Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple false "Google Chrome" .exe *32


  • This topic is locked This topic is locked
36 replies to this topic

#1 kkpadilla

kkpadilla

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 12 November 2014 - 02:44 AM

Hello,

 

I must have downloaded something when I was updating some programs on my computer and now all my processing power is being drained by an executable called vygqpcatvx.exe *32 with the description of Google Chrome that keeps multiplying itself. I do not have Google Chrome downloaded onto my computer. Trying to shutdown the processes through Windows Task Manager or by deleting the folders and files doesn't do any good because it simply reappears and starts multiplying quicker than it can be deleted.

Scanning with Malwarebytes catches about 40 threats and then requests a restart. Upon restarting the computer seems to be fine initially and then eventually this "Google Chrome" .exe starts to multiple and take over all my processing power, making the computer very slow.

 

I don't know how to remove this problem from my computer. I've included the log as you've requested.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Karen at 23:29:09 on 2014-11-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.3701 [GMT -8:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe
C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
uRun: [AdobeBridge] <no file>
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SteelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition] "C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.11.1
TCP: Interfaces\{8C974505-CB1C-4EB6-B718-43EC7FC2B261} : DHCPNameServer = 192.168.11.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-BHO: {46575637-0076-A76A-76A7-7A786E7484D7} - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-RunOnce: [DCERegBootClean64] C:\Windows\RegBootClean64.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\etlqrrkj.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Karen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 489ad66e00000000000020cf3057325b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15871
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.520:54:31
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120006
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-12-28 14136]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-11-12 07:26:03 21528 ----a-w- C:\Windows\DCEBoot64.exe
2014-11-12 06:05:01 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-12 06:04:42 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-12 06:04:42 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-12 06:04:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-12 06:04:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 21:37:59 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-17 21:36:40 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-17 21:36:40 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2014-11-12 07:28:28 231960 ----a-w- C:\Windows\RegBootClean64.exe
2014-11-12 03:15:28 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 03:15:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2012-06-13 00:26:21 18199256 ----a-w- C:\Program Files (x86)\LivestreamProcaster.exe
2012-02-17 04:27:12 16843752 ----a-w- C:\Program Files (x86)\Procaster.exe
2011-08-06 02:00:32 1606656 ----a-w- C:\Program Files\SteamInstall.msi
2011-04-27 19:40:50 670992 ----a-w- C:\Program Files\RealPlayer.exe
2010-12-02 01:31:25 82815784 ----a-w- C:\Program Files\iTunes64Setup.exe
.
============= FINISH: 23:33:46.29 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,660 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:13 AM

Posted 12 November 2014 - 03:25 AM

Hello kkpadilla and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download one of these to your desktop:


for a 32-bt system download this version.
for 64-bit use this one

.

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to include with next post:

AdwCleaner log
RKreport.txt
FRST.txt
Addition.txt


Thanks

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 kkpadilla

kkpadilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 12 November 2014 - 01:12 PM

As requested, I am attaching or posting logs.

 

Additionally, I think it's worth noting that I wasn't able to download RogueKiller (x64) from your link. It gave me a DNS error in the browser window so I went directly to Geekstogo's website for the program.

 

RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Karen [Administrator]
Mode : Scan -- Date : 11/12/2014  09:46:30

¤¤¤ Processes : 10 ¤¤¤
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 24 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Run | Pyphsvvd : regsvr32.exe /s "C:\Users\Karen\AppData\Local\Downloaded Installations\Pyphsvvd.dll"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Run | Pyphsvvd : regsvr32.exe /s "C:\Users\Karen\AppData\Local\Downloaded Installations\Pyphsvvd.dll"  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bleepingcomputer.com/forums/t/555806/multiple-false-google-chrome-exe-32/#entry3535360  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bleepingcomputer.com/forums/t/555806/multiple-false-google-chrome-exe-32/#entry3535360  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 48 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sea.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sjc0.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.newoa
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.ntp
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.ipp
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 hl2rcv.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adobeereg.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.wip.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.wip1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.wip2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 crl.verisign.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 CRL.VERISIGN.NET
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ood.opsource.net

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] a35a01c72f8ed5e3f4186fd97eedcb69
[BSP] bbd03bb970a2297f3fe3ab37e0192d27 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Karen (administrator) on KAREN-PC on 12-11-2014 09:54:02
Running from C:\Users\Karen\Desktop
Loaded Profile: Karen (Available profiles: Karen & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
() C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() C:\Program Files (x86)\Adobe\Adobe Fireworks CS5.1\Configuration\Win\Shared\AdobeAIR\SDK\lib\nai\lib\sea.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Google Inc.) C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295072 2013-01-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [SteelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition] => C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe [1945600 2011-10-03] ()
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3856729299-96052416-3353975826-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3856729299-96052416-3353975826-1000\...\Run: [Pyphsvvd] => regsvr32.exe /s "C:\Users\Karen\AppData\Local\Downloaded Installations\Pyphsvvd.dll" <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/555806/multiple-false-google-chrome-exe-32/#entry3535360
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x46D9FED35174CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKCU - {5F39D352-EE68-4FC2-8DF8-26FBEB3B57AC} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: No Name -> {46575637-0076-A76A-76A7-7A786E7484D7} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Oracle)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

