014-09-19 22:35:46            421376            ----a-w-            C:\Windows\SysWow64\vbscript.dll

2014-09-19 22:34:25            2382848          ----a-w-            C:\Windows\SysWow64\mshtml.tlb

2014-09-19 22:34:22            11776            ----a-w-            C:\Windows\SysWow64\mshta.exe

2014-09-18 02:00:42            3241472          ----a-w-            C:\Windows\System32\msi.dll

2014-09-18 01:32:52            2363904          ----a-w-            C:\Windows\SysWow64\msi.dll

2014-09-15 13:06:02            278152            ------w-            C:\Windows\System32\MpSigStub.exe

2014-09-13 01:58:18            77312            ----a-w-            C:\Windows\System32\packager.dll

2014-09-13 01:40:05            67072            ----a-w-            C:\Windows\SysWow64\packager.dll

2014-09-04 05:23:20            424448            ----a-w-            C:\Windows\System32\rastls.dll

2014-09-04 05:04:15            372736            ----a-w-            C:\Windows\SysWow64\rastls.dll

2014-08-29 02:07:13            44032            ----a-w-            C:\Windows\System32\tsgqec.dll

2014-08-29 02:07:13            3179520          ----a-w-            C:\Windows\System32\rdpcorets.dll

2014-08-29 02:07:12            5780480          ----a-w-            C:\Windows\System32\mstscax.dll

2014-08-29 02:07:10            322560            ----a-w-            C:\Windows\System32\aaclient.dll

2014-08-29 02:06:47            1125888          ----a-w-            C:\Windows\System32\mstsc.exe

2014-08-29 01:44:52            37376            ----a-w-            C:\Windows\SysWow64\tsgqec.dll

2014-08-29 01:44:51            4922368          ----a-w-            C:\Windows\SysWow64\mstscax.dll

2014-08-29 01:44:49            269312            ----a-w-            C:\Windows\SysWow64\aaclient.dll

2014-08-29 01:44:19            1050112          ----a-w-            C:\Windows\SysWow64\mstsc.exe

2014-08-23 02:07:00            404480            ----a-w-            C:\Windows\System32\gdi32.dll

2014-08-23 01:45:55            311808            ----a-w-            C:\Windows\SysWow64\gdi32.dll

2014-08-19 03:11:28            693176            ----a-w-            C:\Windows\System32\winload.efi

2014-08-19 03:10:10            616352            ----a-w-            C:\Windows\System32\winresume.efi

2014-08-19 03:08:04            503808            ----a-w-            C:\Windows\System32\srcore.dll

2014-08-19 03:08:04            50176            ----a-w-            C:\Windows\System32\srclient.dll

2014-08-19 03:08:03            63488            ----a-w-            C:\Windows\System32\setbcdlocale.dll

2014-08-19 03:07:51            58880            ----a-w-            C:\Windows\System32\appidapi.dll

2014-08-19 03:07:51            32256            ----a-w-            C:\Windows\System32\appidsvc.dll

2014-08-19 03:07:33            296960            ----a-w-            C:\Windows\System32\rstrui.exe

2014-08-19 03:07:11            17920            ----a-w-            C:\Windows\System32\appidcertstorecheck.exe

2014-08-19 03:07:11            146944            ----a-w-            C:\Windows\System32\appidpolicyconverter.exe

2014-08-19 02:41:39            43008            ----a-w-            C:\Windows\SysWow64\srclient.dll

2014-08-19 02:41:22            50688            ----a-w-            C:\Windows\SysWow64\appidapi.dll

2014-08-19 02:06:56            61440            ----a-w-            C:\Windows\System32\drivers\appid.sys

2014-08-10 13:15:40            111016            ----a-w-            C:\Windows\System32\WindowsAccessBridge-64.dll

2014-08-10 13:12:50            98216            ----a-w-            C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-08-01 11:53:22            1031168          ----a-w-            C:\Windows\System32\TSWorkspace.dll

2014-08-01 11:35:06            793600            ----a-w-            C:\Windows\SysWow64\TSWorkspace.dll

2014-07-25 06:35:46            875688            ----a-w-            C:\Windows\SysWow64\msvcr120_clr0400.dll

2014-07-25 03:47:06            869544            ----a-w-            C:\Windows\System32\msvcr120_clr0400.dll

.

============= FINISH: 19:05:49.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,253 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 27 October 2014 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 Mojo Risin'

Mojo Risin'
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Shores of Lake Erie
  • Local time:08:47 AM

Posted 27 October 2014 - 11:08 AM

Hello nasdaq, you helped me in the past rid a friend's PC of an Olmarik Trojan. Always a pleasure to work with you.

Below are the pasted logs and the attachment as you requested. As far as PC performance goes it lags a little at times and the on board video seems slow to respond every now and then. In the beginning memory usage with no running apps was close to a constant 40% of the 8GB DDR3 then a day later it dropped to a constant 33% and now appears to be running at a normal 25% or less with a couple apps running. Connected to the Internet it did lock up a couple times where I had to manually shut it down. Several follow-up scans with MBAM & ESET have not found any threats or infected objects since MBAM quarantined GwHH.exe and the previous locations where the Registry listed it in my first post no longer exist, and a new total search of the Registry found nothing whatsoever listed concerning the file or the Trojan name or any part thereof. Basically the PC's not crippled but it doesn't appear to be 100% either at this time. Thanks for what you do and your expertise.

 

Regards,

Mojo

 

**********************************************

 

 

# AdwCleaner v4.002 - Report created 27/10/2014 at 11:08:49

# Updated 27/10/2014 by Xplode

# Database :

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Dad - NEWACERLAPTOP

# Running from : C:\Users\Dad\Desktop\adwcleaner_4.002.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16584

 

 

-\\ Mozilla Firefox v33.0 (x86 en-US)

 

[3w34fiyj.default] - Line Found : # Mozilla User Preferences

[3w34fiyj.default] - Line Found :

[3w34fiyj.default] - Line Found : /* Do not edit this file.

[3w34fiyj.default] - Line Found :  *

[3w34fiyj.default] - Line Found :  * If you make changes to this file while the application is running,

[3w34fiyj.default] - Line Found :  * the changes will be overwritten when the application exits.

