Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help diagnose


  • This topic is locked This topic is locked
35 replies to this topic

#1 Hukkupz

Hukkupz

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:47 AM

Posted 23 November 2014 - 01:45 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:31:58 HuKKuPz, on 23/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Android\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6923 bytes



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 AM

Posted 28 November 2014 - 01:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/557319 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:47 AM

Posted 01 December 2014 - 09:30 AM

Greetings Hukkupz and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. What symptoms are you experiencing?

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Hukkupz

Hukkupz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:47 AM

Posted 01 December 2014 - 10:40 AM

Hi you can call me Matt. I have attempted to save the farbar recovery scan tool to my desktop but my norton antivirus says its a bad file and delets it. i have attached the system summary zip



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:47 AM

Posted 01 December 2014 - 10:41 AM

Hi Matt,

 

If we uninstall Norton are you able to reinstall it later?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Hukkupz

Hukkupz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:47 AM

Posted 01 December 2014 - 11:54 AM

ya thats not a problem



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:47 AM

Posted 01 December 2014 - 12:11 PM

Norton itself has a tendency to hinder things at times so I would like you to uninstall it as instructed below then try to run FRST again.

I would still like to describe the symptoms you are experiencing.

===================================================

Norton Removal Tool for 2006 Product or Later

--------------------
  • Please download the Norton Removal Tool and save it to your desktop
  • Double click the icon
  • Select Run
  • Select Next
  • Select I accept the License Agreement, and then press Next
  • Type the security text on the screen into the box
  • Select Next and allow the process to run - Note: Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts
  • Click Finish on the Removal Completed screen
  • When finished, reboot your computer if not done automatically
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Symptoms
  • FRST logs

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Hukkupz

Hukkupz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:47 AM

Posted 02 December 2014 - 10:13 PM

Ok I have uninstalled Norton and as far as symptoms go there are several indications that malware is present. The C:\Users file has an Administrator file, one named Default, one named Public and my user profile Android, which is locked. there are also several files that are transparent like C:\MSOCash and C:\ProgramData and when i try to open them im told I dont have permission to access them. I am unable to use my dvd rw driver. When ever I attempt to install somethin like the software for my printerit wont read the dvd and I am unable to burn dvds either. Thats all I can think of at the moment. If I think of anything else i will inform you. I would also like to let you know that I dont have a fixed work schedule, (on call), and I work several thousand feet under ground so I am completely unable to even check in with you until I am home. I will do my best to frequently check up and report to you. I would also like to say thank you for assisting me and your help is appreceated tremendously.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
Ran by Android (administrator) on ANDROID-PC on 02-12-2014 21:31:18
Running from C:\Users\Android\Desktop
Loaded Profile: Android (Available profiles: Android & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [961024 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [7760888 2014-11-28] (Zemana Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-2342357553-2498207469-4119585200-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2342357553-2498207469-4119585200-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-2342357553-2498207469-4119585200-1000\...\MountPoints2: {e051c2ed-2b2b-11e4-9ddb-bfc7ac89d5e7} - G:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [96104 2014-11-28] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [87840 2014-11-28] (Zemana Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2342357553-2498207469-4119585200-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2342357553-2498207469-4119585200-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
HKU\S-1-5-21-2342357553-2498207469-4119585200-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC39E69E0FCB6CF01
HKU\S-1-5-21-2342357553-2498207469-4119585200-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 216.104.96.22 216.104.98.222