FireFox:
========
FF ProfilePath: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\etlqrrkj.default
FF NewTab: hxxp://www.outfox.tv?referid=180
FF DefaultSearchEngine: Yahoo
FF DefaultSearchUrl:
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3856729299-96052416-3353975826-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3856729299-96052416-3353975826-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3856729299-96052416-3353975826-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Performance Cache - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\etlqrrkj.default\Extensions\ejxryvdrwi@ejxryvdrwi.org.xpi [2012-03-18]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\etlqrrkj.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-14]
FF Extension: Mozilla Framework Assistant - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\etlqrrkj.default\Extensions\{5a350454-41ac-49ad-9519-8d9baa096146}.xpi [2013-02-03]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-01-16]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-04-24]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Oracle)
CHR Plugin: (Java™ Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Profile: C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-02]
CHR Extension: (Google Drive) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
CHR Extension: (YouTube) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-02]
CHR Extension: (Google Search) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-02]
CHR Extension: (RealDownloader) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-02]
CHR Extension: (Gmail) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-27] () [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-14] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U4 Audeasy; No ImagePath
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-31] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R3 SSMO4Filter; C:\Windows\System32\drivers\MO4Driver.sys [21504 2011-07-27] (Sagatek Co. Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-12] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
S3 WRfiltv; C:\Windows\System32\drivers\WRfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 SysInfo; \??\C:\Windows\system32\drivers\SysInfo.sys [X]
U2 TMAgent; No ImagePath
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 09:54 - 2014-11-12 09:55 - 00030909 _____ () C:\Users\Karen\Desktop\FRST.txt
2014-11-12 09:53 - 2014-11-12 09:54 - 00000000 ____D () C:\FRST
2014-11-12 09:53 - 2014-11-12 09:53 - 02116096 _____ (Farbar) C:\Users\Karen\Desktop\FRST64.exe
2014-11-12 09:51 - 2014-11-12 09:51 - 00010161 _____ () C:\Users\Karen\Desktop\RKreport_SCN_11122014_094630.log
2014-11-12 09:33 - 2014-11-12 09:33 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-12 09:33 - 2014-11-12 09:33 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-12 09:32 - 2014-11-12 09:32 - 17528920 _____ () C:\Users\Karen\Desktop\RogueKillerX64.exe
2014-11-12 09:24 - 2014-11-12 09:24 - 00011362 _____ () C:\Users\Karen\Desktop\AdwCleaner[S0].txt
2014-11-12 09:14 - 2014-11-12 09:18 - 00000000 ____D () C:\AdwCleaner
2014-11-12 09:14 - 2014-11-12 09:14 - 02140160 _____ () C:\Users\Karen\Desktop\adwcleaner_4.101.exe
2014-11-12 09:13 - 2014-11-12 09:13 - 00000000 __SHD () C:\Users\Karen\AppData\Local\EmieBrowserModeList
2014-11-12 09:09 - 2014-11-12 09:23 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3856729299-96052416-3353975826-1000
2014-11-12 09:09 - 2014-11-12 09:23 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3856729299-96052416-3353975826-1000
2014-11-12 09:01 - 2014-11-12 09:19 - 00001074 _____ () C:\Windows\DCEBOOT.RST
2014-11-12 09:01 - 2014-11-12 09:19 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-11-11 23:33 - 2014-11-11 23:34 - 00021729 _____ () C:\Users\Karen\Desktop\dds.txt
2014-11-11 23:33 - 2014-11-11 23:34 - 00010252 _____ () C:\Users\Karen\Desktop\attach.txt
2014-11-11 23:26 - 2014-11-12 09:06 - 00021528 _____ () C:\Windows\DCEBoot64.exe
2014-11-11 23:21 - 2014-11-11 23:21 - 00688992 _____ (Swearware) C:\Users\Karen\Downloads\dds.com
2014-11-11 22:05 - 2014-11-11 23:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 22:04 - 2014-11-11 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 22:04 - 2014-11-11 22:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 22:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 22:04 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-11 22:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-11 15:10 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 15:10 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 15:10 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 15:10 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 15:10 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 15:10 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 15:10 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 15:10 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 15:10 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 15:10 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 15:10 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 15:10 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 15:10 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 15:10 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 15:10 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 15:10 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 15:10 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 15:10 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 15:10 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 15:10 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 15:10 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 15:10 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 15:10 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 15:10 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 15:10 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 15:10 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 15:10 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 15:10 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 15:10 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 15:10 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 15:10 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 15:10 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 15:10 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 15:10 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 15:10 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 15:10 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 15:10 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 15:10 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 15:10 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 15:10 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 15:10 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 15:10 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 15:10 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 15:10 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 15:10 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 15:10 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 15:10 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 15:10 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 15:10 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 15:10 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 15:10 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 15:10 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 15:10 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 15:10 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 15:10 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 15:10 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 15:10 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 15:10 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 15:10 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 15:10 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 15:10 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 15:10 