[3w34fiyj.default] - Line Found :  *

[3w34fiyj.default] - Line Found :  * To make a manual change to preferences, you can visit the URL about:config

[3w34fiyj.default] - Line Found :  * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

[3w34fiyj.default] - Line Found :  */

[3w34fiyj.default] - Line Found :

[3w34fiyj.default] - Line Found : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1283784046);

[3w34fiyj.default] - Line Found : user_pref("app.update.lastUpdateTime.background-update-timer", 1283783637);

[3w34fiyj.default] - Line Found : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1283783951);

[3w34fiyj.default] - Line Found : user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1283350645);

[3w34fiyj.default] - Line Found : user_pref("app.update.lastUpdateTime.places-maintenance-timer", 1283783553);

[3w34fiyj.default] - Line Found : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1283783678);

[3w34fiyj.default] - Line Found : user_pref("browser.download.dir", "C:\\Al\\Downloads");

[3w34fiyj.default] - Line Found : user_pref("browser.download.folderList", 2);

[3w34fiyj.default] - Line Found : user_pref("browser.history_expire_days.mirror", 180);

[3w34fiyj.default] - Line Found : user_pref("browser.migration.version", 1);

[3w34fiyj.default] - Line Found : user_pref("browser.places.importBookmarksHTML", false);

[3w34fiyj.default] - Line Found : user_pref("browser.places.smartBookmarksVersion", 2);

[3w34fiyj.default] - Line Found : user_pref("browser.rights.3.shown", true);

[3w34fiyj.default] - Line Found : user_pref("browser.search.selectedEngine", "Ixquick");

[3w34fiyj.default] - Line Found : user_pref("browser.search.suggest.enabled", false);

[3w34fiyj.default] - Line Found : user_pref("browser.search.useDBForOrder", true);

[3w34fiyj.default] - Line Found : user_pref("browser.startup.homepage_override.mstone", "rv:1.9.2.8");

[3w34fiyj.default] - Line Found : user_pref("browser.startup.page", 0);

[3w34fiyj.default] - Line Found : user_pref("coral.ietab.mode", "classic");

[3w34fiyj.default] - Line Found : user_pref("coral.ietab.version", "1.92.20100607");

[3w34fiyj.default] - Line Found : user_pref("extensions.adblockplus.currentVersion", "1.2.2");

[3w34fiyj.default] - Line Found : user_pref("extensions.clrtabs.firstrun", "4.6.3");

[3w34fiyj.default] - Line Found : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,keyscrambler@qfx.software.corporation:2.7.0.0,ietab@ip.cn:1.92.20100607,{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5[...]

[3w34fiyj.default] - Line Found : user_pref("extensions.lastAppVersion", "3.6.8");

[3w34fiyj.default] - Line Found : user_pref("extensions.update.notifyUser", false);

[3w34fiyj.default] - Line Found : user_pref("idle.lastDailyNotification", 1283350024);

[3w34fiyj.default] - Line Found : user_pref("ieview.always", "");

[3w34fiyj.default] - Line Found : user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, UTF-8");

[3w34fiyj.default] - Line Found : user_pref("network.cookie.cookieBehavior", 1);

[3w34fiyj.default] - Line Found : user_pref("network.cookie.prefsMigrated", true);

[3w34fiyj.default] - Line Found : user_pref("places.last_vacuum", 1283350024);

[3w34fiyj.default] - Line Found : user_pref("pref.privacy.disable_button.view_cookies", false);

[3w34fiyj.default] - Line Found : user_pref("privacy.sanitize.migrateFx3Prefs", true);

[3w34fiyj.default] - Line Found : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1285941374);

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found : user_pref("browser.keywordURLPromptDeclined", 1);

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found :

[.BackupManager] - Line Found : user_pref("browser.search.defaultenginename", "Yahoo");

[.BackupManager] - Line Found : user_pref("browser.search.selectedEngine", "Yahoo");

[.BackupManager] - Line Found : user_pref("keyword.URL", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");

[.BackupManager] - Line Found : user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&ilc=12&type=937811");

[h0i7zygq.default] - Line Found : # Mozilla User Preferences

[h0i7zygq.default] - Line Found :

[h0i7zygq.default] - Line Found : /* Do not edit this file.

[h0i7zygq.default] - Line Found :  *

[h0i7zygq.default] - Line Found :  * If you make changes to this file while the application is running,

[h0i7zygq.default] - Line Found :  * the changes will be overwritten when the application exits.

[h0i7zygq.default] - Line Found :  *

[h0i7zygq.default] - Line Found :  * To make a manual change to preferences, you can visit the URL about:config

[h0i7zygq.default] - Line Found :  */

[h0i7zygq.default] - Line Found :

[h0i7zygq.default] - Line Found : user_pref("accessibility.typeaheadfind.flashBar", 0);

[h0i7zygq.default] - Line Found : user_pref("app.update.auto", false);

[h0i7zygq.default] - Line Found : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1414421509);

[h0i7zygq.default] - Line Found : user_pref("app.update.lastUpdateTime.background-update-timer", 1414421869);

[h0i7zygq.default] - Line Found : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1414421629);

[h0i7zygq.default] - Line Found : user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1414421269);

[h0i7zygq.default] - Line Found : user_pref("app.update.lastUpdateTime.experiments-update-timer", 1414421389);

[h0i7zygq.default] - Line Found : user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1343767821);

[h0i7zygq.default] - Line Found : user_pref("app.update.lastUpdateTime.places-maintenance-timer", 1344140402);

[h0i7zygq.default] - Line Found : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1414421749);

[h0i7zygq.default] - Line Found : user_pref("app.update.migrated.updateDir", true);

[h0i7zygq.default] - Line Found : user_pref("browser.cache.disk.capacity", 358400);

[h0i7zygq.default] - Line Found : user_pref("browser.cache.disk.smart_size.first_run", false);

[h0i7zygq.default] - Line Found : user_pref("browser.cache.disk.smart_size.use_old_max", false);

[h0i7zygq.default] - Line Found : user_pref("browser.cache.disk.smart_size_cached_value", 358400);

[h0i7zygq.default] - Line Found : user_pref("browser.cache.disk_cache_ssl", false);

[h0i7zygq.default] - Line Found : user_pref("browser.cache.frecency_experiment", 2);

[h0i7zygq.default] - Line Found : user_pref("browser.customizemode.tip0.shown", true);

[h0i7zygq.default] - Line Found : user_pref("browser.download.dir", "C:\\Al\\Downloads");

[h0i7zygq.default] - Line Found : user_pref("browser.download.folderList", 2);

[h0i7zygq.default] - Line Found : user_pref("browser.download.importedFromSqlite", true);

[h0i7zygq.default] - Line Found : user_pref("browser.download.lastDir", "C:\\Al\\Downloads\\Adobe Shockwave");

[h0i7zygq.default] - Line Found : user_pref("browser.download.manager.alertOnEXEOpen", true);

[h0i7zygq.default] - Line Found : user_pref("browser.download.panel.firstSessionCompleted", true);

[h0i7zygq.default] - Line Found : user_pref("browser.download.panel.shown", true);

[h0i7zygq.default] - Line Found : user_pref("browser.download.save_converter_index", 2);

[h0i7zygq.default] - Line Found : user_pref("browser.download.useDownloadDir", false);

[h0i7zygq.default] - Line Found : user_pref("browser.feeds.showFirstRunUI", false);

[h0i7zygq.default] - Line Found : user_pref("browser.history_expire_days.mirror", 180);

[h0i7zygq.default] - Line Found : user_pref("browser.keywordURLPromptDeclined", 1);