FireFox:
========
FF ProfilePath: C:\Users\Android\AppData\Roaming\Mozilla\Firefox\Profiles\uzeo311q.default
FF Homepage: https://google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Android\AppData\Roaming\Mozilla\Firefox\Profiles\uzeo311q.default\Extensions\iobitascsurfingprotection@iobit.com [2014-12-01]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
R2 HPSLPSVC; C:\Users\Android\AppData\Local\Temp\7zS32DE\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-10-14] (Realtek Semiconductor)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [20816 2014-10-20] (ELAN Microelectronic Corp.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [71400 2014-11-28] (Zemana Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [442368 2010-04-01] (Realtek Semiconductor Corporation                           )
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3073752 2014-10-14] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 gwiopm; \??\C:\Users\Android\AppData\Local\Temp\HBCD\gwiopm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 21:31 - 2014-12-02 21:31 - 00009261 _____ () C:\Users\Android\Desktop\FRST.txt
2014-12-02 21:31 - 2014-12-02 21:31 - 00000000 ____D () C:\FRST
2014-12-02 21:29 - 2014-12-02 21:29 - 02117120 _____ (Farbar) C:\Users\Android\Desktop\FRST64.exe
2014-12-02 21:27 - 2014-12-02 21:27 - 00688992 _____ (Swearware) C:\Users\Android\Desktop\dds.com
2014-12-02 19:10 - 2014-12-02 19:10 - 00000000 __SHD () C:\Users\Android\AppData\Local\EmieBrowserModeList
2014-12-02 11:53 - 2014-12-02 11:53 - 00896048 _____ () C:\Users\Android\Desktop\Norton_Removal_Tool.exe
2014-12-02 11:28 - 2014-12-02 11:47 - 00002080 _____ () C:\Users\Android\Desktop\JRT.txt
2014-12-02 11:22 - 2014-12-02 11:22 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 11:19 - 2014-12-02 11:19 - 00002830 _____ () C:\Users\Android\Desktop\AdwCleaner[S0].txt
2014-12-02 11:11 - 2014-12-02 11:11 - 01707646 _____ (Thisisu) C:\Users\Android\Desktop\JRT.exe
2014-12-02 11:07 - 2014-12-02 11:07 - 02154496 _____ () C:\Users\Android\Desktop\AdwCleaner.exe
2014-12-01 21:22 - 2014-12-01 21:22 - 00000000 ____D () C:\Program Files\ATI
2014-12-01 16:37 - 2014-12-01 16:37 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-12-01 15:58 - 2014-12-01 15:58 - 00009863 _____ () C:\Users\Android\Desktop\speach readme.txt
2014-12-01 12:01 - 2014-12-01 12:01 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-01 12:00 - 2014-12-01 12:00 - 00000000 ____D () C:\Users\Android\AppData\IObit
2014-12-01 10:34 - 2014-12-01 10:34 - 00116552 _____ () C:\Users\Android\Documents\summary.zip
2014-11-30 10:11 - 2014-12-02 09:22 - 00000000 ____D () C:\Users\Android\AppData\Roaming\dictionarybydictionarycom-1fc5193fe4e7f2b51fb80638d2634086
2014-11-30 10:11 - 2014-11-30 10:11 - 00000000 ____D () C:\Users\Android\AppData\Local\dictionarybydictionarycom-1fc5193fe4e7f2b51fb80638d2634086
2014-11-29 03:46 - 2014-11-29 06:32 - 00288256 _____ () C:\Users\Android\Documents\key question 74.pub
2014-11-23 03:22 - 2014-11-28 03:22 - 00000514 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task fd8894e3-a004-4f01-ba76-6174cfeb3314.job
2014-11-23 03:22 - 2014-11-23 03:22 - 00003598 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task fd8894e3-a004-4f01-ba76-6174cfeb3314
2014-11-23 02:36 - 2014-11-23 02:50 - 00000000 _____ () C:\Windows\SysWOW64\õq¸wHç
2014-11-23 02:36 - 2014-11-23 02:50 - 00000000 _____ () C:\Windows\SysWOW64\õq¸wÀè
2014-11-23 02:31 - 2014-12-02 18:31 - 00000514 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a9f0abb0-eaa3-4f2e-875d-2729883bf196.job
2014-11-23 02:31 - 2014-11-28 03:15 - 00000514 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e803a817-c6a2-41ba-8d65-cf6c9f22df09.job
2014-11-23 02:31 - 2014-11-23 02:31 - 00003596 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e803a817-c6a2-41ba-8d65-cf6c9f22df09
2014-11-23 02:31 - 2014-11-23 02:31 - 00003522 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task a9f0abb0-eaa3-4f2e-875d-2729883bf196
2014-11-23 02:31 - 2014-11-23 02:31 - 00000000 ____D () C:\Users\Android\AppData\Roaming\SUPERAntiSpyware.com
2014-11-23 02:30 - 2014-12-02 19:10 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-23 02:30 - 2014-12-02 09:22 - 00000000 ____D () C:\Users\Android\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-23 02:30 - 2014-12-02 09:21 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-23 02:30 - 2014-11-23 02:30 - 00001808 _____ () C:\Users\Android\Desktop\SUPERAntiSpyware Professional.lnk
2014-11-23 02:08 - 2014-11-23 02:10 - 20414048 _____ (SUPERAntiSpyware) C:\Users\Android\Desktop\SUPERAntiSpyware.exe
2014-11-23 01:55 - 2014-11-23 03:11 - 00000000 _____ () C:\Windows\SysWOW64\õq¸w8ê
2014-11-23 01:50 - 2014-11-23 03:12 - 00000000 _____ () C:\Windows\SysWOW64\õq¸w`ë
2014-11-23 01:31 - 2014-11-23 01:31 - 00006924 _____ () C:\Users\Android\Desktop\hijackthis.log
2014-11-18 21:46 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 21:46 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 21:46 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 21:46 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-12 18:51 - 2014-11-12 18:51 - 00014050 _____ () C:\Windows\DPINST.LOG
2014-11-11 23:20 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 23:20 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 23:20 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 23:20 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 23:20 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 23:20 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 23:20 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 23:20 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 23:20 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 23:20 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 23:20 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 23:20 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 23:20 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 23:20 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 23:20 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 23:20 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 23:20 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 23:20 