Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE Hijack, cleaned but still taking over desktop


  • This topic is locked This topic is locked
14 replies to this topic

#1 padjr

padjr

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 08 November 2014 - 12:49 PM

Got hit with ICE hijack. Spent a couple days repairing corrupt/ hidden/ locked stuff.  Finally got it going in safe mode, then SpyBot, MWBAM, HiJackThis and AVG, I thought I about had it cleaned up. It is now booting up Normal (almost) but after about a minute ICE again takes over the Desktop. At least now I can get to Task Manager and shut it down without corrupting stuff, more might be working but I figure it‘s time to ask for help. Need help finishing this off.

Thanks

Jim



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:38 PM

Posted 09 November 2014 - 07:20 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi padjr,

FRST Scan from RECOVERY Environment on Vista, 7, and 8:
 
On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

 
 
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========
 
On the System Recovery Options menu you will get the following options:
 
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
Select Command Prompt
 
==========
 
 
Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 09 November 2014 - 02:46 PM

Thank you for the help.  Could not get to a command prompt from ‘Repair your computer’, not sure why, kept going on to start normal Windows.
I can get it going in Safe Mode.  Running FRST64 from Safe Mode desktop.  Here is that log.
Thanks
Jim
 
---------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by JP (administrator) on JIM-PC on 09-11-2014 13:21:36
Running from C:\Users\JP\Desktop
Loaded Profile: JP (Available profiles: JP)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [57xxSteelVine] => C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe [1720320 2007-08-20] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [SansaDispatch] => C:\Users\JP\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2010-10-16] (SanDisk Corporation)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2014-10-28] (Speedbit Ltd.)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [NoSaveSettings] 0
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk
ShortcutTarget: Core Temp.lnk -> C:\Program Files\Core Temp\Core Temp.exe ()
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\3E29E6B4.cpp (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x410DF1D8953FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} 
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} 
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://employee.bnsf.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: HKLM-x32 {FA5D9BCA-4653-49FB-9237-FFA947877414} http://192.168.1.10/ZDVR.CAB
Handler: ipp - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - No CLSID Value - 
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-10-28]
 