[h0i7zygq.default] - Line Found : user_pref("browser.migration.version", 22);

[h0i7zygq.default] - Line Found : user_pref("browser.newtabpage.enhanced", true);

[h0i7zygq.default] - Line Found : user_pref("browser.newtabpage.storageVersion", 1);

[h0i7zygq.default] - Line Found : user_pref("browser.pagethumbnails.storage_version", 3);

[h0i7zygq.default] - Line Found : user_pref("browser.places.importBookmarksHTML", false);

[h0i7zygq.default] - Line Found : user_pref("browser.places.smartBookmarksVersion", 7);

[h0i7zygq.default] - Line Found : user_pref("browser.preferences.advanced.selectedTabIndex", 0);

[h0i7zygq.default] - Line Found : user_pref("browser.privatebrowsing.autostart", true);

[h0i7zygq.default] - Line Found : user_pref("browser.rights.3.shown", true);

[h0i7zygq.default] - Line Found : user_pref("browser.search.defaultenginename", "Ixquick");

[h0i7zygq.default] - Line Found : user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&ilc=12&type=937811");

[h0i7zygq.default] - Line Found : user_pref("browser.search.selectedEngine", "Ixquick");

[h0i7zygq.default] - Line Found : user_pref("browser.search.suggest.enabled", false);

[h0i7zygq.default] - Line Found : user_pref("browser.search.useDBForOrder", true);

[h0i7zygq.default] - Line Found : user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20140923175406");

[h0i7zygq.default] - Line Found : user_pref("browser.slowStartup.averageTime", 9647);

[h0i7zygq.default] - Line Found : user_pref("browser.slowStartup.samples", 3);

[h0i7zygq.default] - Line Found : user_pref("browser.startup.homepage", "about:blank");

[h0i7zygq.default] - Line Found : user_pref("browser.startup.homepage_override.buildID", "20141011015303");

[h0i7zygq.default] - Line Found : user_pref("browser.startup.homepage_override.mstone", "33.0");

[h0i7zygq.default] - Line Found : user_pref("browser.startup.page", 0);

[h0i7zygq.default] - Line Found : user_pref("browser.syncPromoViewsLeftMap", "{\"addons\":4,\"bookmarks\":4}");

[h0i7zygq.default] - Line Found : user_pref("browser.tabs.onTop", false);

[h0i7zygq.default] - Line Found : user_pref("browser.taskbar.lastgroupid", "E7CF176E110C211B");

[h0i7zygq.default] - Line Found : user_pref("browser.uitour.whitelist.add.260", "");

[h0i7zygq.default] - Line Found : user_pref("browser.uitour.whitelist.add.340", "");

[h0i7zygq.default] - Line Found : user_pref("datareporting.healthreport.lastDataSubmissionFailureTime", "1414099573737");

[h0i7zygq.default] - Line Found : user_pref("datareporting.healthreport.lastDataSubmissionRequestedTime", "1414338088665");

[h0i7zygq.default] - Line Found : user_pref("datareporting.healthreport.lastDataSubmissionSuccessfulTime", "1414338091180");

[h0i7zygq.default] - Line Found : user_pref("datareporting.healthreport.nextDataSubmissionTime", "1414424491180");

[h0i7zygq.default] - Line Found : user_pref("datareporting.healthreport.service.firstRun", true);

[h0i7zygq.default] - Line Found : user_pref("datareporting.policy.dataSubmissionPolicyAccepted", true);

[h0i7zygq.default] - Line Found : user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 1);

[h0i7zygq.default] - Line Found : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1373535147055");

[h0i7zygq.default] - Line Found : user_pref("datareporting.policy.dataSubmissionPolicyResponseTime", "1373563966642");

[h0i7zygq.default] - Line Found : user_pref("datareporting.policy.dataSubmissionPolicyResponseType", "accepted-implicit-time-elapsed");

[h0i7zygq.default] - Line Found : user_pref("datareporting.policy.firstRunTime", "1373463516670");

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.current.activeTicks", 103);

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.current.clean", true);

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.current.firstPaint", 11087);

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.current.main", 6053);

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.current.sessionRestored", 11363);

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.current.startTime", "1414421141503");

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.current.totalTime", 1343);

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.currentIndex", 2024);

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.previous.2018", "{\"s\":1414338022373,\"a\":42,\"t\":212,\"c\":true,\"m\":1169,\"fp\":4126,\"sr\":4379}");

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.previous.2019", "{\"s\":1414360227365,\"a\":55,\"t\":283,\"c\":true,\"m\":1092,\"fp\":5804,\"sr\":6005}");

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.previous.2020", "{\"s\":1414360512596,\"a\":54,\"t\":268,\"c\":true,\"m\":343,\"fp\":2740,\"sr\":3089}");

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.previous.2021", "{\"s\":1414360827898,\"a\":1039,\"t\":5617,\"c\":true,\"m\":437,\"fp\":2854,\"sr\":3200}");

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.previous.2022", "{\"s\":1414419437528,\"a\":7,\"t\":37,\"c\":false,\"m\":4243,\"fp\":7189,\"sr\":7773}");

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.previous.2023", "{\"s\":1414420538305,\"a\":7,\"t\":39,\"c\":false,\"m\":2952,\"fp\":9643,\"sr\":9923}");

[h0i7zygq.default] - Line Found : user_pref("datareporting.sessions.prunedIndex", 2017);

[h0i7zygq.default] - Line Found : user_pref("devtools.telemetry.tools.opened.version", "{\"DEVTOOLS_WEBCONSOLE_OPENED_PER_USER_FLAG\":\"33.0\",\"DEVTOOLS_TOOLBOX_OPENED_PER_USER_FLAG\":\"33.0\"}");

[h0i7zygq.default] - Line Found : user_pref("dom.ipc.plugins.enabled.npietab2.dll", true);

[h0i7zygq.default] - Line Found : user_pref("dom.mozApps.used", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.adblockplus.correctTypos", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.adblockplus.correctTyposAsked", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.adblockplus.currentVersion", "2.6.5");

[h0i7zygq.default] - Line Found : user_pref("extensions.adblockplus.lastRuleUpdate", 1374288380);

[h0i7zygq.default] - Line Found : user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1414421868475,\"softExpiration\":1414456693215,\"hardExpiration\":1414534349951,\"lastError\":0,\"downloadStatus\":\"synchronize_ok[...]

