Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not uninstall PCKeeper and v9


  • This topic is locked This topic is locked
18 replies to this topic

#1 DarthSparty

DarthSparty

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 December 2014 - 02:58 AM

So I downloaded a Nintendo DS emulator from a website I trusted (well not anymore). Avast started freaking out, so I stopped everything.  Some how both PCKeeper and v9 was installed.  Also my touchpad was reset or something.  The later is really the more annoying of the issues.  I had customized my gestures over the last 3 years, and now I have nothing.  I also can not reinstall ASUS Smart  Gestures, so hopefully removing this will fix that issue.   Any help would be great.  If you can fix my touchpad that would be even better.  Thanks guys. 

 

Here is DDS.txt

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17148  BrowserJavaVersion: 10.65.2
Run by J at 1:45:25 on 2014-12-08
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8078.5067 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Users\J\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\B9ECED6F.AsusConverter_1.0.0.27_neutral__qmba6cd70vzyy\ConversionPad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.v9.com/?type=hp&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615
uDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615
mStart Page = hxxp://www.v9.com/?type=hp&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615
mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615&q={searchTerms}
mDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615
mDefault_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: FindRight: {cf710881-c002-4ea4-860a-b6931b040948} - C:\Program Files (x86)\FindRight\FindRightbho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
uRun: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
uRun: [Google Update] "C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_EC7D443C1E63C91CE213351B75D9A2A3] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [bncsaui.exe] C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\Users\J\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\J\AppData\Local\Autobahn\nexdef.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3DACCA08-8620-4638-AC08-7BD756BA2F5B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3DACCA08-8620-4638-AC08-7BD756BA2F5B}\245727279647F6024627966756 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3DACCA08-8620-4638-AC08-7BD756BA2F5B}\2656C6B696E6E2435343E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{3DACCA08-8620-4638-AC08-7BD756BA2F5B}\350796865627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3DACCA08-8620-4638-AC08-7BD756BA2F5B}\94E647562777562637F523 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3DACCA08-8620-4638-AC08-7BD756BA2F5B}\95541484F5C454D4F4E435 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{90245CE0-D5D2-4232-B946-884D0EDCA546} : DHCPNameServer = 192.168.106.254
TCP: Interfaces\{FB93F95A-A9AD-47A1-90D3-F25559811B6A} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.v9.com/?type=hp&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615
x64-mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615
x64-mDefault_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615&q={searchTerms}
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-8-30 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-8-30 224896]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2013-8-30 1041168]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2013-8-30 427360]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-8-6 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-8-30 79184]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswStm.sys [2014-2-27 92008]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-6 50344]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2014-10-4 2251992]
R2 BNPagent;Bradford Persistent Agent Service;C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2012-9-24 3082384]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-21 2443960]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-11 2451456]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-11 166720]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584]
R2 PCKeeper2Service;PCKeeper Service;C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe [2014-10-23 182272]
R2 PCKeeperOcfService;PCKeeper Ocf Service;C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe [2014-10-23 1129984]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-11 365376]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-8-22 21152]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-22 342528]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-10-11 295056]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-10-11 683664]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\Drivers\bcbtums.sys [2014-10-4 170712]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 btwampfl;btwampfl;C:\Windows\System32\Drivers\btwampfl.sys [2014-10-4 166616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\Drivers\btwl2cap.sys [2014-10-4 40248]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-8-20 103576]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2013-9-30 363920]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\Drivers\evolve.sys [2014-2-8 21656]
S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2014-2-8 1579936]