Chrome: 
=======
CHR Profile: C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 57xx SteelVine Manager; C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe [1282048 2007-08-20] () [File not signed]
S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 AntsCMSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe [2403328 2013-03-07] (ANTS) [File not signed]
S2 AntsSTSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe [2038784 2013-03-02] () [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
S2 MYSQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" MYSQL [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96768 2013-02-14] (Advanced Micro Devices) [File not signed]
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
S2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 NwGPSOverWiFi64; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
S3 NWUSBLAN_4620; C:\Windows\System32\DRIVERS\nwblan_4620.sys [47472 2012-09-27] (Belcarra Technologies)
S3 nwusbserial; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
S3 PPorts; C:\Windows\System32\DRIVERS\PPorts.sys [95744 2009-07-23] ()
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2010-01-06] ()
S3 Ser2ph; C:\Windows\System32\DRIVERS\ser2ph64.sys [89600 2008-03-06] (Prolific Technology Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-20] ()
S3 ALSysIO; \??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-09 13:21 - 2014-11-09 13:21 - 00007339 _____ () C:\Users\JP\Desktop\FRST.txt
2014-11-09 13:20 - 2014-11-09 12:50 - 02116096 _____ (Farbar) C:\Users\JP\Desktop\FRST64.exe
2014-11-09 13:15 - 2014-11-09 13:15 - 00003224 ____N () C:\bootsqm.dat
2014-11-08 00:25 - 2014-11-08 00:26 - 00002065 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 00:21 - 2014-11-08 00:21 - 00000056 _____ () C:\Windows\setupact.log
2014-11-08 00:21 - 2014-11-08 00:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-02 15:53 - 2014-11-02 15:53 - 01063160 _____ () C:\Users\JP\Desktop\rkill64-32530.exe
2014-10-30 23:07 - 2014-10-31 04:46 - 00183467 _____ () C:\Windows\system32\avgrep.txt
2014-10-30 22:30 - 2014-10-30 22:30 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\JP\Desktop\rkill64.exe
2014-10-30 22:05 - 2014-10-30 22:05 - 00274616 _____ (Microsoft Corporation) C:\ProgramData\3E29E6B4.cpp
2014-10-30 08:24 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-30 08:24 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-30 08:24 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-30 08:24 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-30 08:24 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-30 08:24 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-30 08:23 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-30 08:23 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-30 06:08 - 2014-09-19 18:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-30 06:08 - 2014-09-19 17:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-30 06:08 - 2014-09-19 17:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-30 06:08 - 2014-09-19 17:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-30 06:08 - 2014-09-19 17:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-30 06:08 - 2014-09-19 17:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-30 06:08 - 2014-09-19 17:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-30 06:08 - 2014-09-19 17:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-30 06:08 - 2014-09-19 17:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-30 06:08 - 2014-09-19 17:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-30 06:08 - 2014-09-19 17:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-30 06:08 - 2014-09-19 17:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-30 06:08 - 2014-09-19 17:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-30 06:08 - 2014-09-19 17:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-30 06:08 - 2014-09-19 17:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-30 06:08 - 2014-09-19 17:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-30 06:08 - 2014-09-19 16:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-30 06:08 - 2014-09-19 16:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-30 06:08 - 2014-09-19 16:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-30 06:08 - 2014-09-19 16:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-30 06:08 - 2014-09-19 16:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-30 06:08 - 2014-09-19 16:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-30 06:08 - 2014-09-19 16:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-30 06:08 - 2014-09-19 16:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-30 06:08 - 2014-09-19 16:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-30 06:08 - 2014-09-19 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-30 06:08 - 2014-09-19 16:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-30 06:08 - 2014-09-19 16:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-30 06:08 - 2014-09-19 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-30 06:08 - 2014-09-19 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-30 06:08 - 2014-09-19 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-30 06:08 - 2014-09-19 16:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-29 22:52 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-29 22:52 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-29 22:52 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-29 22:52 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-29 22:52 - 2014-05-14 08:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-29 22:52 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-29 22:52 - 2014-05-14 08:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-29 22:52 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-28 00:56 - 2014-10-30 22:21 - 00001501 _____ () C:\Users\JP\Desktop\My DAP Downloads.lnk
2014-10-28 00:56 - 2014-10-28 00:56 - 00000941 _____ () C:\Users\JP\Desktop\Download Accelerator Plus (DAP).lnk
2014-10-28 00:54 - 2014-10-28 00:55 - 00000000 ____D () C:\Program Files (x86)\DAP
2014-10-28 00:54 - 2014-10-28 00:54 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-10-28 00:54 - 2014-10-28 00:54 - 00001041 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2014-10-28 00:54 - 2014-10-28 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-10-26 20:17 - 2014-10-26 20:17 - 00936136 _____ () C:\Users\JP\Downloads\dap10i_dca4663d3a_setup.exe
2014-10-25 09:53 - 2014-10-25 09:54 - 00001251 _____ () C:\Users\JP\Desktop\taskmgr.exe.lnk
2014-10-25 08:24 - 2014-10-17 19:19 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\JP\Desktop\rkill.exe
2014-10-25 08:22 - 2014-10-18 14:16 - 00688992 ____R (Swearware) C:\Users\JP\Desktop\dds.com
2014-10-24 21:54 - 2014-10-24 21:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-24 21:36 - 2014-10-24 21:38 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Itum
2014-10-24 21:36 - 2014-10-24 21:36 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Ymam
2014-10-23 23:54 - 2014-10-25 10:12 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-10-23 23:53 - 2014-10-23 23:53 - 00003042 _____ () C:\Windows\System32\Tasks\{A2AA7D50-2F35-43A4-85AE-792B447C98D5}
2014-10-23 21:34 - 2014-10-23 21:34 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Vaoqfe
2014-10-23 21:34 - 2014-10-23 21:34 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Ilhyu
2014-10-23 19:06 - 2014-10-23 19:06 - 00002712 _____ () C:\Users\JP\Desktop\aswMBR.txt
2014-10-23 19:06 - 2014-10-23 19:06 - 00000512 _____ () C:\Users\JP\Desktop\MBR.dat
2014-10-23 18:46 - 2014-10-23 18:46 - 05192704 _____ (AVAST Software) C:\Users\JP\Desktop\aswMBR.exe
2014-10-22 19:26 - 2014-10-22 19:26 - 00002118 _____ () C:\Users\JP\Desktop\FSS.txt
2014-10-22 19:25 - 2014-10-22 19:25 - 00415232 _____ (Farbar) C:\Users\JP\Desktop\FSS.exe
2014-10-21 20:10 - 2014-10-21 20:10 - 00044561 _____ () C:\Users\JP\Desktop\Addition.txt
2014-10-21 19:48 - 2014-10-21 19:48 - 00000000 ____D () C:\Users\JP\Desktop\FRST-OlderVersion
2014-10-21 19:45 - 2014-07-10 11:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\JP\Desktop\TDSSKiller.exe
2014-10-21 19:44 - 2014-10-17 19:21 - 15725144 _____ () C:\Users\JP\Desktop\RogueKiller.exe
2014-10-20 17:16 - 2014-10-20 17:16 - 00002606 _____ () C:\Users\JP\Desktop\JRT.txt
2014-10-20 17:12 - 2014-10-20 17:12 - 00000000 ____D () C:\Windows\ERUNT
2014-10-20 16:38 - 2014-10-20 16:45 - 00000000 ____D () C:\AdwCleaner
2014-10-20 07:30 - 2014-11-09 13:21 - 00000000 ____D () C:\FRST
2014-10-18 21:06 - 2014-10-18 21:06 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-10-18 14:21 - 2014-10-18 14:21 - 00018835 _____ () C:\Users\JP\Desktop\dds.txt
2014-10-18 14:21 - 2014-10-18 14:21 - 00017360 _____ () C:\Users\JP\Desktop\attach.txt
2014-10-17 23:12 - 2014-10-25 11:05 - 00000000 ____D () C:\Users\JP\AppData\Local\CrashDumps
2014-10-17 21:43 - 2014-10-17 21:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-17 21:42 - 2014-10-17 21:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-17 21:42 - 2014-10-17 21:42 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-17 21:42 - 2014-10-17 21:42 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-17 21:42 - 2014-10-17 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-17 21:42 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-17 21:16 - 2014-10-20 16:15 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 21:16 - 2014-10-17 21:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 19:22 - 2014-11-02 15:53 - 00001666 _____ () C:\Users\JP\Desktop\Rkill.txt
2014-10-17 18:48 - 2014-11-08 00:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 18:47 - 2014-10-20 16:53 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-17 18:47 - 2014-10-20 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 18:47 - 2014-10-20 16:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 18:47 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 18:47 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-09 13:21 - 2009-07-13 23:13 - 00730384 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 00:26 - 2009-07-13 22:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 00:26 - 2009-07-13 22:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 00:25 - 2012-09-08 09:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-08 00:22 - 2013-01-30 21:44 - 00000354 _____ () C:\Windows\Tasks\ROC_PAID_JAN2013_TB_rmv.job
2014-11-08 00:22 - 2013-01-26 10:51 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-11-08 00:22 - 2009-12-03 17:17 - 00000000 ____D () C:\ProgramData\Temp
2014-11-08 00:21 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 18:59 - 2012-05-31 21:54 - 00000000 ____D () C:\Users\JP\Documents\Vegas Movie Studio PE 9.0 Projects
2014-10-30 23:07 - 2012-09-08 09:14 - 00000000 ____D () C:\Users\JP\AppData\Local\Avg2013
2014-10-30 22:18 - 2012-04-23 20:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 22:06 - 2012-08-06 16:29 - 00000000 ____D () C:\Users\JP\AppData\Roaming\vlc
2014-10-30 15:09 - 2009-12-15 22:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-30 10:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-26 13:50 - 2012-11-18 14:51 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJP
2014-10-26 13:50 - 2012-11-18 14:51 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForJP.job
2014-10-25 10:39 - 2010-03-05 22:29 - 00000049 _____ () C:\Windows\NeroDigital.ini
2014-10-25 09:55 - 2014-01-14 16:49 - 00000000 ____D () C:\ProgramData\SpeedBit
2014-10-24 21:37 - 2011-08-18 20:11 - 00000000 __SHD () C:\Users\JP\AppData\Roaming\ehdduirh
2014-10-22 19:18 - 2012-05-31 21:54 - 00000000 ____D () C:\Users\JP\Documents\BRS
2014-10-20 07:19 - 2009-12-03 17:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-17 21:37 - 2009-12-15 22:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-10-17 18:47 - 2012-05-31 21:39 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Malwarebytes
2014-10-17 18:47 - 2009-12-15 20:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 18:47 - 2009-12-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-16 23:48 - 2014-10-04 13:56 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2014-10-16 23:29 - 2013-01-21 00:54 - 00000000 ____D () C:\Windows\Minidump
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-29 18:07
 