[h0i7zygq.default] - Line Found : user_pref("extensions.adblockplus.whitelist", "{\"hgtv.com\":true}");

[h0i7zygq.default] - Line Found : user_pref("extensions.blocklist.pingCountTotal", 780);

[h0i7zygq.default] - Line Found : user_pref("extensions.blocklist.pingCountVersion", 10);

[h0i7zygq.default] - Line Found : user_pref("extensions.bprivacy.DataDir", "C:\\Users\\Dad\\AppData\\Roaming\\Macromedia");

[h0i7zygq.default] - Line Found : user_pref("extensions.bprivacy.LSOcount", 1);

[h0i7zygq.default] - Line Found : user_pref("extensions.bprivacy.initiated", 2);

[h0i7zygq.default] - Line Found : user_pref("extensions.bprivacy.lastSession", "6/15/2014, 7:41:58 PM");

[h0i7zygq.default] - Line Found : user_pref("extensions.bprivacy.removed", 5195);

[h0i7zygq.default] - Line Found : user_pref("extensions.clrtabs.firstrun", "24.9");

[h0i7zygq.default] - Line Found : user_pref("extensions.databaseSchema", 16);

[h0i7zygq.default] - Line Found : user_pref("extensions.dntp.upgradeDone", "true");

[h0i7zygq.default] - Line Found : user_pref("extensions.enabledAddons", "2020Player_WEB%402020Technologies.com:5.0.91.0,nuance%40pdf8:8,%7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0,%7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:5.12.1[...]

[h0i7zygq.default] - Line Found : user_pref("extensions.enabledItems", "{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120515,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1,keyscrambler@qfx.softw[...]

[h0i7zygq.default] - Line Found : user_pref("extensions.flagfox.lastwhatsnewpage", "5.0.0");

[h0i7zygq.default] - Line Found : user_pref("extensions.flagfox.warn.tld", "disabled");

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.autoconfig_url", "");

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.cache.disk.enable", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.cache.disk_cache_ssl", false);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.cache.memory.enable", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.cache.offline.enable", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.cookieBehavior", 1);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.firstrun", false);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.ftp", "");

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.ftp_port", 0);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.hxxp", "");

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.hxxp_port", 0);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.last-version", "4.4.1");

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.socks", "");

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.socks_port", 0);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.socks_remote_dns", false);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.socks_version", 5);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.ssl", "");

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.ssl_port", 0);

[h0i7zygq.default] - Line Found : user_pref("extensions.foxyproxy.type", 5);

[h0i7zygq.default] - Line Found : user_pref("extensions.getAddons.cache.lastUpdate", 1414421510);

[h0i7zygq.default] - Line Found : user_pref("extensions.getAddons.databaseSchema", 5);

[h0i7zygq.default] - Line Found : user_pref("extensions.ietab2.hasRun", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.ietab2.ietab2PrefsMigrated", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.ietab2.prefsMigrated", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.ietab2.version", "5.12.12.1");

[h0i7zygq.default] - Line Found : user_pref("extensions.lastAppVersion", "33.0");

[h0i7zygq.default] - Line Found : user_pref("extensions.lastPlatformVersion", "33.0");

[h0i7zygq.default] - Line Found : user_pref("extensions.pendingOperations", false);

[h0i7zygq.default] - Line Found : user_pref("extensions.shownSelectionUI", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.ui.dictionary.hidden", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.ui.experiment.hidden", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.ui.lastCategory", "addons://list/plugin");

[h0i7zygq.default] - Line Found : user_pref("extensions.ui.locale.hidden", true);

[h0i7zygq.default] - Line Found : user_pref("extensions.update.notifyUser", false);

[h0i7zygq.default] - Line Found : user_pref("flashblock.enabled", false);

[h0i7zygq.default] - Line Found : user_pref("flashblock.whitelist", "uverseonline.att.net");

[h0i7zygq.default] - Line Found : user_pref("font.internaluseonly.changed", false);

[h0i7zygq.default] - Line Found : user_pref("gecko.buildID", "20141011015303");

[h0i7zygq.default] - Line Found : user_pref("gecko.mstone", "33.0");

[h0i7zygq.default] - Line Found : user_pref("idle.lastDailyNotification", 1414421862);

[h0i7zygq.default] - Line Found : user_pref("intl.charsetmenu.browser.cache", "UTF-8, Shift_JIS, windows-1252");

[h0i7zygq.default] - Line Found : user_pref("keyword.URL", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");

[h0i7zygq.default] - Line Found : user_pref("lightweightThemes.isThemeSelected", false);

[h0i7zygq.default] - Line Found : user_pref("media.gmp-gmpopenh264.lastUpdate", 1413558448);

[h0i7zygq.default] - Line Found : user_pref("media.gmp-gmpopenh264.version", "1.1");

[h0i7zygq.default] - Line Found : user_pref("media.gmp-manager.lastCheck", 1414338087);

[h0i7zygq.default] - Line Found : user_pref("network.cookie.cookieBehavior", 1);

[h0i7zygq.default] - Line Found : user_pref("network.cookie.lifetimePolicy", 2);

[h0i7zygq.default] - Line Found : user_pref("network.cookie.prefsMigrated", true);

[h0i7zygq.default] - Line Found : user_pref("network.proxy.socks_remote_dns", true);

[h0i7zygq.default] - Line Found : user_pref("network.proxy.type", 0);

[h0i7zygq.default] - Line Found : user_pref("pdfjs.migrationVersion", 2);

[h0i7zygq.default] - Line Found : user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);

[h0i7zygq.default] - Line Found : user_pref("pdfjs.previousHandler.preferredAction", 4);

[h0i7zygq.default] - Line Found : user_pref("places.database.lastMaintenance", 1414338089);

[h0i7zygq.default] - Line Found : user_pref("places.history.expiration.transient_current_max_pages", 104858);

[h0i7zygq.default] - Line Found : user_pref("places.last_vacuum", 1340570995);

[h0i7zygq.default] - Line Found : user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");

[h0i7zygq.default] - Line Found : user_pref("plugin.importedState", true);

[h0i7zygq.default] - Line Found : user_pref("plugin.state.java", 2);

[h0i7zygq.default] - Line Found : user_pref("plugin.state.npdeployjava", 0);

[h0i7zygq.default] - Line Found : user_pref("pref.browser.homepage.disable_button.current_page", false);

[h0i7zygq.default] - Line Found : user_pref("pref.privacy.disable_button.cookie_exceptions", false);

[h0i7zygq.default] - Line Found : user_pref("pref.privacy.disable_button.view_cookies", false);

[h0i7zygq.default] - Line Found : user_pref("pref.privacy.disable_button.view_passwords_exceptions", false);