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 15:10 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 15:10 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 15:10 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 15:10 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 15:10 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 15:10 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 15:09 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 15:09 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 15:09 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 15:09 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 15:09 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 15:09 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 15:09 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 15:09 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 15:09 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 15:09 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 15:09 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 15:09 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 15:09 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 15:09 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 15:09 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 15:09 - 2014-09-19 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 15:09 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 15:09 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 15:09 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 15:09 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 15:09 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 15:09 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 15:09 - 2014-09-19 01:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 15:09 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 15:09 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 15:09 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 15:09 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 15:09 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 15:09 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 15:09 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 15:09 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 15:09 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 15:09 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 15:09 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 15:09 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 13:07 - 2014-11-11 13:07 - 00196275 _____ () C:\Users\Karen\Downloads\GTFO-4.35.2.zip
2014-11-11 13:04 - 2014-11-11 13:04 - 03386133 _____ () C:\Users\Karen\Downloads\WeakAuras-2.0.9.7.zip
2014-11-11 12:59 - 2014-11-11 12:59 - 00345045 _____ () C:\Users\Karen\Downloads\Omen-v3.1.9.zip
2014-11-11 12:55 - 2014-11-11 12:55 - 00017931 _____ () C:\Users\Karen\Downloads\_Cursor-6.0.2.1.zip
2014-11-11 12:54 - 2014-11-11 12:54 - 01955596 _____ () C:\Users\Karen\Downloads\DBM-Core-6.0.4.zip
2014-11-11 12:53 - 2014-11-11 12:53 - 00226209 _____ () C:\Users\Karen\Downloads\_NPCScan.Overlay-6.0.3.1.zip
2014-11-11 12:52 - 2014-11-11 12:52 - 00253087 _____ () C:\Users\Karen\Downloads\_NPCScan-6.0.3.1.zip
2014-11-11 12:51 - 2014-11-11 12:51 - 00389314 _____ () C:\Users\Karen\Downloads\Recount-r1276.zip
2014-11-11 12:47 - 2014-11-11 12:47 - 00678052 _____ () C:\Users\Karen\Downloads\TitanPanel-5.3.3.60000.zip
2014-11-09 12:24 - 2014-11-11 19:09 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3856729299-96052416-3353975826-1000
2014-11-09 12:24 - 2014-11-11 19:09 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3856729299-96052416-3353975826-1000
2014-10-21 16:26 - 2014-10-21 16:26 - 00000421 _____ () C:\Users\Karen\Downloads\champignon (2)-ZIPReader.log
2014-10-21 16:26 - 2014-10-21 16:26 - 00000000 ____D () C:\Users\Karen\Downloads\champignon (2)
2014-10-21 16:26 - 2014-10-21 16:26 - 00000000 ____D () C:\Users\Karen\Downloads\champignon
2014-10-21 16:22 - 2014-10-21 16:22 - 00055903 _____ () C:\Users\Karen\Downloads\champignon.zip
2014-10-21 12:00 - 2014-10-22 13:32 - 00000000 ____D () C:\Users\Karen\Documents\NMND 2014
2014-10-17 13:38 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 13:38 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 13:38 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 13:38 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 13:38 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 13:38 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 13:37 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 13:37 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 13:37 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 13:37 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 13:37 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 13:37 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 13:37 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 13:37 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 13:37 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 13:37 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 13:37 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 13:37 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 13:37 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 09:34 - 2009-07-13 20:45 - 00024416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 09:34 - 2009-07-13 20:45 - 00024416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 09:29 - 2010-10-24 07:55 - 01833698 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 09:19 - 2013-11-21 18:59 - 00265432 _____ () C:\Windows\PFRO.log
2014-11-12 09:19 - 2013-02-15 19:53 - 00106649 _____ () C:\Windows\setupact.log
2014-11-12 09:19 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 09:15 - 2012-04-08 13:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 09:04 - 2009-07-13 20:45 - 04951008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 09:01 - 2014-05-09 20:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-11 23:53 - 2013-08-14 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 23:51 - 2010-10-24 08:04 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 23:28 - 2012-12-03 11:38 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-11-11 23:17 - 2009-07-13 21:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 23:10 - 2011-08-05 19:11 - 00000000 __SHD () C:\Windows\ftpcache
2014-11-11 23:00 - 2014-01-18 19:49 - 00000000 ____D () C:\Users\Karen\AppData\Local\Battle.net
2014-11-11 22:04 - 2011-12-21 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 19:15 - 2012-04-08 13:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 19:15 - 2012-04-08 13:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 19:15 - 2011-08-05 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 18:34 - 2010-10-25 06:21 - 00000000 ____D () C:\Users\Karen\AppData\Local\Downloaded Installations
2014-11-09 13:01 - 2010-10-24 08:17 - 00000000 ____D () C:\World of Warcraft
2014-11-06 21:53 - 2012-11-20 09:22 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\SoftGrid Client
2014-11-06 21:53 - 2012-02-19 16:48 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\Skype
2014-11-06 19:00 - 2012-01-27 19:50 - 00000132 _____ () C:\Users\Karen\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-11-05 18:26 - 2014-01-18 19:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-05 18:26 - 2013-06-10 11:33 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-11-05 17:52 - 2013-02-20 19:02 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-11-05 17:51 - 2014-01-18 19:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-31 09:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-21 16:26 - 2010-11-21 11:40 - 00079280 _____ () C:\Users\Karen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 14:23 - 2010-12-20 20:08 - 00000000 ____D () C:\Users\Karen\AppData\Local\Adobe
2014-10-17 14:52 - 2014-09-12 09:15 - 00000000 ____D () C:\Users\Karen\Documents\ArcheAge
2014-10-17 14:44 - 2013-12-31 10:15 - 00000000 ____D () C:\Users\Karen\Desktop\cover letters
2014-10-17 13:53 - 2011-08-05 18:01 - 00000000 ____D () C:\Program Files (x86)\Steam