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 23:20 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 23:20 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 23:20 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 23:20 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 23:20 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 23:20 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 23:20 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 23:20 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 23:20 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 23:20 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 23:20 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 23:20 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 23:20 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 23:20 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 23:20 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 23:20 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 23:20 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 23:20 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 23:20 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 23:20 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 23:20 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 23:20 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 23:20 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 23:20 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 23:20 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 23:20 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 23:20 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 23:20 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 23:20 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 23:20 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 23:20 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 23:20 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 23:20 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 23:20 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 23:20 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 23:20 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 23:20 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 23:20 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 23:20 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 23:20 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 23:20 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 23:20 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 23:20 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 23:19 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 23:19 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 23:19 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 23:19 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 23:19 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 23:19 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 23:19 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 23:18 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 23:18 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 23:18 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 23:18 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 23:18 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 23:18 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 23:18 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 23:18 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 23:18 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 23:18 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 23:18 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 23:18 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 23:18 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 23:18 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 23:18 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 23:18 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 23:18 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 23:18 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 23:18 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 23:18 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 23:18 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 23:18 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 23:18 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 23:18 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 23:18 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 23:18 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 23:18 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 23:18 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 23:18 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 23:18 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 23:18 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 23:18 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 23:18 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 03:01 - 2014-12-02 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-11 03:01 - 2014-12-02 09:22 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-11-11 03:01 - 2014-12-02 09:22 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-11-11 03:01 - 2014-11-11 03:01 - 00003626 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3510 series
2014-11-11 03:01 - 2014-11-11 03:01 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-11-11 03:01 - 2012-10-17 04:31 - 00741480 _____ (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMAD11.dll
2014-11-11 03:00 - 2014-11-11 03:00 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-11-11 02:49 - 2014-11-11 02:49 - 05152768 _____ () C:\Users\Android\Desktop\HPSupportSolutionsFramework-11.51.0027.msi
2014-11-11 02:39 - 2014-11-11 04:51 - 01274368 _____ () C:\Users\Android\Documents\Key Question 72 Eng4c.pub
2014-11-11 02:27 - 2014-11-11 02:27 - 00000000 __RHD () C:\MSOCache
2014-11-11 01:33 - 2014-11-11 23:59 - 00000000 ____D () C:\Users\Android\Desktop\1808 SOUTH BAY RD MLS®-1023088 for Sale _ RE_MAX_files
2014-11-10 06:35 - 2014-11-10 06:35 - 00000000 ____D () C:\Users\Android\AppData\Local\Garmin
2014-11-10 06:34 - 2014-11-10 06:35 - 00000000 ____D () C:\ProgramData\Garmin