[h0i7zygq.default] - Line Found : user_pref("print.print_printer", "Samsung CLX-3170 Series");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_bgcolor", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_bgimages", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_command", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_downloadfonts", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_edge_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_edge_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_edge_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_edge_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_evenpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_footercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_footerleft", "&PT");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_footerright", "&D");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_headercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_headerleft", "&T");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_headerright", "&U");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_in_color", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_margin_bottom", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_margin_left", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_margin_right", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_margin_top", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_oddpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_orientation", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_pagedelay", 500);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_paper_data", 1);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_paper_height", " 11.00");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_paper_size_type", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_paper_size_unit", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_paper_width", "  8.50");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_reversed", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_scaling", "  0.60");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_shrink_to_fit", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_to_file", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_to_filename", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_unwriteable_margin_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_unwriteable_margin_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_unwriteable_margin_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_PDFConverter.print_unwriteable_margin_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_bgcolor", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_bgimages", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_command", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_downloadfonts", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_edge_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_edge_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_edge_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_edge_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_evenpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_footercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_footerleft", "&PT");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_footerright", "&D");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_headercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_headerleft", "&T");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_headerright", "&U");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_in_color", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_margin_bottom", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_margin_left", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_margin_right", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_margin_top", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_oddpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_orientation", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_pagedelay", 500);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_paper_data", 1);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_paper_height", " 11.00");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_paper_size_type", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_paper_size_unit", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_paper_width", "  8.50");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_reversed", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_scaling", "  0.60");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_shrink_to_fit", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_to_file", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_to_filename", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_unwriteable_margin_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_unwriteable_margin_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_unwriteable_margin_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series.print_unwriteable_margin_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_bgcolor", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_bgimages", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_colorspace", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_command", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_downloadfonts", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_duplex", 87992512);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_edge_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_edge_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_edge_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_edge_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_evenpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_footercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_footerleft", "&PT");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_footerright", "&D");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_headercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_headerleft", "&T");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_headerright", "&U");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_in_color", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_margin_bottom", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_margin_left", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_margin_right", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_margin_top", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_oddpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_orientation", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_page_delay", 50);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_data", 1);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_height", " 11.00");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_name", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_size_type", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_size_unit", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_width", "  8.50");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_plex_name", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_resolution", 131085);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_resolution_name", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_reversed", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_scaling", "  0.80");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_shrink_to_fit", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_to_file", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_to_filename", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_unwriteable_margin_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_unwriteable_margin_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_unwriteable_margin_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Copy_1).print_unwriteable_margin_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_bgcolor", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_bgimages", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_colorspace", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_command", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_downloadfonts", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_duplex", 87992512);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_edge_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_edge_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_edge_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_edge_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_evenpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_footercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_footerleft", "&PT");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_footerright", "&D");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_headercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_headerleft", "&T");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_headerright", "&U");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_in_color", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_margin_bottom", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_margin_left", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_margin_right", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_margin_top", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_oddpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_orientation", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_page_delay", 50);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_paper_data", 1);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_paper_height", " 11.00");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_paper_name", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_paper_size_type", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_paper_size_unit", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_paper_width", "  8.50");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_plex_name", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_resolution", 131085);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_resolution_name", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_reversed", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_scaling", "  0.80");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_shrink_to_fit", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_to_file", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_to_filename", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_unwriteable_margin_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_unwriteable_margin_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_unwriteable_margin_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default).print_unwriteable_margin_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_bgcolor", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_bgimages", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_colorspace", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_command", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_downloadfonts", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_duplex", 1862393096);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_edge_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_edge_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_edge_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_edge_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_evenpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_footercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_footerleft", "&PT");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_footerright", "&D");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_headercenter", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_headerleft", "&T");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_headerright", "&U");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_in_color", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_margin_bottom", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_margin_left", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_margin_right", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_margin_top", "0.5");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_oddpages", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_orientation", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_page_delay", 50);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_paper_data", 1);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_paper_height", " 11.00");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_paper_name", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_paper_size_type", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_paper_size_unit", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_paper_width", "  8.50");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_plex_name", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_resolution", 141693088);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_resolution_name", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_reversed", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_scaling", "  1.00");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_shrink_to_fit", true);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_to_file", false);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_to_filename", "");

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_unwriteable_margin_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_unwriteable_margin_left", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_unwriteable_margin_right", 0);

[h0i7zygq.default] - Line Found : user_pref("print.printer_Samsung_CLX-3170_Series_(Default_1).print_unwriteable_margin_top", 0);

[h0i7zygq.default] - Line Found : user_pref("print_printer", "Samsung CLX-3170 Series (Copy 1)");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_bgcolor", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_bgimages", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_colorspace", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_command", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_downloadfonts", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_edge_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_edge_left", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_edge_right", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_edge_top", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_evenpages", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_footercenter", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_footerleft", "&PT");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_footerright", "&D");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_headercenter", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_headerleft", "&T");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_headerright", "&U");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_in_color", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_margin_bottom", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_margin_left", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_margin_right", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_margin_top", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_oddpages", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_orientation", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_page_delay", 50);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_paper_data", 1);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_paper_height", " 11.00");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_paper_name", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_paper_size_type", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_paper_size_unit", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_paper_width", "  8.50");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_plex_name", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_resolution_name", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_reversed", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_scaling", "  1.00");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_shrink_to_fit", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_to_file", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_to_filename", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_unwriteable_margin_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_unwriteable_margin_left", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_unwriteable_margin_right", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series.print_unwriteable_margin_top", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_bgcolor", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_bgimages", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_colorspace", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_command", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_downloadfonts", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_edge_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_edge_left", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_edge_right", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_edge_top", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_evenpages", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_footercenter", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_footerleft", "&PT");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_footerright", "&D");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_headercenter", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_headerleft", "&T");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_headerright", "&U");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_in_color", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_margin_bottom", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_margin_left", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_margin_right", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_margin_top", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_oddpages", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_orientation", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_page_delay", 50);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_paper_data", 1);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_paper_height", " 11.00");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_paper_name", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_paper_size_type", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_paper_size_unit", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_paper_width", "  8.50");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_plex_name", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_resolution_name", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_reversed", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_scaling", "  1.00");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_shrink_to_fit", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_to_file", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_to_filename", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_unwriteable_margin_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_unwriteable_margin_left", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_unwriteable_margin_right", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(1).print_unwriteable_margin_top", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_bgcolor", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_bgimages", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_colorspace", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_command", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_downloadfonts", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_duplex", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_edge_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_edge_left", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_edge_right", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_edge_top", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_evenpages", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_footercenter", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_footerleft", "&PT");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_footerright", "&D");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_headercenter", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_headerleft", "&T");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_headerright", "&U");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_in_color", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_margin_bottom", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_margin_left", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_margin_right", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_margin_top", "0.5");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_oddpages", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_orientation", 1);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_page_delay", 50);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_data", 1);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_height", " 11.00");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_name", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_size_type", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_size_unit", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_paper_width", "  8.50");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_plex_name", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_resolution", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_resolution_name", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_reversed", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_scaling", "  1.00");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_shrink_to_fit", true);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_to_file", false);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_to_filename", "");

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_unwriteable_margin_bottom", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_unwriteable_margin_left", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_unwriteable_margin_right", 0);

[h0i7zygq.default] - Line Found : user_pref("printer_Samsung_CLX-3170_Series_(Copy_1).print_unwriteable_margin_top", 0);

[h0i7zygq.default] - Line Found : user_pref("privacy.popups.showBrowserMessage", false);

[h0i7zygq.default] - Line Found : user_pref("privacy.sanitize.migrateFx3Prefs", true);

[h0i7zygq.default] - Line Found : user_pref("privacy.sanitize.timeSpan", 3);