S3 fileHiders;fileHiders;C:\Windows\System32\Drivers\fileHiders.sys [2014-10-23 32464]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-12-2 1471352]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\Drivers\MijXfilt.sys [2013-10-11 121416]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2013-11-18 1900400]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\Drivers\PcaSp60.sys [2014-5-16 38912]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\Drivers\tap0901t.sys [2014-2-6 31232]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2014-2-6 758224]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-12-08 07:28:11 2213776 ----a-w- C:\Windows\ETDUninst.dll
2014-12-08 07:19:07 -------- d-----w- C:\Users\J\AppData\Local\ElevatedDiagnostics
2014-12-08 06:43:56 -------- d-----w- C:\Users\J\AppData\Roaming\v9
2014-12-08 06:43:40 -------- d-----w- C:\ProgramData\MailUpdate
2014-12-08 06:43:40 -------- d-----w- C:\Program Files\Kromtech
2014-12-08 06:43:39 -------- d-----w- C:\Users\J\AppData\Roaming\MailUpdate
2014-12-08 06:43:30 -------- d-----w- C:\ProgramData\Kromtech
2014-12-08 04:25:00 -------- d-----w- C:\Program Files (x86)\SafeHarborGames
2014-12-02 22:26:19 -------- d-----w- C:\Users\J\AppData\Roaming\.minecraft
2014-11-19 17:53:30 827904 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 17:53:30 666624 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 17:53:28 238080 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 17:53:28 187904 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-18 17:09:13 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-11-14 17:26:00 713672 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-14 17:26:00 106440 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 02:06:22 783872 ----a-w- C:\Windows\System32\audiosrv.dll
2014-11-12 02:05:57 4068864 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 02:01:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-11-11 02:14:00 585728 ----a-w- C:\Windows\System32\rastls.dll
2014-11-11 02:14:00 510464 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-11-11 02:12:59 96768 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2014-11-11 02:10:55 674304 ----a-w- C:\Windows\System32\drivers\srv2.sys
.
==================== Find3M  ====================
.
2014-12-08 07:31:57 380 ----a-w- C:\Users\J\AppData\Roaming\sp_data.sys
2014-11-21 22:49:43 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-10-26 01:56:17 2237952 ----a-w- C:\Windows\System32\wininet.dll
2014-10-26 01:56:06 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-10-26 01:54:43 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-26 01:54:36 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-10-26 01:54:36 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-10-26 01:53:54 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-26 00:36:01 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-26 00:35:53 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-10-26 00:34:48 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-26 00:34:43 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-10-26 00:34:43 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-10-26 00:34:16 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-26 00:19:11 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-26 00:13:06 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-25 21:48:29 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-10-24 00:01:48 32464 ----a-w- C:\Windows\System32\drivers\fileHiders.sys
2014-10-23 12:47:53 79872 ----a-w- C:\Windows\System32\packager.dll
2014-10-23 11:04:41 68096 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 08:44:05 778240 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 07:05:16 567808 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-11 08:35:58 171840 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-11 07:44:56 588288 ----a-w- C:\Windows\System32\SHCore.dll
2014-10-11 07:44:47 3248640 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-11 07:43:51 1281536 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-11 05:57:57 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2014-10-11 05:41:57 146944 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-11 05:41:43 713728 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-11 05:05:20 146944 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-11 05:04:59 713728 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-04 18:53:15 170712 ----a-w- C:\Windows\System32\drivers\bcbtums.sys
2014-10-04 18:52:59 2232024 ----a-w- C:\Windows\System32\BcmBtRSupport.dll
2014-10-04 18:52:57 229080 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2014-10-04 18:52:57 190168 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2014-10-04 18:52:57 166616 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2014-10-04 18:52:56 66264 ----a-w- C:\Windows\System32\btwdi.dll
2014-10-04 18:52:56 40248 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2014-10-04 18:52:56 38616 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2014-10-04 18:52:56 2251992 ----a-w- C:\Windows\System32\BtwRSupportService.exe
2014-10-03 01:21:18 522728 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-02 22:29:25 267264 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-02 22:29:16 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2014-09-24 23:29:59 318976 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-24 23:29:51 72192 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2014-09-24 23:01:14 414208 ----a-w- C:\Windows\System32\schannel.dll
2014-09-24 23:01:00 86528 ----a-w- C:\Windows\System32\ncryptsslp.dll
2014-09-22 05:53:10 35320 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2014-09-13 06:24:47 2233152 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-09-13 03:45:52 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-09-13 03:45:52 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-09-13 03:45:51 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-09-13 03:45:51 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH:  1:48:07.05 ===============
 