2014-11-10 06:34 - 2014-11-10 06:34 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-11-10 06:34 - 2014-11-10 06:34 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-11-10 06:34 - 2014-11-10 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-11-10 06:33 - 2014-12-02 09:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-10 06:10 - 2014-12-02 09:22 - 00000000 ____D () C:\Program Files\DIFX
2014-11-10 06:10 - 2014-11-10 06:34 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-10 06:05 - 2014-12-02 09:22 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-11-10 06:05 - 2014-12-02 09:22 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-11-10 06:05 - 2014-11-10 06:06 - 00000000 ____D () C:\Users\Android\AppData\Roaming\Garmin
2014-11-02 20:50 - 2014-11-02 20:50 - 00000000 _____ () C:\Users\Android\defogger_reenable
2014-11-02 20:34 - 2014-12-02 11:16 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2014-11-02 20:34 - 2014-12-02 09:58 - 00001144 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk
2014-11-02 20:34 - 2014-12-02 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2014-11-02 20:34 - 2014-12-02 09:58 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2014-11-02 20:34 - 2014-11-28 12:15 - 00071400 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2014-11-02 20:34 - 2014-11-02 20:34 - 00000000 ____D () C:\Users\Android\AppData\Local\AntiLogger Free
2014-11-02 19:50 - 2014-11-02 19:50 - 00000000 ____D () C:\Users\Android\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-11-02 08:02 - 2014-11-02 08:02 - 00002945 _____ () C:\Users\Android\Desktop\HiJackThis.lnk
2014-11-02 08:02 - 2014-11-02 08:02 - 00000000 ____D () C:\Users\Android\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-11-02 08:02 - 2014-11-02 08:02 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-11-02 01:34 - 2014-12-02 11:16 - 00000000 ____D () C:\AdwCleaner
2014-11-02 01:31 - 2014-11-02 09:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-11-02 01:31 - 2014-11-02 01:34 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 21:23 - 2014-08-18 01:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 19:34 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-02 19:34 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-02 16:28 - 2014-08-12 10:22 - 01441436 _____ () C:\Windows\WindowsUpdate.log
2014-12-02 16:22 - 2014-10-19 00:00 - 00006869 _____ () C:\Windows\setupact.log
2014-12-02 16:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-02 16:21 - 2014-10-20 21:56 - 00209486 _____ () C:\Windows\PFRO.log
2014-12-02 16:21 - 2014-10-14 19:32 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-12-02 16:19 - 2014-10-06 01:22 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-02 16:19 - 2014-09-09 22:01 - 00000000 ____D () C:\ProgramData\Norton
2014-12-02 11:06 - 2014-08-22 14:18 - 00000000 ____D () C:\Users\Android\AppData\Roaming\uTorrent
2014-12-02 09:27 - 2014-08-12 11:07 - 00000000 ____D () C:\Users\Android
2014-12-02 09:22 - 2014-10-30 09:52 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-12-02 09:22 - 2014-10-29 21:11 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-12-02 09:22 - 2014-10-29 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2014-12-02 09:22 - 2014-10-29 21:11 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-12-02 09:22 - 2014-10-28 10:24 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-02 09:22 - 2014-10-06 01:20 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-12-02 09:22 - 2014-09-20 01:31 - 00000000 ____D () C:\Users\Android\AppData\Roaming\vlc
2014-12-02 09:22 - 2014-09-20 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-02 09:22 - 2014-09-12 08:17 - 00000000 ____D () C:\Users\Android\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-12-02 09:22 - 2014-09-09 21:39 - 00000000 ____D () C:\Users\Android\AppData\Roaming\ProductData
2014-12-02 09:22 - 2014-09-09 21:38 - 00000000 ____D () C:\ProgramData\IObit
2014-12-02 09:22 - 2014-08-20 01:58 - 00000000 ____D () C:\ProgramData\HP
2014-12-02 09:22 - 2014-08-20 01:58 - 00000000 ____D () C:\Program Files (x86)\HP
2014-12-02 09:22 - 2014-08-13 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-12-02 09:22 - 2014-08-13 16:02 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-12-02 09:22 - 2014-08-12 20:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 09:22 - 2014-08-12 20:29 - 00000000 ____D () C:\Users\Administrator
2014-12-02 09:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-02 09:21 - 2014-10-28 10:34 - 00000000 ____D () C:\Program Files\HP
2014-12-02 09:21 - 2014-09-09 21:38 - 00000000 ____D () C:\Users\Android\AppData\Roaming\IObit
2014-12-02 09:19 - 2014-09-09 21:38 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-01 09:52 - 2014-10-09 18:07 - 00000000 ____D () C:\Users\Android\AppData\Local\CrashDumps
2014-11-29 06:32 - 2014-08-20 01:58 - 00000000 ____D () C:\Users\Android\AppData\Roaming\HpUpdate
2014-11-28 03:16 - 2014-08-18 01:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 03:16 - 2014-08-18 01:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 03:16 - 2014-08-18 01:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 09:29 - 2014-09-09 21:38 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-23 13:39 - 2009-07-14 00:13 - 00829500 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-22 15:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-12 18:51 - 2014-09-17 14:10 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-11-12 01:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-11 23:58 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-11 23:56 - 2009-07-13 23:45 - 02094864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 23:52 - 2014-08-15 13:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-11 23:25 - 2014-08-15 13:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 23:22 - 2014-08-15 13:53 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 02:18 - 2014-08-12 11:46 - 00739512 _____ () C:\Users\Android\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-10 22:28 - 2014-08-12 23:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 06:53 - 2014-09-12 07:50 - 00000000 ____D () C:\Users\Android\AppData\Local\NPE
2014-11-02 06:45 - 2014-09-12 07:52 - 00000000 ____D () C:\NPE