==================== End Of Log ============================


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:38 PM

Posted 09 November 2014 - 03:05 PM

Hi padjr,
 
Odd, either way this works just as well.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\3E29E6B4.cpp (Microsoft Corporation)
C:\ProgramData\3E29E6B4.cpp
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

Are you able boot into normal mode and not have the ransomware screen appear?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 10 November 2014 - 08:29 PM

Are you able boot into normal mode and not have the ransomware screen appear?

 

Not yet, only Safe Mode.  At first, it completely took over and the ransomware screen appeared early in the boot.   I couldn't do anything but force a power down.  After cleaning on it for a couple days and digging out some stuff hidden in the Recycle Bin, now  it seems to get all the way done booting, THEN the ransomware screen comes up.  But I can ctrl-alt-del and get to Task Mgnr. and get an orderly shutdown now.  And that brings me here.  Will be back with the fixlist results soon.

 

Jim



#6 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 10 November 2014 - 09:22 PM

Well DUH!  I didn't even think of the Start Up.  That did it.  But I'm not very competent in the Registry dept.  Your fix was far more elegant than mine would have been.  Here is the fix log.  Thanks so much Toffee.

 

------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by JP at 2014-11-10 19:46:25 Run:2
Running from C:\Users\JP\Desktop
Loaded Profile: JP (Available profiles: JP)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\3E29E6B4.cpp (Microsoft Corporation)
C:\ProgramData\3E29E6B4.cpp
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\ProgramData\3E29E6B4.cpp => Moved successfully.
"C:\ProgramData\3E29E6B4.cpp" => File/Directory not found.

==== End of Fixlog ====



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:38 PM

Posted 11 November 2014 - 11:35 AM

Hi padjr,
 
That is what I expected, ransomware either uses startup and hijacks a service or replaces user32.dll nowadays :)
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 11 November 2014 - 09:20 PM

Everything is almost back to normal.  After booting up something kept banging my bandwidth and HD non-stop, after several minutes with no sign of letting up I tracked it down to Steelvine.  Since I hadn't seen that before, and don't know what it was up to,  I suspended it and the excess activity stopped.

Here is the FRST log

---------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by JP (administrator) on JIM-PC on 11-11-2014 20:06:00
Running from C:\Users\JP\Desktop
Loaded Profile: JP (Available profiles: JP)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(ANTS) C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe
() C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
() C:\Program Files\Core Temp\Core Temp.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [57xxSteelVine] => C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe [1720320 2007-08-20] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [SansaDispatch] => C:\Users\JP\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2010-10-16] (SanDisk Corporation)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2014-10-28] (Speedbit Ltd.)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [NoSaveSettings] 0
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk
ShortcutTarget: Core Temp.lnk -> C:\Program Files\Core Temp\Core Temp.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x410DF1D8953FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://employee.bnsf.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: HKLM-x32 {FA5D9BCA-4653-49FB-9237-FFA947877414} http://192.168.1.10/ZDVR.CAB
Handler: ipp - No CLSID Value -
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - No CLSID Value -
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-10-28]