Some content of TEMP:
====================
C:\Users\Karen\AppData\Local\Temp\AcDeltree.exe
C:\Users\Karen\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Karen\AppData\Local\Temp\htmlayout.dll
C:\Users\Karen\AppData\Local\Temp\oi_{37BFDD14-6015-4BE0-9C15-8BB1B021D392}.exe
C:\Users\Karen\AppData\Local\Temp\Quarantine.exe
C:\Users\Karen\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Karen\AppData\Local\Temp\sqlite3.dll
C:\Users\Karen\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Karen\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Karen\AppData\Local\Temp\uninst1.exe
C:\Users\Karen\AppData\Local\Temp\uninstall27581101.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

LastRegBack: 2014-11-06 21:00

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Karen at 2014-11-12 10:01:29
Running from C:\Users\Karen\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Internet Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Internet Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3856729299-96052416-3353975826-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Support Advisor (HKLM-x32\...\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.6.0.20110628 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Amazon Kindle (HKU\S-1-5-21-3856729299-96052416-3353975826-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-3856729299-96052416-3353975826-1000\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk 3ds Max 2013 64-bit (HKLM\...\Autodesk 3ds Max 2013 64-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Essential Skills Movies for 3ds Max 2013 64-bit (HKLM\...\{7EDE5B68-1FB0-405D-88F0-A34236002DA8}) (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit) (Version:  - Autodesk)
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit) (Version:  - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2013 64-bit (HKLM\...\{696BB53C-28E6-1664-974E-D42FFF5B8E04}) (Version: 15.0 - Autodesk)
Autodesk MatchMover 2013 64-bit (HKLM\...\{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}) (Version: 14.00.0000 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Maya 2013 64-bit (HKLM\...\Autodesk Maya 2013 64-bit) (Version: 15.0.0.0 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
Autodesk Mudbox 2013 64-bit (HKLM\...\Autodesk Mudbox 2013 64-bit) (Version: 7.0.0.602 - Autodesk)
Autodesk Mudbox 2013 64-bit (Version: 7.0.0.602 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (HKLM\...\{06E18300-BB64-1664-8E6A-2593FC67BB74}) (Version: 1.0.0.1 - Autodesk)
Autodesk SketchBook Pro 6.0.1 (HKLM-x32\...\{783C27F9-EF0B-4B81-8464-8592AE8CB5B8}) (Version: 6.01.0000 - Autodesk)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BlackBerry Desktop Software 4.6 (HKLM-x32\...\BlackBerry_{7CB1E63B-C999-4D17-8133-E138F41D9ECF}) (Version: 4.6.0.13 - Research In Motion Ltd.)
BlackBerry Desktop Software 4.6 (x32 Version: 4.6.0.13 - Research In Motion Ltd.) Hidden
bodybugg Software (HKLM-x32\...\InstallShield_{CB706270-54EA-4E48-9FFB-0B95FA04DBE6}) (Version: 9.0.1.847 - BodyMedia, Inc.)
bodybugg Software (x32 Version: 9.0.1.847 - BodyMedia, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Boson Exam Environment (HKLM-x32\...\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}) (Version: 1.5.5 - Boson Software, LLC)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Combined Community Codec Pack 2012-12-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2012.12.30.0 - CCCP Project)
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}) (Version: 0.92.79 - Dotjosh Studios)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - )
Eets Munchies (HKLM-x32\...\Steam App 214550) (Version:  - )
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Perfection V33/V330 Photo Scanner Driver Update (HKLM-x32\...\{3B03E732-6150-4D0A-849F-C6F4141EA78C}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version:  - Monolith )
F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version:  - Monolith)
F.E.A.R. 3 (HKLM-x32\...\Steam App 21100) (Version:  - Day 1 Studios)
Fallout (HKLM-x32\...\Steam App 38400) (Version:  - Interplay Inc.)
Fallout 2 (HKLM-x32\...\Steam App 38410) (Version:  - Black Isle Studios)
Fallout Tactics (HKLM-x32\...\Steam App 38420) (Version:  - 14° East)
FINAL FANTASY XI (HKLM-x32\...\InstallShield_{678F6475-D227-432A-94FF-806178A34520}) (Version: 1.010.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI (x32 Version: 1.010.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Chains of Promathia (HKLM-x32\...\InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}) (Version: 1.27.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Chains of Promathia (x32 Version: 1.27.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Rise of the Zilart (HKLM-x32\...\InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}) (Version: 1.18.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Rise of the Zilart (x32 Version: 1.18.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Treasures of Aht Urhgan (HKLM-x32\...\InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}) (Version: 1.35.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Treasures of Aht Urhgan (x32 Version: 1.35.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Wings of the Goddess (HKLM-x32\...\InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}) (Version: 1.42.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Wings of the Goddess (x32 Version: 1.42.0 - SQUARE ENIX CO., LTD.) Hidden
Flixster (HKU\S-1-5-21-3856729299-96052416-3353975826-1000\...\cde6baecc037497b) (Version: 2.2.0.301 - Flixster)
Freemake Video Converter version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.2 - Ellora Assets Corporation)
FrostWire 5.6.2 (HKLM-x32\...\FrostWire 5) (Version: 5.6.2.1 - FrostWire Team)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Human Japanese 2.0 (HKLM-x32\...\{61174B54-26FC-48F3-AF5C-7C9B9A9E9A8C}) (Version: 2.0.2 - Brak Software)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Java™ 6 Update 37 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
LIMBO Demo (HKLM-x32\...\Steam App 48010) (Version:  - )
Livestream Procaster (HKLM-x32\...\{2515EAA9-AE9F-4F0A-8301-B40034838B8A}) (Version: 20.3.0 - Procaster)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media converter (HKLM-x32\...\{729E66B3-1B80-4F3F-8D19-342A89631E1A}_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6129.5001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySpeed ActiveX v3.7.4 (HKLM-x32\...\{E7DA43AB-45A2-45FB-B0DB-5AB0D0E6BC25}) (Version: 3.07.0070 - Enounce Incorporated)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PlayOnline Viewer & Tetra Master (HKLM-x32\...\InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.)
PlayOnline Viewer & Tetra Master (x32 Version: 1.18.00 - SQUARE ENIX CO., LTD.) Hidden
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version:  - Telltale Games)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RIFT (HKLM-x32\...\InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}) (Version: 1.0.0 - Trion Worlds, Inc.)
RIFT (x32 Version: 1.0.0 - Trion Worlds, Inc.) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Solar 2 (HKLM-x32\...\Steam App 97000) (Version:  - Murudai)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
TestKing Q and A - Microsoft 70-680 (HKLM-x32\...\{58A4A0EC-A184-4545-B8E6-64BE22234110}) (Version: 1.0.0 - TestKing)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version:  - Snowblind Studios)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tomb Raider (VI): The Angel of Darkness (HKLM-x32\...\Steam App 225020) (Version:  - Core Design)
Tomb Raider I (HKLM-x32\...\Steam App 224960) (Version:  - Core Design)
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version:  - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version:  - Core Design)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version:  - Crystal Dynamics)
Tomb Raider: Chronicles (HKLM-x32\...\Steam App 225000) (Version:  - Core Design)
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version:  - Crystal Dynamics)
Tomb Raider: The Last Revelation (HKLM-x32\...\Steam App 224980) (Version:  - Core Design)
Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unity Web Player (HKU\S-1-5-21-3856729299-96052416-3353975826-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech)
VASSAL (3.2.6) (HKLM-x32\...\VASSAL (3.2.6)) (Version: 3.2.6 - vassalengine.org)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual CertExam Suite (HKLM-x32\...\Visual CertExam Suite_is1) (Version:  - Avanset)
VitalSource Bookshelf (HKLM-x32\...\{ACBF0550-A317-4C22-AC93-0DDB73087412}) (Version: 6.01.0018 - Ingram Content Group)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6w3 - Wacom Technology Corp.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Winamp (HKLM-x32\...\Winamp) (Version: 5.622  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3856729299-96052416-3353975826-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}) (Version: 16.0.9691 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft® MMO Gaming Mouse: Legendary Edition (HKLM-x32\...\{AA909E80-DC40-4AF0-A693-376F9F1C8582}) (Version: 1.01.0015 - SteelSeries)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3856729299-96052416-3353975826-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points  =========================