BC AdBot (Login to Remove)

 


m

#2 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 December 2014 - 03:02 AM

I guess I should add: Avast came up with nothing.  I can not uninstall manually.



#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:36 AM

Posted 08 December 2014 - 12:22 PM

Hello 

DarthSparty

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 December 2014 - 12:51 PM

# AdwCleaner v4.104 - Report created 08/12/2014 at 11:44:35
# Updated 05/12/2014 by Xplode
# Database : 2014-12-08.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : J - LAPTOP
# Running from : C:\Users\J\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : qknfd
[#] Service Deleted : PCKeeper2Service
Service Deleted : PCKeeperOcfService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\MailUpdate
Folder Deleted : C:\Program Files (x86)\FindRight
Folder Deleted : C:\Users\J\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\J\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\J\AppData\Roaming\v9
Folder Deleted : C:\Users\J\AppData\Roaming\MailUpdate
File Deleted : C:\Users\J\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\FindRight
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\FindRight
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17148
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [8696 octets] - [08/12/2014 11:41:40]
AdwCleaner[S0].txt - [6195 octets] - [08/12/2014 11:44:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6255 octets] ##########


#5 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 December 2014 - 12:57 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by J (administrator) on LAPTOP on 08-12-2014 11:52:37
Running from C:\Users\J\Downloads
Loaded Profile: J (Available profiles: J)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
() C:\Users\J\AppData\Local\Autobahn\nexdef.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2627728 2012-09-24] (Bradford Networks)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3227552 2014-05-23] (Echobit LLC)
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\Run: [Google Update] => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-30] (Google Inc.)
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\Run: [GoogleChromeAutoLaunch_EC7D443C1E63C91CE213351B75D9A2A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: F - "F:\Setup.exe" 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: G - "G:\Setup.exe" 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: {326e991e-59e3-11e3-be90-c810bc8d9c17} - "K:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: {8e22e617-0c10-11e3-be7d-50465de46ee1} - "J:\TL-Bootstrap.exe" 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: {9f9d0dcb-1400-11e2-be6a-806e6f6e6963} - "E:\.\Autorun.exe" 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\J\AppData\Local\Autobahn\nexdef.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-608726029-3151777986-293780615-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-608726029-3151777986-293780615-1001 -> {540B23FF-418C-49C2-8E66-7B18A30008C2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: FindRight -> {cf710881-c002-4ea4-860a-b6931b040948} -> C:\Program Files (x86)\FindRight\FindRightbho.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-608726029-3151777986-293780615-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\J\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-608726029-3151777986-293780615-1001: @talk.google.com/O1DPlugin -> C:\Users\J\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-608726029-3151777986-293780615-1001: @tools.google.com/Google Update;version=3 -> C:\Users\J\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-608726029-3151777986-293780615-1001: @tools.google.com/Google Update;version=9 -> C:\Users\J\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\J\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\J\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://www.v9.com/?type=hp&ts=1418021019&from=cor&uid=ST750LM022XHN-M750MBB_S2UQJ9AC716326&i=psd&t=34d34d615"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-20]
CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-20]
CHR Extension: (Adblock Plus) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-03]
CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-08-20]
CHR Extension: (Hangouts) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-17]
CHR Extension: (Google Wallet) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Hover Zoom) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-08-20]
CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2013-11-22] (Autodesk)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2014-10-04] (Broadcom Corporation.)
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-09-24] (Bradford Networks)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-05-23] (Echobit LLC)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-28] (Electronic Arts)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2014-10-04] (Broadcom Corporation.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2014-02-08] (Echobit, LLC)
S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32464 2014-10-23] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
S3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U0 msahci; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 11:52 - 2014-12-08 11:52 - 02119680 _____ (Farbar) C:\Users\J\Downloads\FRST64.exe
2014-12-08 11:52 - 2014-12-08 11:52 - 00022280 _____ () C:\Users\J\Downloads\FRST.txt
2014-12-08 11:52 - 2014-12-08 11:52 - 00000000 ____D () C:\FRST
2014-12-08 11:41 - 2014-12-08 11:44 - 00000000 ____D () C:\AdwCleaner
2014-12-08 11:41 - 2014-12-08 11:41 - 02153472 _____ () C:\Users\J\Downloads\AdwCleaner.exe
2014-12-08 11:41 - 2014-12-08 11:41 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 01:48 - 2014-12-08 01:50 - 00024189 _____ () C:\Users\J\Desktop\dds.txt
2014-12-08 01:48 - 2014-12-08 01:50 - 00006962 _____ () C:\Users\J\Desktop\attach.txt
2014-12-08 01:44 - 2014-12-08 01:45 - 00688992 ____R (Swearware) C:\Users\J\Downloads\dds.com
2014-12-08 01:28 - 2014-12-08 01:40 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2014-12-08 01:28 - 2013-04-11 00:53 - 02213776 _____ (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll
2014-12-08 01:26 - 2014-12-08 01:26 - 13338108 _____ () C:\Users\J\Downloads\SmartGesture_Win8_64_Z1035.zip
2014-12-08 01:20 - 2014-12-08 01:20 - 02448688 _____ (Megaify Software ) C:\Users\J\Downloads\DriverToolkitInstaller.exe
2014-12-08 01:18 - 2014-12-08 01:18 - 00003084 _____ () C:\Windows\System32\Tasks\{837D3BB0-2042-4079-81CA-712F4362769F}
2014-12-08 01:05 - 2014-12-08 01:26 - 00000000 ____D () C:\Users\J\Desktop\New folder
2014-12-08 01:03 - 2014-12-08 01:04 - 17875309 _____ () C:\Users\J\Downloads\Touchpad_Elantech_Win8_64_VER11591 (2).zip
2014-12-08 00:44 - 2014-12-08 00:44 - 00001948 _____ () C:\Users\Public\Desktop\PCKeeper.lnk
2014-12-08 00:44 - 2014-12-08 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kromtech
2014-12-08 00:43 - 2014-12-08 01:17 - 00000000 ____D () C:\Program Files\Kromtech
2014-12-08 00:43 - 2014-12-08 00:44 - 00000000 ____D () C:\ProgramData\Kromtech
2014-12-07 22:25 - 2014-12-07 22:25 - 00001985 _____ () C:\Users\Public\Desktop\SafeHarborGames.lnk
2014-12-07 22:25 - 2014-12-07 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeHarborGames
2014-12-07 22:25 - 2014-12-07 22:25 - 00000000 ____D () C:\Program Files (x86)\SafeHarborGames
2014-12-07 22:22 - 2014-12-07 22:22 - 22024704 _____ () C:\Users\J\Downloads\SHGWin8.msi
2014-12-02 16:26 - 2014-12-02 16:35 - 00000000 ____D () C:\Users\J\AppData\Roaming\.minecraft
2014-12-02 16:26 - 2014-12-02 16:26 - 00002106 _____ () C:\Users\J\Desktop\Minecraft.lnk
2014-12-02 16:26 - 2014-12-02 16:26 - 00000000 ____D () C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-12-01 14:47 - 2014-12-01 14:49 - 637587523 _____ () C:\Users\J\Downloads\2000 - The Lion's Game    (2 MP3s - U).rar
2014-11-19 15:42 - 2014-12-08 00:46 - 00000000 ____D () C:\Users\J\Desktop\Jobs Madison
2014-11-19 11:53 - 2014-11-08 05:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:53 - 2014-11-08 05:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:53 - 2014-11-08 00:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 11:53 - 2014-11-08 00:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-16 21:13 - 2014-11-18 15:02 - 00000457 _____ () C:\Users\J\Desktop\family feud.txt
2014-11-14 17:40 - 2014-11-14 17:41 - 00531288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 11:26 - 2014-11-20 14:56 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-14 11:26 - 2014-11-20 14:56 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 21:22 - 2014-09-21 23:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-11 21:22 - 2014-08-26 16:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-11 20:06 - 2014-10-02 19:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 20:06 - 2014-10-02 16:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 20:06 - 2014-10-02 16:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 20:06 - 2014-10-02 16:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-11 20:06 - 2014-09-13 00:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-11 20:06 - 2014-09-05 18:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-11 20:06 - 2014-09-02 20:48 - 00457728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-11 20:06 - 2014-09-02 20:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-11 20:06 - 2014-09-02 20:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-11 20:06 - 2014-09-02 20:21 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-11 20:06 - 2014-09-02 20:21 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-11 20:06 - 2014-08-28 22:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-11 20:06 - 2014-08-28 22:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-11 20:06 - 2014-08-28 22:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-11 20:06 - 2014-08-28 22:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-11-11 20:06 - 2014-08-28 00:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-11 20:06 - 2014-08-28 00:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-11 20:06 - 2014-08-27 23:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-11 20:06 - 2014-08-27 23:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-11 20:06 - 2014-08-27 23:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-11 20:06 - 2014-08-27 23:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-11-11 20:06 - 2014-07-24 07:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-11 20:05 - 2014-10-23 06:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 20:05 - 2014-10-23 05:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 20:05 - 2014-10-18 02:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 20:05 - 2014-10-18 01:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 20:05 - 2014-10-11 02:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 20:05 - 2014-10-11 01:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-11 20:05 - 2014-10-11 01:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-11-11 20:05 - 2014-10-11 01:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 20:05 - 2014-10-10 23:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-11 20:05 - 2014-10-10 23:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 20:05 - 2014-10-10 23:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 20:05 - 2014-10-10 23:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 20:05 - 2014-10-10 23:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 20:05 - 2014-10-01 17:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 20:05 - 2014-09-24 17:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 20:05 - 2014-09-24 17:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-11 20:05 - 2014-09-24 17:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 20:05 - 2014-09-24 17:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-11 20:05 - 2014-08-21 17:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 20:05 - 2014-08-21 17:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 20:02 - 2014-10-25 19:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 20:02 - 2014-10-25 19:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 20:02 - 2014-10-25 19:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 20:02 - 2014-10-25 19:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 20:02 - 2014-10-25 19:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 20:02 - 2014-10-25 19:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 20:02 - 2014-10-25 18:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 