Some content of TEMP:
====================
C:\Users\Android\AppData\Local\Temp\ANT51B8.exe
C:\Users\Android\AppData\Local\Temp\Quarantine.exe
C:\Users\Android\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 00:39

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
Ran by Android at 2014-12-02 21:32:12
Running from C:\Users\Android\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntiLogger Free version 1.8.2.24 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.24 - Zemana Ltd.)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.3 - IObit)
Elevated Installer (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{045320b6-c340-4960-aefd-57bf08a9b425}) (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.0.0.18 - Symantec Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
VirtualDJ PRO Full (HKLM-x32\...\{4769E972-2E92-49C5-B6F9-465EFD0C4D94}) (Version: 7.0.5 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-11-2014 09:01:33 Windows Update
28-11-2014 12:59:13 Windows Update
29-11-2014 11:37:23 Removed HP Deskjet 3510 series Basic Device Software
29-11-2014 11:39:40 Removed Garmin Communicator Plugin x64
29-11-2014 11:43:57 Removed TOSHIBA Service Station
29-11-2014 11:46:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
29-11-2014 12:01:45 Removed Garmin Communicator Plugin
29-11-2014 12:03:19 Removed HP Deskjet 3510 series Help
29-11-2014 12:04:16 Removed HPDiagnosticCoreDll
29-11-2014 12:04:58 Removed HP Deskjet 3510 series Product Improvement Study
29-11-2014 12:05:40 Removed HP Support Solutions Framework
29-11-2014 12:07:30 Removed HP Update.
29-11-2014 12:08:47 Removed HP FWUpdateEDO2
29-11-2014 12:09:24 Removed Garmin USB Drivers
01-12-2014 20:56:34 Installed Speech System NLS
01-12-2014 20:56:56 Installed Speech System NLS
01-12-2014 20:57:15 Installed Speech System NLS
02-12-2014 07:35:52 Windows Update
02-12-2014 14:15:17 Restore Operation
02-12-2014 14:29:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-14 13:38 - 00450713 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C2C6024-8A19-4B85-9C86-108738C2D5D2} - System32\Tasks\SUPERAntiSpyware Scheduled Task a9f0abb0-eaa3-4f2e-875d-2729883bf196 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {38A43BCD-211E-466B-9EC6-3489B079602B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-28] (Adobe Systems Incorporated)
Task: {519A3D78-6D39-43F7-AA9C-59A574976894} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {6CE66728-3429-4181-AA44-7A31F40225D3} - System32\Tasks\SUPERAntiSpyware Scheduled Task fd8894e3-a004-4f01-ba76-6174cfeb3314 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {7618AF27-F1E5-47E4-8A90-F4BD08DEC21C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {80A1C155-4482-4097-BDA3-33945B3B301C} - System32\Tasks\Driver Booster SkipUAC (Android) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-06-19] (IObit)
Task: {82C73423-39EC-407C-8625-1FFC4F920E67} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
Task: {9103E6C0-92A3-429B-B5F2-2750AED5969D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe
Task: {95AB6459-BDCE-4FC3-8A8D-26DF8C154C56} - System32\Tasks\SUPERAntiSpyware Scheduled Task e803a817-c6a2-41ba-8d65-cf6c9f22df09 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {96B98CCA-B181-476A-994B-EE5450E2EE42} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-10-21] ()
Task: {A4B3615B-C38D-4604-B7E6-572BD7D845A4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
Task: {B28738BE-9F1B-48B7-A36D-0DC9401147EA} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a9f0abb0-eaa3-4f2e-875d-2729883bf196.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e803a817-c6a2-41ba-8d65-cf6c9f22df09.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task fd8894e3-a004-4f01-ba76-6174cfeb3314.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-12 23:26 - 2014-11-10 22:28 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Android\Documents\HTCDriver3.0.0.007.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2342357553-2498207469-4119585200-500 - Administrator - Disabled) => C:\Users\Administrator
Android (S-1-5-21-2342357553-2498207469-4119585200-1000 - Administrator - Enabled) => C:\Users\Android
Guest (S-1-5-21-2342357553-2498207469-4119585200-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2014 04:24:36 PM) (Source: SsfService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (12/02/2014 04:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/02/2014 04:24:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The RIP Listener service hung on starting.