12-11-2014 07:49:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2012-01-16 19:27 - 00001451 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com

There are 18 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E0037DA-8957-4371-8E73-0C528FFB2145} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1FA1A961-0A39-4524-965E-865270BF1528} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3856729299-96052416-3353975826-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {29DC25FB-51A9-4C0D-85E6-37B0E9A0EDBC} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {2B8E4913-3588-4884-8737-CAF1B196F11B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3856729299-96052416-3353975826-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {3E938915-2905-46EE-9D52-32A1584143F4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3856729299-96052416-3353975826-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {504CF4D1-BCBA-4735-AE2F-F75E3B520D72} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3856729299-96052416-3353975826-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {73E1FD86-1C74-4D35-93C4-AA7381042908} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7530FFDF-497B-4ED3-8CCD-C6E1E2341DC8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3856729299-96052416-3353975826-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {80231422-486A-4F09-92BA-4797EA3E6614} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {8AD585B7-993D-4D43-81BA-158660740CE8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3856729299-96052416-3353975826-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {9085154B-7FCB-49DD-B823-C252BC57E811} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3856729299-96052416-3353975826-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BA014864-8FE5-4BF6-9F2E-E9CA66A3D9E2} - System32\Tasks\AdobeAAMUpdater-1.0-Karen-PC-Karen => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {C3DF91F8-53B4-4D80-AD93-D6177EAE207E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-21 21:04 - 2013-01-15 18:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2013-11-21 21:04 - 2013-04-01 20:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2013-11-21 21:04 - 2013-01-15 18:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2013-11-21 21:04 - 2012-12-18 12:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2013-11-21 21:04 - 2013-01-15 18:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2013-11-21 18:47 - 2013-07-23 07:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2011-09-14 20:19 - 2011-09-14 20:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-01-02 12:28 - 2013-06-06 09:31 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2011-11-21 12:18 - 2011-10-03 20:17 - 01945600 _____ () C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe
2011-11-21 12:18 - 2011-10-03 20:10 - 02552320 _____ () C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe
2011-03-14 21:17 - 2011-03-14 21:17 - 00129888 _____ () C:\Program Files (x86)\Adobe\Adobe Fireworks CS5.1\Configuration\Win\Shared\AdobeAIR\SDK\lib\nai\lib\sea.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-11 18:34 - 2014-11-11 18:23 - 00302080 _____ () C:\Users\Karen\AppData\Local\Downloaded Installations\Pyphsvvd.dll
2014-11-12 09:23 - 2014-11-12 09:23 - 00718152 _____ () C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\36.0.1985.143\libglesv2.dll
2014-11-12 09:23 - 2014-11-12 09:23 - 00126280 _____ () C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\36.0.1985.143\libegl.dll
2014-11-12 09:23 - 2014-11-12 09:23 - 08537928 _____ () C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\36.0.1985.143\pdf.dll
2014-11-12 09:23 - 2014-11-12 09:23 - 00353096 _____ () C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-11-12 09:23 - 2014-11-12 09:23 - 01732936 _____ () C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\36.0.1985.143\ffmpegsumo.dll
2014-11-12 09:23 - 2014-11-12 09:23 - 14669128 _____ () C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:4chsaFw3yuH2vpXtbC4x7xJlwNOX
AlternateDataStreams: C:\ProgramData\Microsoft:O80zhYuBAUb734eE13fAJqU
AlternateDataStreams: C:\Users\Karen\Cookies:hhMM0SjJImCaqKIs66qb