Chrome:
=======
CHR Profile: C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 57xx SteelVine Manager; C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe [1282048 2007-08-20] () [File not signed]
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntsCMSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe [2403328 2013-03-07] (ANTS) [File not signed]
R2 AntsSTSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe [2038784 2013-03-02] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 MYSQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" MYSQL [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96768 2013-02-14] (Advanced Micro Devices) [File not signed]
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 NwGPSOverWiFi64; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
S3 NWUSBLAN_4620; C:\Windows\System32\DRIVERS\nwblan_4620.sys [47472 2012-09-27] (Belcarra Technologies)
R3 nwusbserial; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
R3 PPorts; C:\Windows\System32\DRIVERS\PPorts.sys [95744 2009-07-23] ()
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2010-01-06] ()
S3 Ser2ph; C:\Windows\System32\DRIVERS\ser2ph64.sys [89600 2008-03-06] (Prolific Technology Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-20] ()
R3 ALSysIO; \??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:49 - 2014-11-11 20:06 - 00018547 _____ () C:\Users\JP\Desktop\FRST.txt
2014-11-11 19:29 - 2014-11-11 19:29 - 00000104 _____ () C:\Users\JP\Desktop\Run... - Shortcut.lnk
2014-11-09 13:20 - 2014-11-09 12:50 - 02116096 _____ (Farbar) C:\Users\JP\Desktop\FRST64.exe
2014-11-09 13:15 - 2014-11-09 13:15 - 00003224 ____N () C:\bootsqm.dat
2014-11-08 00:25 - 2014-11-11 19:55 - 00012392 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 00:21 - 2014-11-11 19:11 - 00000224 _____ () C:\Windows\setupact.log
2014-11-08 00:21 - 2014-11-08 00:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-02 15:53 - 2014-11-02 15:53 - 01063160 _____ () C:\Users\JP\Desktop\rkill64-32530.exe
2014-10-30 23:07 - 2014-10-31 04:46 - 00183467 _____ () C:\Windows\system32\avgrep.txt
2014-10-30 22:30 - 2014-10-30 22:30 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\JP\Desktop\rkill64.exe
2014-10-30 08:24 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-30 08:24 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-30 08:24 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-30 08:24 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-30 08:24 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-30 08:24 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-30 08:23 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-30 08:23 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-30 08:23 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-30 06:08 - 2014-09-19 18:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-30 06:08 - 2014-09-19 17:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-30 06:08 - 2014-09-19 17:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-30 06:08 - 2014-09-19 17:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-30 06:08 - 2014-09-19 17:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-30 06:08 - 2014-09-19 17:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-30 06:08 - 2014-09-19 17:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-30 06:08 - 2014-09-19 17:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-30 06:08 - 2014-09-19 17:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-30 06:08 - 2014-09-19 17:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-30 06:08 - 2014-09-19 17:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-30 06:08 - 2014-09-19 17:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-30 06:08 - 2014-09-19 17:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-30 06:08 - 2014-09-19 17:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-30 06:08 - 2014-09-19 17:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-30 06:08 - 2014-09-19 17:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-30 06:08 - 2014-09-19 17:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-30 06:08 - 2014-09-19 16:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-30 06:08 - 2014-09-19 16:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-30 06:08 - 2014-09-19 16:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-30 06:08 - 2014-09-19 16:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-30 06:08 - 2014-09-19 16:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-30 06:08 - 2014-09-19 16:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-30 06:08 - 2014-09-19 16:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-30 06:08 - 2014-09-19 16:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-30 06:08 - 2014-09-19 16:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-30 06:08 - 2014-09-19 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-30 06:08 - 2014-09-19 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-30 06:08 - 2014-09-19 16:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-30 06:08 - 2014-09-19 16:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-30 06:08 - 2014-09-19 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-30 06:08 - 2014-09-19 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-30 06:08 - 2014-09-19 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-30 06:08 - 2014-09-19 16:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-29 22:52 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-29 22:52 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-29 22:52 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-29 22:52 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-29 22:52 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-29 22:52 - 2014-05-14 08:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-29 22:52 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-29 22:52 - 2014-05-14 08:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-29 22:52 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-28 00:56 - 2014-10-30 22:21 - 00001501 _____ () C:\Users\JP\Desktop\My DAP Downloads.lnk
2014-10-28 00:56 - 2014-10-28 00:56 - 00000941 _____ () C:\Users\JP\Desktop\Download Accelerator Plus (DAP).lnk
2014-10-28 00:54 - 2014-10-28 00:55 - 00000000 ____D () C:\Program Files (x86)\DAP
2014-10-28 00:54 - 2014-10-28 00:54 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-10-28 00:54 - 2014-10-28 00:54 - 00001041 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2014-10-28 00:54 - 2014-10-28 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-10-26 20:17 - 2014-10-26 20:17 - 00936136 _____ () C:\Users\JP\Downloads\dap10i_dca4663d3a_setup.exe
2014-10-25 09:53 - 2014-10-25 09:54 - 00001251 _____ () C:\Users\JP\Desktop\taskmgr.exe.lnk
2014-10-25 08:24 - 2014-10-17 19:19 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\JP\Desktop\rkill.exe
2014-10-25 08:22 - 2014-10-18 14:16 - 00688992 ____R (Swearware) C:\Users\JP\Desktop\dds.com
2014-10-24 21:54 - 2014-10-24 21:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-24 21:36 - 2014-10-24 21:38 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Itum
2014-10-24 21:36 - 2014-10-24 21:36 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Ymam
2014-10-23 23:54 - 2014-10-25 10:12 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-10-23 23:53 - 2014-10-23 23:53 - 00003042 _____ () C:\Windows\System32\Tasks\{A2AA7D50-2F35-43A4-85AE-792B447C98D5}
2014-10-23 21:34 - 2014-10-23 21:34 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Vaoqfe
2014-10-23 21:34 - 2014-10-23 21:34 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Ilhyu
2014-10-23 19:06 - 2014-10-23 19:06 - 00002712 _____ () C:\Users\JP\Desktop\aswMBR.txt
2014-10-23 19:06 - 2014-10-23 19:06 - 00000512 _____ () C:\Users\JP\Desktop\MBR.dat
2014-10-23 18:46 - 2014-10-23 18:46 - 05192704 _____ (AVAST Software) C:\Users\JP\Desktop\aswMBR.exe
2014-10-22 19:26 - 2014-10-22 19:26 - 00002118 _____ () C:\Users\JP\Desktop\FSS.txt
2014-10-22 19:25 - 2014-10-22 19:25 - 00415232 _____ (Farbar) C:\Users\JP\Desktop\FSS.exe
2014-10-21 19:48 - 2014-11-11 20:04 - 00000000 ____D () C:\Users\JP\Desktop\FRST-OlderVersion
2014-10-21 19:45 - 2014-07-10 11:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\JP\Desktop\TDSSKiller.exe
2014-10-21 19:44 - 2014-10-17 19:21 - 15725144 _____ () C:\Users\JP\Desktop\RogueKiller.exe
2014-10-20 17:16 - 2014-10-20 17:16 - 00002606 _____ () C:\Users\JP\Desktop\JRT.txt
2014-10-20 17:12 - 2014-10-20 17:12 - 00000000 ____D () C:\Windows\ERUNT
2014-10-20 16:38 - 2014-10-20 16:45 - 00000000 ____D () C:\AdwCleaner
2014-10-20 07:30 - 2014-11-11 20:06 - 00000000 ____D () C:\FRST
2014-10-18 21:06 - 2014-10-18 21:06 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-10-18 14:21 - 2014-10-18 14:21 - 00018835 _____ () C:\Users\JP\Desktop\dds.txt
2014-10-18 14:21 - 2014-10-18 14:21 - 00017360 _____ () C:\Users\JP\Desktop\attach.txt
2014-10-17 23:12 - 2014-10-25 11:05 - 00000000 ____D () C:\Users\JP\AppData\Local\CrashDumps
2014-10-17 21:43 - 2014-10-17 21:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-17 21:42 - 2014-11-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-17 21:42 - 2014-10-17 21:42 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-17 21:42 - 2014-10-17 21:42 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-17 21:42 - 2014-10-17 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-17 21:42 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-17 21:16 - 2014-10-20 16:15 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 21:16 - 2014-10-17 21:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 19:22 - 2014-11-02 15:53 - 00001666 _____ () C:\Users\JP\Desktop\Rkill.txt
2014-10-17 18:48 - 2014-11-08 00:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 18:47 - 2014-10-20 16:53 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-17 18:47 - 2014-10-20 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 18:47 - 2014-10-20 16:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 18:47 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 18:47 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:43 - 2009-07-13 23:13 - 00730384 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 19:19 - 2009-07-13 22:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:19 - 2009-07-13 22:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:18 - 2012-04-23 20:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 19:16 - 2012-09-08 09:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-11 19:11 - 2013-01-30 21:44 - 00000354 _____ () C:\Windows\Tasks\ROC_PAID_JAN2013_TB_rmv.job
2014-11-11 19:11 - 2013-01-26 10:51 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-11-11 19:11 - 2009-12-03 17:17 - 00000000 ____D () C:\ProgramData\Temp
2014-11-11 19:11 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 18:59 - 2012-05-31 21:54 - 00000000 ____D () C:\Users\JP\Documents\Vegas Movie Studio PE 9.0 Projects
2014-10-30 23:07 - 2012-09-08 09:14 - 00000000 ____D () C:\Users\JP\AppData\Local\Avg2013
2014-10-30 22:06 - 2012-08-06 16:29 - 00000000 ____D () C:\Users\JP\AppData\Roaming\vlc
2014-10-30 15:09 - 2009-12-15 22:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-30 10:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-26 13:50 - 2012-11-18 14:51 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJP
2014-10-26 13:50 - 2012-11-18 14:51 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForJP.job
2014-10-25 10:39 - 2010-03-05 22:29 - 00000049 _____ () C:\Windows\NeroDigital.ini
2014-10-25 09:55 - 2014-01-14 16:49 - 00000000 ____D () C:\ProgramData\SpeedBit
2014-10-24 21:37 - 2011-08-18 20:11 - 00000000 __SHD () C:\Users\JP\AppData\Roaming\ehdduirh
2014-10-22 19:18 - 2012-05-31 21:54 - 00000000 ____D () C:\Users\JP\Documents\BRS
2014-10-20 07:19 - 2009-12-03 17:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-17 21:37 - 2009-12-15 22:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-10-17 18:47 - 2012-05-31 21:39 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Malwarebytes
2014-10-17 18:47 - 2009-12-15 20:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 18:47 - 2009-12-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-16 23:48 - 2014-10-04 13:56 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2014-10-16 23:29 - 2013-01-21 00:54 - 00000000 ____D () C:\Windows\Minidump