[h0i7zygq.default] - Line Found : user_pref("security.disable_button.openDeviceManager", false);

[h0i7zygq.default] - Line Found : user_pref("security.warn_viewing_mixed", false);

[h0i7zygq.default] - Line Found : user_pref("signon.importedFromSqlite", true);

[h0i7zygq.default] - Line Found : user_pref("signon.rememberSignons", false);

[h0i7zygq.default] - Line Found : user_pref("spellchecker.dictionary", "en-US");

[h0i7zygq.default] - Line Found : user_pref("storage.vacuum.last.index", 1);

[h0i7zygq.default] - Line Found : user_pref("storage.vacuum.last.places.sqlite", 1413412625);

[h0i7zygq.default] - Line Found : user_pref("toolkit.startup.last_success", 1414421147);

[h0i7zygq.default] - Line Found : user_pref("toolkit.telemetry.previousBuildID", "20141011015303");

[h0i7zygq.default] - Line Found : user_pref("toolkit.telemetry.prompted", 2);

[h0i7zygq.default] - Line Found : user_pref("toolkit.telemetry.rejected", true);

[h0i7zygq.default] - Line Found : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1401630364);

[h0i7zygq.default] - Line Found : user_pref("xpinstall.whitelist.add", "");

[h0i7zygq.default] - Line Found : user_pref("xpinstall.whitelist.add.180", "");

[h0i7zygq.default] - Line Found : user_pref("xpinstall.whitelist.add.36", "");

 

-\\ Google Chrome v

 

 

*************************

 

AdwCleaner[R0].txt - [63108 octets] - [27/10/2014 11:08:49]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [63169 octets] ##########

 

*************************

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014

Ran by Dad (administrator) on NEWACERLAPTOP on 27-10-2014 11:13:13

Running from C:\Users\Dad\Desktop\Bleeping Computer Tools

Loaded Profile: Dad (Available profiles: Dad & Administrator)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

() C:\Program Files (x86)\Samsung\Samsung CLX-3170 Series\Install\Application\SPANEL\PanelMgr\SSMMgr.exe

() C:\Program Files (x86)\Samsung\Samsung CLX-3170 Series\Install\Application\SPANEL\PanelMgr\Caller64.exe

(Logitech, Inc.) C:\Program Files (x86)\Logitech\SetPoint\SetPoint.exe

(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe

() C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Program Files (x86)\StudioLine Photo Basic\NMSAccess32.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2010-07-29] (IvoSoft)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-01-12] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Program Files (x86)\Samsung\Samsung CLX-3170 Series\Install\Application\SPANEL\PanelMgr\SSMMgr.exe [552960 2009-02-27] ()

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508144 2014-05-30] (QFX Software Corporation)

HKLM-x32\...\Run: [3170 Scan2PC] => C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe [503808 2009-01-30] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-19\...\RunOnce: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\getting_started.html

HKU\S-1-5-20\...\RunOnce: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\getting_started.html

HKU\S-1-5-21-3537159107-403209231-2004425510-1000\...\Run: [TVPlanet] => [X]

HKU\S-1-5-21-3537159107-403209231-2004425510-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-3537159107-403209231-2004425510-1000\...\MountPoints2: {07b68359-b103-11df-b829-705ab6cea020} - F:\LaunchU3.exe -a

HKU\S-1-5-21-3537159107-403209231-2004425510-1000\...\MountPoints2: {9124a6ad-1572-11e0-8d1e-705ab6cea020} - "E:\WD SmartWare.exe" autoplay=true

HKU\S-1-5-21-3537159107-403209231-2004425510-1000\...\MountPoints2: {990c4f9c-6baa-11e0-9788-78e4003b7ee5} - E:\LaunchU3.exe -a

HKU\S-1-5-21-3537159107-403209231-2004425510-1000\...\MountPoints2: {fc3bcba0-308a-11e0-8cf5-b25f0d587ddb} - "E:\WD SmartWare.exe" autoplay=true

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files (x86)\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.BackupManager ()

Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk

ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273608106535l0484z175t4582n48s

URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default

FF DefaultSearchEngine: Ixquick

FF SelectedSearchEngine: Ixquick

FF Homepage: about:blank

FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF NetworkProxy: "socks_remote_dns", true

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)

FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Motive\npMotive.dll (Alcatel-Lucent)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Users\Dad\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\.BackupManager

FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\askcom.xml

FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\ixquick.xml

FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\nasa-images.xml

FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\thesaurus---referencecom.xml

FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\weathercom.xml

FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\webster.xml

FF Extension: No Name - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\.BackupManager [2011-01-25]

FF Extension: 20-20 3D Viewer - WEB - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\2020Player_WEB@2020Technologies.com [2011-11-15]

FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\donottrackplus@abine.com [2014-07-11]

FF Extension: FoxyProxy Standard - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\foxyproxy@eric.h.jung [2014-09-06]

FF Extension: ColorfulTabs - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24]

FF Extension: Garmin Communicator - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-25]

FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-16]

FF Extension: Flashblock - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-17]

FF Extension: WOT - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]

FF Extension: BetterPrivacy - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-01-22]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-11-15]

FF Extension: Webmail Ad Blocker - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\gmailnoads@mywebber.com.xpi [2014-02-16]

FF Extension: NASA Night Launch - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\nasanightlaunch@example.com.xpi [2012-08-06]

FF Extension: Flagfox - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]

FF Extension: Adblock Plus - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-09]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-17]

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-06]

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: PDF Converter - C:\Program Files (x86)\Nuance\PDF Converter 8\FireFox [2012-10-26]

FF Extension: No Name - nuance@pdf8 [Not Found]

 

Chrome:

=======

CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-06-23] (Alcatel-Lucent) [File not signed]

R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-06-23] (Alcatel-Lucent) [File not signed]

S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)

R2 NMSAccess; C:\Program Files (x86)\StudioLine Photo Basic\NMSAccess32.exe [71096 2010-05-06] ()

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

S4 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)

U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)

R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)

R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)

R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [38224 2010-12-20] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)

S3 esihdrv; \??\C:\Users\Dad\AppData\Local\Temp\esihdrv.sys [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 11:13 - 2014-10-27 11:13 - 00000000 ____D () C:\FRST

2014-10-27 11:08 - 2014-10-27 11:09 - 00000000 ____D () C:\AdwCleaner

2014-10-22 12:51 - 2014-10-22 12:52 - 00000156 _____ () C:\Users\Dad\Desktop\MATX PSU @ MicroCenter - $29.99.url

2014-10-21 19:05 - 2014-10-21 19:05 - 00523131 _____ () C:\Users\Dad\Desktop\attach.txt

2014-10-21 19:05 - 2014-10-21 19:05 - 00024398 _____ () C:\Users\Dad\Desktop\dds.txt

2014-10-21 19:04 - 2014-10-20 18:31 - 00688992 ____R (Swearware) C:\Users\Dad\Desktop\dds.com