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89832702.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89832702.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SketchBook Snapshot.lnk => C:\Windows\pss\SketchBook Snapshot.lnk.CommonStartup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Karen\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Karen\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: SBAMTray => "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\Karen\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: siftiz => "C:\Windows\System32\rundll32.exe" "C:\Users\Karen\AppData\Roaming\siftiz.dll",ArithmeticError
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3856729299-96052416-3353975826-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3856729299-96052416-3353975826-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3856729299-96052416-3353975826-1002 - Limited - Enabled)
Karen (S-1-5-21-3856729299-96052416-3353975826-1000 - Administrator - Enabled) => C:\Users\Karen

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 09:30:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/12/2014 09:15:11 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/11/2014 11:21:53 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/11/2014 09:53:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 6.0.3.19116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 21b8

Start Time: 01cffe3c8a26df51

Termination Time: 73

Application Path: C:\World of Warcraft\Wow-64.exe

Report Id: 27a53ad8-6a30-11e4-89c3-20cf3057325b

Error: (11/11/2014 07:11:11 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/11/2014 06:57:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 6.0.3.19116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 325c

Start Time: 01cffe22acab1922

Termination Time: 651

Application Path: C:\World of Warcraft\Wow-64.exe

Report Id: 80e37a97-6a17-11e4-b16e-20cf3057325b

Error: (11/11/2014 06:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 6.0.3.19116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 192c

Start Time: 01cffdf3a4a763fe

Termination Time: 959

Application Path: C:\World of Warcraft\Wow-64.exe

Report Id: d535b1a5-6a15-11e4-b16e-20cf3057325b

Error: (11/11/2014 06:24:26 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler IEHistory cannot be loaded. Error description: The paging file is too small for this operation to complete.  (HRESULT : 0x800705af).

Error: (11/11/2014 00:15:34 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/06/2014 09:04:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (11/12/2014 09:20:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (11/12/2014 09:20:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (11/12/2014 09:18:35 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/12/2014 09:18:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/12/2014 09:18:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/12/2014 09:18:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/12/2014 09:18:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/12/2014 09:18:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/12/2014 09:18:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/12/2014 09:18:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/12/2014 09:30:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/12/2014 09:15:11 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/11/2014 11:21:53 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/11/2014 09:53:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.0.3.1911621b801cffe3c8a26df5173C:\World of Warcraft\Wow-64.exe27a53ad8-6a30-11e4-89c3-20cf3057325b

Error: (11/11/2014 07:11:11 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/11/2014 06:57:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.0.3.19116325c01cffe22acab1922651C:\World of Warcraft\Wow-64.exe80e37a97-6a17-11e4-b16e-20cf3057325b

Error: (11/11/2014 06:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.0.3.19116192c01cffdf3a4a763fe959C:\World of Warcraft\Wow-64.exed535b1a5-6a15-11e4-b16e-20cf3057325b

Error: (11/11/2014 06:24:26 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: IEHistoryThe paging file is too small for this operation to complete.  (HRESULT : 0x800705af)

Error: (11/11/2014 00:15:34 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/06/2014 09:04:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2013\python\lib\distutils\command\wininst-8_d.exe

CodeIntegrity Errors:
===================================
  Date: 2012-04-12 19:09:15.293
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-04-12 19:09:15.262
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-08-28 01:17:14.661
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\PlayOnline\SquareEnix\PlayOnlineViewer\polcfg\sysinfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-08-28 01:17:14.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\PlayOnline\SquareEnix\PlayOnlineViewer\polcfg\sysinfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 51%
Total physical RAM: 6135.12 MB
Available physical RAM: 2958.96 MB
Total Pagefile: 10147.77 MB
Available Pagefile: 7024.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:6.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5AD785DB)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files



#4 satchfan

satchfan

  • Malware Response Team
  • 2,660 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:13 AM

Posted 12 November 2014 - 06:08 PM

Before we continue I'd like you to run another scan.

 

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • doubleclick CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 kkpadilla

kkpadilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 12 November 2014 - 06:54 PM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\autodesk\wi\autodesk 3ds max 2013\x64\max\autodesk\3ds max 2013\maps\substance\textures\cracked_plaster.sbsar
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\autodesk\3ds max 2013\maps\substance\textures\cracked_plaster.sbsar
c:\program files\autodesk\maya2013\brushes\fun\cracks.mel
c:\program files\autodesk\maya2013\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2013\presets\nparticles\examples\crackegg.ma
c:\program files\autodesk\maya2013\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2013\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2013\resources\l10n\zh_cn\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2013\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2013\scripts\others\crackshatter.res.mel
c:\program files (x86)\adobe\adobe dreamweaver cs5.5\configuration\taglibraries\html\keygen.vtm
c:\program files (x86)\adobe\adobe flash catalyst cs5.5\plugins\com.adobe.thermo.core_1.5.0.308731\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
c:\program files (x86)\common files\adobe\adobe contribute cs5.1\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl
c:\program files (x86)\common files\adobe\adobe contribute cs5.1\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@jsrs 1.5\addons\jsrs_sonic_cracks.pbo
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@jsrs 1.5\addons\jsrs_sonic_cracks.pbo.jsrs15_v2.bisign
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@jsrs 1.5\addons\jsrs_sonic_cracks_c.pbo
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@jsrs 1.5\addons\jsrs_sonic_cracks_c.pbo.jsrs15_v2.bisign
c:\program files (x86)\steam\steamapps\common\castlecrashers\data\sounds\sound_frost_crackle.xma
c:\users\karen\documents\book\human_japanese_v2\crack\humanjapanese.exe
c:\users\karen\downloads\adobe photoshop cs 8.0\crack\adobelm.dll
c:\users\karen\downloads\adobe photoshop cs 8.0\crack\tw10122.dat
hosts 127.0.0.1 3dns.adobe.com
hosts 127.0.0.1 3dns-1.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-4.adobe.com
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com
hosts 127.0.0.1 activate.wip2.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 activate.wip4.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-1.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 ereg.wip.adobe.com
hosts 127.0.0.1 ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 ereg.wip4.adobe.com
hosts 127.0.0.1 hl2rcv.adobe.com
hosts 127.0.0.1 wip.adobe.com
hosts 127.0.0.1 wip1.adobe.com
hosts 127.0.0.1 wip2.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 www.wip.adobe.com
hosts 127.0.0.1 www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com
hosts 127.0.0.1 www.wip3.adobe.com
hosts 127.0.0.1 www.wip4.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 ood.opsource.net
scanner sequence 3.ZZ.11.LQNAHZ
 ----- EOF -----
 