Error: (12/02/2014 04:23:00 PM) (Source: IPRIP) (EventID: 29048) (User: )
Description: RIP listener service failed during initialization

Error: (12/02/2014 04:22:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (12/02/2014 04:22:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (12/02/2014 04:21:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (12/02/2014 04:21:20 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/02/2014 04:21:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (12/02/2014 04:18:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton 360 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/02/2014 04:24:36 PM) (Source: SsfService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (12/02/2014 04:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-12 13:28:45.731
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Android\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-12 13:28:45.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Android\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-12 13:28:38.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Android\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-12 13:28:38.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Android\AppData\Local\Temp\HBCD\GWIOPM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 5606.37 MB
Available physical RAM: 4148.73 MB
Total Pagefile: 11210.91 MB
Available Pagefile: 9375.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:160.64 GB) NTFS
Drive e: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 474B0292)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:47 AM

Posted 02 December 2014 - 10:52 PM

Thank you for the detailed information. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S3 gwiopm; \??\C:\Users\Android\AppData\Local\Temp\HBCD\gwiopm.sys [X]
2014-11-23 02:36 - 2014-11-23 02:50 - 00000000 _____ () C:\Windows\SysWOW64\õq¸wHç
2014-11-23 02:36 - 2014-11-23 02:50 - 00000000 _____ () C:\Windows\SysWOW64\õq¸wÀè
2014-11-23 01:55 - 2014-11-23 03:11 - 00000000 _____ () C:\Windows\SysWOW64\õq¸w8ê
2014-11-23 01:50 - 2014-11-23 03:12 - 00000000 _____ () C:\Windows\SysWOW64\õq¸w`ë
C:\Users\Android\AppData\Local\Temp\ANT51B8.exe
C:\Users\Android\AppData\Local\Temp\Quarantine.exe
C:\Users\Android\AppData\Local\Temp\sqlite3.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Microsoft CD/DVD Drive Fix it

----------
  • Download MicrosoftFixit.dvd.Run.exe and save it to your desktop
  • Double click the icon and select OK then Run
  • Click Accept then allow the program to run
  • Select Detect problems and apply the fixes for me (Recommended)
  • Continue to follow the prompts
  • Once completed reboot your computer if not done automatically
  • Check to see if your CD/DVD drive works properly
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your CD/DVD player work properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:47 AM