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-29 18:07

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by JP at 2014-11-11 20:06:19
Running from C:\Users\JP\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Sansa Media Converter (HKLM-x32\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.263 - )
57xx SteelVine (HKLM-x32\...\{2B25D1AE-F095-47C9-BDCC-80F998E0E17F}) (Version: 5.1.20 - Silicon Image)
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.6.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4189 - AVG Technologies) Hidden
BC_VUP3 (HKLM-x32\...\{DD15A07D-C205-4948-BF90-6D3DD05CEA31}) (Version: 3.0.1 - Uniden)
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version:  - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version:  - Canon Inc.)
Canon MG8200 series User Registration (HKLM-x32\...\Canon MG8200 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.35 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
DeLorme Street Atlas USA 2008 (HKLM-x32\...\{81D0EAC7-B352-4E71-B8A1-461E41029A2E}) (Version: 1.00.2008 - DeLorme Publishing, Inc.)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version:  - )
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 2.5.5 - DivXNetworks, Inc.)
DivX Pro (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.)
DraftSight (HKLM-x32\...\{A7E24CE8-F9D0-408F-A37C-5BF0716D3E91}) (Version: 8.2.301 - Dassault Systemes)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FreeSCAN  (HKLM-x32\...\FreeSCAN) (Version:  - Sixspot Software)
GSurf_Pro (HKLM-x32\...\GSurf_Pro) (Version: 1.0.0.15 - Grandstream)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Share-to-Web (HKLM-x32\...\{748F4870-8350-11D3-B0BF-080009FB4A19}) (Version:  - )
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Juniper Networks Host Checker (HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Neoteris_Host_Checker) (Version: 7.1.0.18193 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Juniper_Setup_Client) (Version: 7.1.2.10059 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe Diagnostic Utility (HKLM-x32\...\{7419582C-1E2E-4848-88F6-9FF638D9EA87}) (Version: 1.18.24.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)
LightScribe Template Designs - Life Events Pack 1 (HKLM-x32\...\{5B295E70-5256-46DD-ADA8-81E9EF7F4939}) (Version: 1.17.146.0 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{83721450-E604-4C37-ABEB-CE7F18C587C8}) (Version: 1.18.24.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Streets & Trips 2009 (HKLM-x32\...\{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}) (Version: 16.0.18.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MiFi 4620 Mobile Broadband Drivers (HKLM-x32\...\{3A6120C6-AA5F-4851-9447-BF6BDBB786D5}) (Version: 2.08.005.001.17 - Novatel Wireless)
Monster Central Control Software 7 (HKLM-x32\...\{7649309B-F1ED-4225-8B50-1A4224883E55}) (Version: 7.2.0.6 - Monster)
Monster Central Control Software 7 (x32 Version: 7.2.0.6 - Monster) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nero OEM (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
NVMS7000 (HKLM-x32\...\{15174CE2-626C-4748-B2D2-E7B997E62745}) (Version: 2.00.00.50 - company)
OCX (HKLM-x32\...\OCX) (Version: 3.1.0.48 - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PhotoNow! 1.0 (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version:  - )
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.1 - Prolific Technology INC)
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Sansa Updater (HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Sansa Updater) (Version:  - )
Sony DVD Architect Studio 4.5 (HKLM-x32\...\{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}) (Version: 4.5.107 - Sony)
Sony Sound Forge Audio Studio 9.0 (HKLM-x32\...\{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}) (Version: 9.0.232 - Sony)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tera Term 4.75 (HKLM-x32\...\Tera Term_is1) (Version:  - )
TTLEditor 1.4 (HKLM-x32\...\{A1BFEB7F-3126-4F60-9CFD-8D4FC1B87BEB}_is1) (Version:  - LogMeTT.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vegas Movie Studio Platinum 9.0 (HKLM-x32\...\{97E038E1-41AD-4C93-BCDC-6A2394AEE352}) (Version: 9.0.92 - Sony)
Video Surveillance Client 2.0 (HKLM-x32\...\Video Surveillance Client_is1) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VueScan (HKLM-x32\...\VueScan) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2804656215-4255892301-2232998820-1003_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-10-17 20:59 - 00000698 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {173F9B60-3601-47D6-A216-2FC5B226644A} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {21B562EA-F6BD-44E5-ACD7-67A549B26314} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {27B73950-ED39-459B-8513-61473ECF0DA6} - System32\Tasks\ROC_PAID_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {3DE8C2ED-A926-427B-ADD3-9C69512F4A47} - System32\Tasks\Core Temp Autostart => C:\Program Files\Core Temp\Core Temp.exe [2010-07-02] ()
Task: {67BB9479-55B0-4DCD-B55E-B082105327B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {6CAA594D-199B-4BCD-AFED-F64B3CED62BE} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {81539C7F-8EF7-4D85-B187-D5DDD4F73AB4} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {89E48B7F-9C8D-4749-972D-7240241E609F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {95C3FBE0-ED43-46ED-BBCD-64681B50E566} - System32\Tasks\AdobeAAMUpdater-1.0-Jim-PC-Jim => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {A77CC17E-09E3-44BC-A51F-06BAB861194B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C5FA3822-ABC0-485E-9A77-2245EA38BDF1} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {E8A687B6-0CAF-4649-B886-2E3F16CD0204} - System32\Tasks\HPCeeScheduleForJP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {EC3955D5-248E-465C-BD6B-AB1A8B32DC47} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F9AB9C66-47DF-4A85-A491-857127F0FD1D} - System32\Tasks\{3120572B-0A91-4C3D-9EA8-F374BB3519C2} => C:\Program Files (x86)\ImgBurn\ImgBurn.exe [2011-10-03] (LIGHTNING UK!)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\ROC_PAID_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2007-08-20 11:42 - 2007-08-20 11:42 - 01282048 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe
2014-05-18 17:29 - 2013-03-02 11:03 - 02038784 _____ () C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe
2009-12-03 17:24 - 2008-09-30 20:59 - 00192512 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
2014-05-18 17:29 - 2012-07-04 09:52 - 06562432 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2009-07-08 16:35 - 2009-07-08 16:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2012-05-31 21:46 - 2012-02-18 13:17 - 00006144 _____ () C:\Users\JP\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\CoreTempReader.dll
2012-05-31 21:46 - 2012-02-18 13:17 - 00008704 _____ () C:\Users\JP\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\GetCoreTempInfoNET.dll
2012-05-31 21:46 - 2012-02-18 13:17 - 00007680 _____ () C:\Users\JP\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\SystemInfo.dll
2012-02-18 13:17 - 2010-07-02 13:52 - 00530448 _____ () C:\Program Files\Core Temp\Core Temp.exe
2007-08-20 11:45 - 2007-08-20 11:45 - 01720320 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe
2012-04-05 21:00 - 2012-04-05 21:00 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2006-09-08 13:32 - 2006-09-08 13:32 - 01720320 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtCore4.dll
2006-09-08 13:44 - 2006-09-08 13:44 - 02224128 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\Qt3Support4.dll
2006-09-08 13:41 - 2006-09-08 13:41 - 00409600 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtSql4.dll
2006-09-08 13:32 - 2006-09-08 13:32 - 00204800 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtXml4.dll
2006-09-08 13:40 - 2006-09-08 13:40 - 03969024 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtGui4.dll
2006-09-08 13:41 - 2006-09-08 13:41 - 00249856 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtNetwork4.dll
2014-05-18 17:29 - 2012-02-27 17:05 - 00047024 _____ () C:\Program Files (x86)\Single Video Surveillance Client\avcdec.dll
2014-05-18 17:29 - 2012-02-27 17:06 - 00446464 _____ () C:\Program Files (x86)\Single Video Surveillance Client\NETSDK.DLL
2014-05-18 17:29 - 2012-02-27 17:06 - 00032768 _____ () C:\Program Files (x86)\Single Video Surveillance Client\tmAudio.dll
2014-05-18 17:29 - 2012-02-27 17:06 - 00139337 _____ () C:\Program Files (x86)\Single Video Surveillance Client\hpr.dll
2014-05-18 17:29 - 2012-02-27 17:05 - 00782336 _____ () C:\Program Files (x86)\Single Video Surveillance Client\dhnetsdk.dll
2014-05-18 17:29 - 2012-02-27 17:05 - 00466944 _____ () C:\Program Files (x86)\Single Video Surveillance Client\dhplay.dll
2014-05-18 17:29 - 2012-02-27 17:05 - 00278528 _____ () C:\Program Files (x86)\Single Video Surveillance Client\dhdvr.dll
2014-05-18 17:29 - 2012-09-10 14:14 - 00212992 _____ () C:\Program Files (x86)\Single Video Surveillance Client\Inhot.dll
2014-05-18 17:29 - 2011-08-18 16:54 - 01409550 _____ () C:\Program Files (x86)\Single Video Surveillance Client\avcodec-53.dll
2014-05-18 17:29 - 2011-08-18 16:54 - 00100366 _____ () C:\Program Files (x86)\Single Video Surveillance Client\avutil-51.dll
2014-05-18 17:29 - 2011-08-18 16:54 - 00183310 _____ () C:\Program Files (x86)\Single Video Surveillance Client\swscale-2.dll
2014-05-18 17:29 - 2011-09-07 13:19 - 00475648 _____ () C:\Program Files (x86)\Single Video Surveillance Client\D3DVideoRender.dll
2014-05-18 17:29 - 2012-11-24 09:35 - 01236480 _____ () C:\Program Files (x86)\Single Video Surveillance Client\ants_codec.dll
2014-05-18 17:29 - 2012-02-27 17:06 - 00417792 _____ () C:\Program Files (x86)\Single Video Surveillance Client\zlplaysdk.dll
2014-05-18 17:29 - 2012-03-08 15:18 - 00544768 _____ () C:\Program Files (x86)\Single Video Surveillance Client\JBNVSDK.dll
2014-05-18 17:29 - 2012-02-27 17:06 - 00229376 _____ () C:\Program Files (x86)\Single Video Surveillance Client\HHNetClient.dll
2014-05-18 17:29 - 2012-11-19 09:32 - 00630784 _____ () C:\Program Files (x86)\Single Video Surveillance Client\TDHZNetSDK.dll
2014-05-18 17:29 - 2011-12-16 15:12 - 00053248 _____ () C:\Program Files (x86)\Single Video Surveillance Client\HISDK.dll
2014-05-18 17:29 - 2012-02-22 09:47 - 00155648 _____ () C:\Program Files (x86)\Single Video Surveillance Client\NetLib.dll
2014-05-18 17:29 - 2012-01-11 14:38 - 00798720 _____ () C:\Program Files (x86)\Single Video Surveillance Client\HIPlayer.dll
2014-05-18 17:29 - 2012-02-27 17:06 - 01318912 _____ () C:\Program Files (x86)\Single Video Surveillance Client\LIBMYSQL.dll
2014-05-18 17:29 - 2012-02-27 17:06 - 00200704 _____ () C:\Program Files (x86)\Single Video Surveillance Client\Netplay_H264.dll
2014-05-18 17:29 - 2012-02-27 17:06 - 00069632 _____ () C:\Program Files (x86)\Single Video Surveillance Client\SoundOut_H264.dll
2014-05-18 17:29 - 2011-07-01 00:51 - 00544768 _____ () C:\Program Files (x86)\Single Video Surveillance Client\XM\NetSdk.dll
2014-10-28 00:56 - 2014-10-28 00:56 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2014-10-28 00:56 - 2014-10-28 00:56 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2014-10-28 00:56 - 2014-10-28 00:56 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2014-10-28 00:56 - 2014-10-28 00:56 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2014-10-28 00:56 - 2014-10-28 00:56 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2014-10-28 00:56 - 2014-10-28 00:56 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2009-12-01 19:49 - 2009-12-01 19:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2010-07-07 19:33 - 2010-07-07 19:33 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2014-10-17 21:42 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-17 21:42 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-17 21:42 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2012-08-02 21:19 - 2009-06-29 09:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-10-30 09:49 - 2014-10-30 09:49 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\7d521e583439ddf659b36d5f281ca646\IsdiInterop.ni.dll
2010-06-11 16:27 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2804656215-4255892301-2232998820-500 - Administrator - Disabled)
Guest (S-1-5-21-2804656215-4255892301-2232998820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2804656215-4255892301-2232998820-1002 - Limited - Enabled)
JP (S-1-5-21-2804656215-4255892301-2232998820-1003 - Administrator - Enabled) => C:\Users\JP