Attached Files



#6 satchfan

satchfan

  • Malware Response Team
  • 2,660 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:13 AM

Posted 13 November 2014 - 05:36 PM

You have a collection of illegal software on your system, which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it: continuing to help you could be viewed as supporting/condoning illegal software.

Therefore, if you require further help I need you to uninstall all the illegal software that you have downloaded and installed. When you have done this, run CKScanner again and post a new log. If I don’t hear back from you in 24 hours this thread will be closed and no more help will be offered.

Satchfan
 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 kkpadilla

kkpadilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 13 November 2014 - 08:23 PM

I don't believe having FrostWire or uTorrent is considered illegal. If that is your policy, then I will remove them. I was updating my World of Warcraft mods when the virus was downloaded. Mods for the game are legal. I am not the only one who uses this computer, if you could tell me which programs to remove I would be happy to comply.



#8 kkpadilla

kkpadilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 13 November 2014 - 10:57 PM

Someone from the forums helped me find the programs. I removed them but I can't find the host blocking to get rid of that part.

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\autodesk\wi\autodesk 3ds max 2013\x64\max\autodesk\3ds max 2013\maps\substance\textures\cracked_plaster.sbsar
c:\program files\autodesk\3ds max 2013\maps\substance\textures\cracked_plaster.sbsar
c:\program files\autodesk\maya2013\brushes\fun\cracks.mel
c:\program files\autodesk\maya2013\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2013\presets\nparticles\examples\crackegg.ma
c:\program files\autodesk\maya2013\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2013\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2013\resources\l10n\zh_cn\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2013\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2013\scripts\others\crackshatter.res.mel
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@jsrs 1.5\addons\jsrs_sonic_cracks.pbo
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@jsrs 1.5\addons\jsrs_sonic_cracks.pbo.jsrs15_v2.bisign
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@jsrs 1.5\addons\jsrs_sonic_cracks_c.pbo
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@jsrs 1.5\addons\jsrs_sonic_cracks_c.pbo.jsrs15_v2.bisign
c:\program files (x86)\steam\steamapps\common\castlecrashers\data\sounds\sound_frost_crackle.xma
hosts 127.0.0.1 3dns.adobe.com
hosts 127.0.0.1 3dns-1.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-4.adobe.com
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com
hosts 127.0.0.1 activate.wip2.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 activate.wip4.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-1.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 ereg.wip.adobe.com
hosts 127.0.0.1 ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 ereg.wip4.adobe.com
hosts 127.0.0.1 hl2rcv.adobe.com
hosts 127.0.0.1 wip.adobe.com
hosts 127.0.0.1 wip1.adobe.com
hosts 127.0.0.1 wip2.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 www.wip.adobe.com
hosts 127.0.0.1 www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com
hosts 127.0.0.1 www.wip3.adobe.com
hosts 127.0.0.1 www.wip4.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 ood.opsource.net
scanner sequence 3.ZZ.11.OGBBB0
 ----- EOF -----
 

Attached Files



#9 satchfan

satchfan

  • Malware Response Team
  • 2,660 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:13 AM

Posted 14 November 2014 - 03:36 AM

I don't believe having FrostWire or uTorrent is considered illegal
Having them on your computer may not be illegal but using them to gain access to copyrighted material IS.
 

 