Posted 05 December 2014 - 10:26 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Edited by Oh My!, 06 December 2014 - 03:24 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Hukkupz

Hukkupz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:47 AM

Posted 06 December 2014 - 11:58 AM

yes I still need help sorry for the delayed response

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Android at 2014-12-03 15:27:37 Run:1
Running from C:\Users\Android\Desktop
Loaded Profile: Android (Available profiles: Android & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 gwiopm; \??\C:\Users\Android\AppData\Local\Temp\HBCD\gwiopm.sys [X]
2014-11-23 02:36 - 2014-11-23 02:50 - 00000000 _____ () C:\Windows\SysWOW64\õq¸wHç
2014-11-23 02:36 - 2014-11-23 02:50 - 00000000 _____ () C:\Windows\SysWOW64\õq¸wÀè
2014-11-23 01:55 - 2014-11-23 03:11 - 00000000 _____ () C:\Windows\SysWOW64\õq¸w8ê
2014-11-23 01:50 - 2014-11-23 03:12 - 00000000 _____ () C:\Windows\SysWOW64\õq¸w`ë
C:\Users\Android\AppData\Local\Temp\ANT51B8.exe
C:\Users\Android\AppData\Local\Temp\Quarantine.exe
C:\Users\Android\AppData\Local\Temp\sqlite3.dll
*****************

gwiopm => Service deleted successfully.
C:\Windows\SysWOW64\õq¸wHç => Moved successfully.
C:\Windows\SysWOW64\õq¸wÀè => Moved successfully.
C:\Windows\SysWOW64\õq¸w8ê => Moved successfully.
C:\Windows\SysWOW64\õq¸w`ë => Moved successfully.
"C:\Users\Android\AppData\Local\Temp\ANT51B8.exe" => File/Directory not found.
"C:\Users\Android\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Android\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.

==== End of Fixlog ====

 

and my cd dvd drive is still not working



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:47 AM

Posted 06 December 2014 - 03:37 PM

Thanks for the information. Just to let you know I modified these instructions.

Please do this.

===================================================

Uninstalling/Reinstalling a DVD/CD-Rom Device Driver

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the DVD/CD-Rom drives section by clicking + sign
  • Right click on the DVD/CD-Rom device, select Uninstall, then OK
  • Reboot your computer
  • Check the performance of your DVD/CD-Rom device
  • If your device still does not work properly complete the next step
===================================================

Manually Exporting CD Registry Key

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type regedit and press Enter
  • Navigate to the following registry entries

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}

  • Right click on the key and select Export
  • The files should be on your desktop
  • Right click on the and select Edit
  • A Notepad document will open
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your CD/DVD work properly?
  • Registry key export (if necessary)
  • What issues are you currently experiencing?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Hukkupz