==================== Faulty Device Manager Devices =============

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2014 09:05:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/30/2014 10:28:54 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/30/2014 08:23:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).

Error: (10/30/2014 08:23:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (10/30/2014 06:36:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (10/30/2014 06:31:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/30/2014 06:08:49 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).

Error: (10/30/2014 06:08:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).

Error: (10/30/2014 06:08:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (10/29/2014 10:52:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).

System errors:
=============
Error: (11/11/2014 07:12:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/11/2014 07:12:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/11/2014 07:12:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/11/2014 07:12:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/11/2014 07:11:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/10/2014 09:46:11 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/10/2014 08:01:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/10/2014 07:52:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/10/2014 07:52:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/10/2014 07:52:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Microsoft Office Sessions:
=========================
Error: (07/15/2014 11:45:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 49 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/29/2013 05:21:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 65 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (11/15/2013 08:46:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1065 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (10/28/2013 11:08:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/02/2013 08:06:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3602 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (06/24/2013 10:08:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 388 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (04/26/2013 04:29:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 135 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (11/17/2012 09:44:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 85 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/29/2012 09:11:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/28/2012 04:52:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 24%
Total physical RAM: 12279.16 MB
Available physical RAM: 9242.74 MB
Total Pagefile: 24556.5 MB
Available Pagefile: 20569.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:165.38 GB) (Free:87.26 GB) NTFS
Drive d: (HP 2) (Fixed) (Total:120.15 GB) (Free:115.35 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:12.46 GB) (Free:2.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:29.67 GB) (Free:29.67 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: CE79DF4F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=165.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=120.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 29.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29.7 GB) - (Type=0C)

==================== End Of Log ============================


Edited by xXToffeeXx, 13 November 2014 - 01:19 PM.