hosts 127.0.0.1 3dns.adobe.com
 hosts 127.0.0.1 3dns-1.adobe.com
 hosts 127.0.0.1 3dns-2.adobe.com
 hosts 127.0.0.1 3dns-3.adobe.com
 hosts 127.0.0.1 3dns-4.adobe.com
 hosts 127.0.0.1 activate.adobe.com
 hosts 127.0.0.1 activate-sea.adobe.com
 hosts 127.0.0.1 activate-sjc0.adobe.com
 hosts 127.0.0.1 activate.wip.adobe.com
 hosts 127.0.0.1 activate.wip1.adobe.com
 hosts 127.0.0.1 activate.wip2.adobe.com
 hosts 127.0.0.1 activate.wip3.adobe.com
 hosts 127.0.0.1 activate.wip4.adobe.com
 hosts 127.0.0.1 adobe-dns.adobe.com
 hosts 127.0.0.1 adobe-dns-1.adobe.com
 hosts 127.0.0.1 adobe-dns-2.adobe.com
 hosts 127.0.0.1 adobe-dns-3.adobe.com
 hosts 127.0.0.1 adobe-dns-4.adobe.com
 hosts 127.0.0.1 adobeereg.com
 hosts 127.0.0.1 practivate.adobe.com
 hosts 127.0.0.1 ereg.adobe.com
 hosts 127.0.0.1 ereg.wip.adobe.com
 hosts 127.0.0.1 ereg.wip1.adobe.com
 hosts 127.0.0.1 ereg.wip2.adobe.com
 hosts 127.0.0.1 ereg.wip3.adobe.com
 hosts 127.0.0.1 ereg.wip4.adobe.com
 hosts 127.0.0.1 hl2rcv.adobe.com
 hosts 127.0.0.1 wip.adobe.com
 hosts 127.0.0.1 wip1.adobe.com
 hosts 127.0.0.1 wip2.adobe.com
 hosts 127.0.0.1 wip3.adobe.com
 hosts 127.0.0.1 wip4.adobe.com
 hosts 127.0.0.1 www.adobeereg.com
 hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
 hosts 127.0.0.1 www.wip.adobe.com
 hosts 127.0.0.1 www.wip1.adobe.com
 hosts 127.0.0.1 www.wip2.adobe.com
 hosts 127.0.0.1 www.wip3.adobe.com
 hosts 127.0.0.1 www.wip4.adobe.com
 hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com

 

 

Why are these in your host file?

 

They are there to by-pass Adobe products activation. (AKA: Piracy)


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 kkpadilla

kkpadilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 14 November 2014 - 04:10 AM

I have Frostwire and uTorrent to download World of Warcraft mods.

I don't know how to remove those host files. I cannot find them to remove them. If you can assist me with that I would appreciate it since I would really like your help removing the virus I have. I cannot control what gets downloaded on a shared computer but I am trying to remove all illegal programs so that I can adhere to your rules.

#11 satchfan

satchfan

  • Malware Response Team
  • 2,660 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:13 AM

Posted 14 November 2014 - 05:14 AM

OK, let’s get started. We'll start off one step at a time and see what we are left with.

Run RogueKiller

Please do another scan with RogueKiller.

When it shows the results, under the “Processes” tab, check all the boxes next to these:
 

[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]

Click on the “Registry” tab, make sure only these are checked:

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Run | Pyphsvvd : regsvr32.exe /s "C:\Users\Karen\AppData\Local\Downloaded Installations\Pyphsvvd.dll"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Run | Pyphsvvd : regsvr32.exe /s "C:\Users\Karen\AppData\Local\Downloaded Installations\Pyphsvvd.dll"  -> Found 

then press the Delete button.

  • once again in the RogueKiller console, click the “Hosts File” tab then click on Fix Host File.
  • when you’ve done that, please run RogueKiller again and send a new log.

Thanks

Satchfan

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 kkpadilla

kkpadilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 14 November 2014 - 01:26 PM

Every time I ran RogueKiller it told me my copy was outdated and to download a new one. I did this twice without it fixing that little notification window.

 

Here is the new log:

 

RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Karen [Administrator]
Mode : Scan -- Date : 11/14/2014  10:23:12

¤¤¤ Processes : 11 ¤¤¤
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermThr]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermProc]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermProc]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermProc]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermProc]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermProc]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermProc]
[Suspicious.Path] vygqpcatvx.exe -- C:\Users\Karen\AppData\LocalLow\Delta\noaxsikt\umnkvtgqixkz\vygqpcatvx.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 22 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bleepingcomputer.com/forums/t/555806/multiple-false-google-chrome-exe-32/#entry3535360  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bleepingcomputer.com/forums/t/555806/multiple-false-google-chrome-exe-32/#entry3535360  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x60e09820

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] a35a01c72f8ed5e3f4186fd97eedcb69
[BSP] bbd03bb970a2297f3fe3ab37e0192d27 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_11122014_094630.log - RKreport_SCN_11142014_101233.log - RKreport_DEL_11142014_101445.log

Attached Files



#13 satchfan

satchfan

  • Malware Response Team
  • 2,660 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:13 AM

Posted 14 November 2014 - 03:26 PM

I know you're keen to sort this out but the instructions weren't followed properly.

 

If you don't understand something please ask but otherwise, follow the instructions into this post and send a new log.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 kkpadilla

kkpadilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 15 November 2014 - 03:32 PM

I did followed your instructions the first time.

 

Here is the new log. I ran RogueKiller as an Administrator, with no programs running. I let the pre-scan finish and then I started a regular scan.

 

 

 

RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Karen [Administrator]
Mode : Scan -- Date : 11/15/2014  12:18:11

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 22 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bleepingcomputer.com/forums/t/555806/multiple-false-google-chrome-exe-32/#entry3535360  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bleepingcomputer.com/forums/t/555806/multiple-false-google-chrome-exe-32/#entry3535360  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3856729299-96052416-3353975826-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] a35a01c72f8ed5e3f4186fd97eedcb69
[BSP] bbd03bb970a2297f3fe3ab37e0192d27 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_11142014_101445.log - RKreport_SCN_11122014_094630.log - RKreport_SCN_11142014_101233.log - RKreport_SCN_11142014_102312.log

Attached Files


Edited by kkpadilla, 15 November 2014 - 03:34 PM.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,660 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:13 AM

Posted 15 November 2014 - 05:42 PM

I'm sorry if I'm not making myself clear.

 

In the post here, I asked you to follow the instructions to select some bad entries and then press the Delete button.

Since then, each report you have sent me is a "scan", not the "fix" I asked you to do.

If you don't understand what I mean, let me know and I'll try to be a bit clearer.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users