Hukkupz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:47 AM

Posted 07 December 2014 - 01:08 AM

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CoDeviceInstallers]
"{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}"=hex(7):77,00,70,00,64,00,5f,00,63,00,\
  69,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,44,00,65,00,76,00,69,00,63,\
  00,65,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,00,00,00,00
"{72631E54-78A4-11D0-BCF7-00AA00B7B32A}"=hex(7):62,00,61,00,74,00,74,00,2e,00,\
  64,00,6c,00,6c,00,2c,00,42,00,61,00,74,00,74,00,65,00,72,00,79,00,43,00,6c,\
  00,61,00,73,00,73,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\
  65,00,72,00,00,00,00,00
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
  00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
  72,00,00,00,53,00,79,00,73,00,43,00,6c,00,61,00,73,00,73,00,2e,00,44,00,6c,\
  00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
  76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
  00,65,00,72,00,00,00,00,00
"{4D36E967-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
  00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
  72,00,00,00,53,00,79,00,73,00,43,00,6c,00,61,00,73,00,73,00,2e,00,44,00,6c,\
  00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
  76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
  00,65,00,72,00,00,00,00,00
"{4D36E980-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
  00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
  72,00,00,00,00,00
"{4D36E96A-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,\
  00,63,00,61,00,6c,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6f,00,49,00,\
  6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,00,00
"{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}"=hex(7):6e,00,63,00,69,00,2e,00,64,00,\
  6c,00,6c,00,2c,00,4e,00,63,00,69,00,44,00,65,00,76,00,69,00,63,00,65,00,49,\
  00,6e,00,73,00,74,00,61,00,6c,00,6c,00,00,00,00,00
"{4D36E96B-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,\
  00,63,00,61,00,6c,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6f,00,49,00,\
  6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,00,00
"{4D36E96C-E325-11CE-BFC1-08002BE10318}"=hex(7):6d,00,6d,00,63,00,69,00,63,00,\
  6f,00,2e,00,64,00,6c,00,6c,00,2c,00,4d,00,65,00,64,00,69,00,61,00,43,00,6c,\
  00,61,00,73,00,73,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\
  65,00,72,00,00,00,00,00
"{4D36E96F-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,\
  00,63,00,61,00,6c,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6f,00,49,00,\
  6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,00,00
"{4D36E972-E325-11CE-BFC1-08002BE10318}"=hex(7):6e,00,63,00,69,00,2e,00,64,00,\
  6c,00,6c,00,2c,00,4e,00,63,00,69,00,44,00,65,00,76,00,69,00,63,00,65,00,49,\
  00,6e,00,73,00,74,00,61,00,6c,00,6c,00,00,00,77,00,6c,00,61,00,6e,00,69,00,\
  6e,00,73,00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,57,00,6c,00,61,00,6e,00,44,\
  00,65,00,76,00,69,00,63,00,65,00,43,00,6c,00,61,00,73,00,73,00,43,00,6f,00,\
  49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,77,00,77,00,61,\
  00,6e,00,69,00,6e,00,73,00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,57,00,77,00,\
  61,00,6e,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6c,00,61,00,73,00,73,\
  00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,\
  00,00
"{4D36E97B-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,\
  00,63,00,61,00,6c,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6f,00,49,00,\
  6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,00,00
"{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,\
  00,63,00,61,00,6c,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6f,00,49,00,\
  6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,00,00
"{4D36E97D-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,\
  00,63,00,61,00,6c,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6f,00,49,00,\
  6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,00,00
"{6D807884-7D21-11CF-801C-08002BE10318}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
  00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
  72,00,00,00,57,00,6d,00,69,00,50,00,72,00,6f,00,70,00,2e,00,64,00,6c,00,6c,\
  00,2c,00,57,00,6d,00,69,00,50,00,72,00,6f,00,70,00,43,00,6f,00,49,00,6e,00,\
  73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,00,00
"{71A27CDD-812A-11D0-BEC7-08002BE2092F}"=hex(7):53,00,79,00,73,00,43,00,6c,00,\
  61,00,73,00,73,00,2e,00,44,00,6c,00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,\
  00,63,00,61,00,6c,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6f,00,49,00,\
  6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,00,00
"{5175d334-c371-4806-b3ba-71fd53c9258d}"=hex(7):77,00,70,00,64,00,5f,00,63,00,\
  69,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,44,00,65,00,76,00,69,00,63,\
  00,65,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,00,00,00,00
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:47 AM

Posted 07 December 2014 - 03:12 PM

Greetings,

We didn't quite get what we were looking for. Please do this.

===================================================

Exporting a Registry Key From the Run Box

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the Run box and press Enter

regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}"

  • A look.txt document will be placed on your desktop
  • Copy and past the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Registry information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Hukkupz

Hukkupz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:47 AM

Posted 07 December 2014 - 06:40 PM

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"Class"="CDROM"
"ClassDesc"="@%SystemRoot%\\System32\\StorProp.dll,-17001"
@="DVD/CD-ROM drives"
"IconPath"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\
  00,6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\
  2d,00,33,00,30,00,00,00,00,00
"Installer32"="storprop.dll,DvdClassInstaller"
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"SilentInstall"="1"
"NoInstallClass"="1"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0002]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0003]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0004]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0006]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0008]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0009]
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7601.17514"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users