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:38 PM

Posted 13 November 2014 - 01:25 PM

Hi padjr,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
2014-10-24 21:36 - 2014-10-24 21:38 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Itum
2014-10-24 21:36 - 2014-10-24 21:36 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Ymam
2014-10-23 21:34 - 2014-10-23 21:34 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Vaoqfe
2014-10-23 21:34 - 2014-10-23 21:34 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Ilhyu
2014-10-24 21:37 - 2011-08-18 20:11 - 00000000 __SHD () C:\Users\JP\AppData\Roaming\ehdduirh
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 14 November 2014 - 11:27 PM

Here is the Fixlog and the Emsisoft log.  Emsisoft found the one that was already quarantined and the other two I think are false positives.  I know where they came from and I don't think they have been tampered with.

 I'll post the other one tomorrow.

Jim

 

-----------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by JP at 2014-11-14 19:59:14 Run:3
Running from C:\Users\JP\Desktop
Loaded Profile: JP (Available profiles: JP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-10-24 21:36 - 2014-10-24 21:38 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Itum
2014-10-24 21:36 - 2014-10-24 21:36 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Ymam
2014-10-23 21:34 - 2014-10-23 21:34 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Vaoqfe
2014-10-23 21:34 - 2014-10-23 21:34 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Ilhyu
2014-10-24 21:37 - 2011-08-18 20:11 - 00000000 __SHD () C:\Users\JP\AppData\Roaming\ehdduirh
*****************

C:\Users\JP\AppData\Roaming\Itum => Moved successfully.
C:\Users\JP\AppData\Roaming\Ymam => Moved successfully.
C:\Users\JP\AppData\Roaming\Vaoqfe => Moved successfully.
C:\Users\JP\AppData\Roaming\Ilhyu => Moved successfully.
C:\Users\JP\AppData\Roaming\ehdduirh => Moved successfully.

==== End of Fixlog ====

 

 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/14/2014 8:45:15 PM
User account: Jim-PC\JP

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 11/14/2014 8:46:45 PM
C:\FRST\Quarantine\C\ProgramData\3E29E6B4.cpp.xBAD  detected: Gen:Variant.Kazy.486824 (B )
C:\Users\JP\Documents\IP Cam\IP-Cam 1\Tools\Upgrade_tool\HFS.exe  detected: Riskware.Win32.Server-Web.HFS (A)
C:\Users\JP\Documents\IP Cam\IP-Cam 2\Tools\Upgrade_tool\HFS.exe  detected: Riskware.Win32.Server-Web.HFS (A)

Scanned 277307
Found 3

Scan end: 11/14/2014 10:04:03 PM
Scan time: 1:17:18

C:\FRST\Quarantine\C\ProgramData\3E29E6B4.cpp.xBAD Quarantined Gen:Variant.Kazy.486824 (B )

Quarantined 1


Edited by padjr, 14 November 2014 - 11:34 PM.


#11 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 15 November 2014 - 01:17 PM

And here is the ESETScan log.

 

---------------------------------------------

C:\Users\JP\Documents\IP Cam\IP-Cam 1\Tools\Upgrade_tool\HFS.exe a variant of Win32/Server-Web.HFS.A potentially unsafe application 
C:\Users\JP\Documents\IP Cam\IP-Cam 2\Tools\Upgrade_tool\HFS.exe a variant of Win32/Server-Web.HFS.A potentially unsafe application 
C:\Users\JP\Downloads\dap10i_dca4663d3a_setup.exe a variant of Win32/SpeedBit.C potentially unwanted application 
C:\Any Video\avc-free.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Documents and Settings\JP\Documents\IP Cam\IP-Cam 1\Tools\Upgrade_tool\HFS.exe a variant of Win32/Server-Web.HFS.A potentially unsafe application deleted - quarantined
C:\Documents and Settings\JP\Documents\IP Cam\IP-Cam 2\Tools\Upgrade_tool\HFS.exe a variant of Win32/Server-Web.HFS.A potentially unsafe application deleted - quarantined
C:\Documents and Settings\JP\Downloads\dap10i_dca4663d3a_setup.exe a variant of Win32/SpeedBit.C potentially unwanted application deleted - quarantined



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:38 PM

Posted 15 November 2014 - 04:25 PM

Hi padjr,
 
Your version of Java is out of date. Older versions of programs have vulnerabilities that malicious sites can use to exploit and infect your system.

You may want to read these before you update, as most users do not use Java and have no need for it to be on their computer:
You don't need Java
W3Techs usage statistics and market share data of Java on the web
 
If you want to use Java, then please follow these steps to remove older version Java components and update:

  • Download the latest version of Java and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Java in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the Java installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run as Administrator.
  • When the Java Setup - Welcome window opens, click the Install button.
  • If offered any unwanted software or toolbars during installation (such as the Ask Toolbar); just uncheck the box before continuing unless you want it.
  • Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature, and you will not have to remember to update when Java releases a new version.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 17 November 2014 - 11:55 PM

I uninstalled the old Java, got the new one, I'll install it when something askes for it.  I also uninstalled the 57xx SteelVine because it kept hammering away at my internet connection for no reason, it was for an external drive bay that wasn't even being used.  Don't know what got into it, so it's gone now.  Looks like we are about done here, all is running great now.  Thanks for all your help.  I'm going to clean things up a little, then clone this one so next time I can just reimage back to a good OS.  Thanks again.

 

JIm



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:38 PM

Posted 18 November 2014 - 01:23 PM

Hi padjr,
 
Glad to hear everything is running good. It looks like we are done now :)
 
Your machine is clean! Feel free to enjoy the use of your cleaned computer. Please take the time to follow this last post which tells you how to remove the tools we have used and how to keep your computer clean   :thumbsup:
 
---------------
 
Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
 
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.
 
--------------
 
Also, feel free to delete any leftover desktop icons and other various files which have been created throughout the process.
 
---------------
 
I have also compiled a list of links which you may be interested in:

This topic will be left open for 3 days in case you have any problems, otherwise it will closed after that time.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:38 PM

Posted 23 November 2014 - 11:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users