2014-10-20 18:27 - 2014-10-27 11:13 - 00000000 ____D () C:\Users\Dad\Desktop\Bleeping Computer Tools

2014-10-17 11:05 - 2014-10-17 11:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-10-15 11:24 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2014-10-15 11:24 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2014-10-15 11:24 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2014-10-15 11:24 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2014-10-15 11:24 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2014-10-15 11:24 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2014-10-15 11:24 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2014-10-15 11:24 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2014-10-15 11:24 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2014-10-15 11:24 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2014-10-15 11:24 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2014-10-15 11:24 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2014-10-15 11:24 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2014-10-15 11:24 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2014-10-15 11:24 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2014-10-15 11:24 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-10-15 11:24 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-10-15 11:24 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-10-15 11:24 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2014-10-15 11:24 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2014-10-15 11:24 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2014-10-15 11:24 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2014-10-15 11:24 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2014-10-15 11:24 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-10-15 11:24 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2014-10-15 11:24 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2014-10-15 11:24 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2014-10-15 11:24 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2014-10-15 11:24 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2014-10-15 11:24 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2014-10-15 11:24 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2014-10-15 11:24 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-10-15 11:24 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-10-15 11:24 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-10-15 11:24 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2014-10-15 11:24 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2014-10-15 11:24 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2014-10-15 11:20 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-15 11:20 - 2014-09-19 20:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-15 11:20 - 2014-09-19 19:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-15 11:20 - 2014-09-19 19:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-15 11:20 - 2014-09-19 19:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-15 11:20 - 2014-09-19 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-10-15 11:20 - 2014-09-19 19:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-15 11:20 - 2014-09-19 19:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-15 11:20 - 2014-09-19 19:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-15 11:20 - 2014-09-19 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-15 11:20 - 2014-09-19 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-15 11:20 - 2014-09-19 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-15 11:20 - 2014-09-19 19:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-10-15 11:20 - 2014-09-19 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-15 11:20 - 2014-09-19 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-10-15 11:20 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-15 11:20 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-15 11:20 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-15 11:20 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-15 11:20 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-15 11:20 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-15 11:20 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-10-15 11:20 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-15 11:20 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-10-15 11:20 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-15 11:20 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-15 11:20 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-15 11:20 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-15 11:20 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-10-15 11:20 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-15 11:20 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-15 11:20 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-15 11:20 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2014-10-15 11:20 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-10-15 11:20 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-15 11:20 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-15 11:20 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-15 11:20 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-15 11:20 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-10-15 11:19 - 2014-09-19 19:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-15 11:19 - 2014-09-19 19:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-15 11:19 - 2014-09-19 19:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-15 11:19 - 2014-09-19 19:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-10-15 11:19 - 2014-09-19 19:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-15 11:19 - 2014-09-19 19:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-15 11:19 - 2014-09-19 19:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-10-15 11:19 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-15 11:19 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-10-15 11:19 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-15 11:19 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-15 11:19 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-15 11:19 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-10-15 11:19 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-15 11:19 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-15 11:19 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-15 11:19 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-15 11:19 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-15 11:19 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-15 11:19 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-15 11:19 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-15 11:19 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-15 11:19 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-15 11:19 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-15 11:19 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-15 11:19 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-15 11:19 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-15 11:19 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-15 11:19 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-15 11:19 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-15 11:19 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-15 11:19 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-15 11:19 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-15 11:19 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-15 11:19 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-15 11:19 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-14 09:24 - 2014-10-27 10:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-14 09:24 - 2014-10-14 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-14 09:24 - 2014-10-14 09:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-14 09:24 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-14 09:24 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-14 09:21 - 2014-10-14 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

2014-10-14 09:21 - 2014-10-14 09:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-10-14 09:21 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-14 09:21 - 2010-12-20 18:09 - 00038224 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys

2014-10-14 09:20 - 2014-10-14 09:20 - 00000032 _____ () C:\Windows\CD_Start.INI

2014-10-13 04:37 - 2014-10-13 04:38 - 00000000 ____D () C:\Users\Dad\Desktop\Old Eudora Shortcuts

2014-10-13 03:50 - 2014-10-13 04:32 - 00000000 ____D () C:\Users\Dad\Desktop\All Media Players + Files

2014-10-05 06:49 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-05 06:49 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-30 10:41 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-30 10:41 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-27 10:48 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-27 10:48 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-27 10:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-27 10:39 - 2009-07-14 00:51 - 00097972 _____ () C:\Windows\setupact.log

2014-10-27 10:35 - 2010-08-26 16:39 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-10-27 10:35 - 2010-04-24 18:28 - 00000000 ____D () C:\ProgramData\Temp

2014-10-27 10:21 - 2012-03-30 21:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-26 18:24 - 2010-04-24 18:14 - 01822874 _____ () C:\Windows\WindowsUpdate.log

2014-10-25 19:53 - 2010-03-15 17:56 - 01112474 _____ () C:\Windows\PFRO.log

2014-10-25 06:29 - 2012-01-10 12:32 - 00012479 _____ () C:\Windows\Run32A50.mch

2014-10-25 06:28 - 2012-01-10 12:32 - 00000035 _____ () C:\Windows\A5W.INI

2014-10-25 06:28 - 2012-01-10 12:32 - 00000000 ____D () C:\Windows\A5W_DATA

2014-10-23 10:45 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew

2014-10-22 19:27 - 2010-10-04 13:40 - 00000000 ____D () C:\Users\Dad\Documents\TurboTax

2014-10-22 09:49 - 2010-08-31 10:25 - 00003101 _____ () C:\Users\Dad\AppData\Roaming\mainhst.zgh

2014-10-22 08:42 - 2010-09-08 07:07 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\ZipGenius

2014-10-20 06:44 - 2010-08-28 23:07 - 00000000 ____D () C:\Program Files (x86)\SmarThru 4

2014-10-17 11:22 - 2012-09-01 10:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-10-15 11:42 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-10-15 11:41 - 2009-07-14 00:45 - 00361016 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-15 11:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-10-15 11:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-10-15 11:30 - 2013-07-21 18:27 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-15 11:25 - 2010-08-27 16:20 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-15 01:00 - 2010-08-25 21:03 - 00000342 _____ () C:\Windows\Tasks\McDefragTask.job

2014-10-14 09:22 - 2010-08-29 14:38 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Malwarebytes

2014-10-13 05:13 - 2011-01-30 16:31 - 00000000 ___RD () C:\Users\Dad\Desktop\Monica+ Lindsey Stuff

2014-10-13 04:43 - 2011-12-28 19:58 - 00000821 _____ () C:\Users\Dad\Desktop\Guns.lnk

2014-10-13 04:41 - 2011-01-30 16:25 - 00000000 ___RD () C:\Users\Dad\Desktop\Guns

2014-10-13 04:39 - 2010-10-09 10:39 - 00000654 _____ () C:\Users\Dad\Desktop\Dar Folder.lnk

2014-10-13 04:31 - 2011-01-30 16:02 - 00000000 ___RD () C:\Users\Dad\Desktop\Calculators

2014-10-13 04:28 - 2010-10-26 16:26 - 00000000 ___RD () C:\Users\Dad\Desktop\Talk Radio Stations

2014-10-02 15:53 - 2012-01-05 19:20 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

 

Some content of TEMP:

====================

C:\Users\Dad\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Dad\AppData\Local\Temp\sfareca00001.dll

C:\Users\Dad\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2011-01-25 02:05

 

 

 

==================== End Of Log ============================

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,253 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 27 October 2014 - 01:42 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKU\S-1-5-21-3537159107-403209231-2004425510-1000\...\Run: [TVPlanet] => [X]
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\ixquick.xml
FF Extension: No Name - nuance@pdf8 [Not Found]
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [X]
S3 esihdrv; \??\C:\Users\Dad\AppData\Local\Temp\esihdrv.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
C:\Users\Dad\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Dad\AppData\Local\Temp\sfareca00001.dll
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:72EE41A0
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION
YTD Toolbar v7.0 (HKLM-x32\...\{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}) (Version: 7.0 - Spigot, Inc.) <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===


Execute the SFC.EXE file to restore missing or corrupted system files.
Instructions here:
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html
===


Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 Mojo Risin'

Mojo Risin'
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Shores of Lake Erie
  • Local time:08:47 AM

Posted 27 October 2014 - 07:04 PM

Thanks for your quick response nasdaq. Requested .txt logs are posted below. Running it through its paces the PC seems OK: startup, memory & resource use, loaded apps, video & human interface response for installed apps, etc. My security apps seem fine, however, Firefox is back to default browsers, main Firefox toolbar, etc, (which I attribute to the FRST fix), but I will customize it for my use where needed. The Internet is still stalling at times depending on the site, but it's not locking up where I have to manually restart (could also be an issue on their side, not sure at this time). Plus, my keystrokes at these sites also don't respond as they should. It's hit and miss when it comes to Internet sites. Your thoughts?

 

Regards,

Mojo

 

***************************

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014

Ran by Dad at 2014-10-27 17:33:50 Run:1

Running from C:\Users\Dad\Desktop\Bleeping Computer Tools

Loaded Profile: Dad (Available profiles: Dad & Administrator)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

 

HKU\S-1-5-21-3537159107-403209231-2004425510-1000\...\Run: [TVPlanet] => [X]

URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File

BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File

BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File

BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\askcom.xml

FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\ixquick.xml

FF Extension: No Name - nuance@pdf8 [Not Found]

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

S4 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [X]

S3 esihdrv; \??\C:\Users\Dad\AppData\Local\Temp\esihdrv.sys [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

C:\Users\Dad\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Dad\AppData\Local\Temp\sfareca00001.dll

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

AlternateDataStreams: C:\ProgramData\Temp:72EE41A0

Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION

YTD Toolbar v7.0 (HKLM-x32\...\{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}) (Version: 7.0 - Spigot, Inc.) <==== ATTENTION

 

End

*****************

 

HKU\S-1-5-21-3537159107-403209231-2004425510-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TVPlanet => value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.

"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.

"HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.

"HKCR\PROTOCOLS\Handler\dssrequest" => Key deleted successfully.

"HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key not found.

"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key deleted successfully.

"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.

"HKCR\PROTOCOLS\Handler\sacore" => Key deleted successfully.

"HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key not found.

"HKCR\Wow6432Node\PROTOCOLS\Handler\dssrequest" => Key not found.

"HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key not found.

"HKCR\Wow6432Node\PROTOCOLS\Handler\sacore" => Key not found.

"HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key not found.

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\askcom.xml => Moved successfully.

C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\h0i7zygq.default\searchplugins\ixquick.xml => Moved successfully.

FF Extension: No Name - nuance@pdf8 [Not Found] not found.

ACDaemon => Service deleted successfully.

Application Updater => Service deleted successfully.

esihdrv => Service deleted successfully.

MREMP50a64 => Service deleted successfully.

MREMPR5 => Service deleted successfully.

MRENDIS5 => Service deleted successfully.

MRESP50a64 => Service deleted successfully.

C:\Users\Dad\AppData\Local\Temp\sfamcc00001.dll => Moved successfully.

C:\Users\Dad\AppData\Local\Temp\sfareca00001.dll => Moved successfully.

C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

C:\ProgramData\Temp => ":72EE41A0" ADS removed successfully.

Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION => Error: No automatic fix found for this entry.

YTD Toolbar v7.0 (HKLM-x32\...\{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}) (Version: 7.0 - Spigot, Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.

 

==== End of Fixlog ====

 

*******************************************

 

Results of screen317's Security Check version 0.99.89 

 Windows 7 Service Pack 1 x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

ESET Smart Security 7.0  

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

 MVPS Hosts File 

 Out of date HijackThis  installed!

 SpywareBlaster 5.0   

 HostsMan 3.2.73   

 HijackThis 2.0.2   

 Java 7 Update 67 

 Adobe Flash Player 15.0.0.152 

 Adobe Reader XI 

 Mozilla Firefox (33.0)

 Mozilla Thunderbird (3.1.2) Thunderbird out of Date! 

````````Process Check: objlist.exe by Laurent```````` 

 ESET NOD32 Antivirus egui.exe 

 ESET NOD32 Antivirus ekrn.exe 

 Malwarebytes Anti-Malware mbamservice.exe 

 Malwarebytes Anti-Malware mbam.exe 

 Malwarebytes Anti-Malware mbamscheduler.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,253 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 28 October 2014 - 08:23 AM

Java 8 Update 25
Java version out of Date!


You have the latest Java version. We need to update the tool.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

Let me know if this helps the keyboard issues.

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

#7 Mojo Risin'

Mojo Risin'
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Shores of Lake Erie
  • Local time:08:47 AM

Posted 06 November 2014 - 01:29 AM

Hello again nasdaq. I apologize for the late response. I had an unfortunate mishap shortly after your last post and was unable to respond until now. I followed your advice and the PC appears to be functioning properly, Internet browsing no longer locks up, and my previous keyboard issues no longer exist. Follow up ESET & MBAM scans do not detect any threats. Therefore, if you agree and have nothing further you would like me to do, I'll assume everything is A-OK and we can consider this topic successfully resolved and closed. I'll remove any tools we used after we close.

 

 

My sincere thanks for your spot on expert advice and timeliness in resolving my dilemma. This is the first time in almost 20 years that I've encountered an intrusion. It certainly gave me a wakeup call. Kudos to you and your associates at Bleeping Computer for your selflessness and for running such a great forum, I wish you all much success.

 

Take care and best regards,

Al



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,253 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 06 November 2014 - 10:16 AM

Glad we could help.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,253 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 06 November 2014 - 10:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users