20:02 - 2014-10-25 18:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 20:02 - 2014-10-25 18:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 20:02 - 2014-10-25 18:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 20:02 - 2014-10-25 18:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 20:02 - 2014-10-25 18:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 20:01 - 2014-10-25 19:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-11-11 20:01 - 2014-10-25 19:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-11-11 20:01 - 2014-10-25 19:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 20:01 - 2014-10-25 19:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 20:01 - 2014-10-25 19:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 20:01 - 2014-10-25 19:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 20:01 - 2014-10-25 19:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 20:01 - 2014-10-25 19:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 20:01 - 2014-10-25 19:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 20:01 - 2014-10-25 19:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 20:01 - 2014-10-25 19:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 20:01 - 2014-10-25 19:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-11 20:01 - 2014-10-25 19:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 20:01 - 2014-10-25 19:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 20:01 - 2014-10-25 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 20:01 - 2014-10-25 18:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 20:01 - 2014-10-25 18:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 20:01 - 2014-10-25 18:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 20:01 - 2014-10-25 18:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-11 20:01 - 2014-10-25 18:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 20:01 - 2014-10-25 18:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 20:01 - 2014-10-25 18:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 20:01 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 20:01 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 20:01 - 2014-10-25 18:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-11 20:01 - 2014-10-25 18:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 20:01 - 2014-10-25 18:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 20:01 - 2014-10-25 18:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 20:01 - 2014-10-25 18:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 20:01 - 2014-10-25 18:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 20:01 - 2014-10-25 15:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-11-10 20:14 - 2014-09-02 20:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-10 20:14 - 2014-09-02 20:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-10 20:13 - 2014-07-11 18:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-10 20:13 - 2014-07-11 18:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-11-10 20:13 - 2014-07-08 16:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-11-10 20:13 - 2014-07-06 23:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-10 20:13 - 2014-07-06 23:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-10 20:13 - 2014-07-06 23:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-10 20:13 - 2014-07-06 23:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-11-10 20:13 - 2014-07-06 23:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-10 20:13 - 2014-07-06 22:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-10 20:13 - 2014-07-06 22:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-10 20:13 - 2014-07-06 22:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-10 20:13 - 2014-07-06 21:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-10 20:13 - 2014-07-02 19:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-11-10 20:13 - 2014-07-02 18:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-11-10 20:13 - 2014-06-25 01:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-10 20:13 - 2014-06-17 17:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-10 20:13 - 2014-06-11 08:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-11-10 20:13 - 2014-06-10 22:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-11-10 20:13 - 2014-06-10 16:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-11-10 20:13 - 2014-02-04 04:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-11-10 20:12 - 2014-07-11 22:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-11-10 20:12 - 2014-07-11 22:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-10 20:12 - 2014-07-11 22:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-10 20:12 - 2014-07-11 22:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-10 20:12 - 2014-07-11 22:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-10 20:12 - 2014-07-11 22:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-10 20:12 - 2014-07-11 22:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-11-10 20:12 - 2014-07-11 22:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-10 20:12 - 2014-07-11 22:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-10 20:12 - 2014-07-11 22:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-10 20:12 - 2014-07-11 22:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-10 20:12 - 2014-07-11 22:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-10 20:12 - 2014-07-08 16:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-11-10 20:12 - 2014-07-08 16:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-11-10 20:12 - 2014-07-08 16:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-11-10 20:12 - 2014-07-06 23:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-11-10 20:12 - 2014-07-04 04:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-11-10 20:12 - 2014-06-28 01:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-11-10 20:12 - 2014-06-28 00:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-11-10 20:12 - 2014-06-28 00:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-11-10 20:12 - 2014-06-25 01:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-10 20:12 - 2014-06-17 17:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-10 20:10 - 2014-08-29 23:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-10 20:10 - 2014-08-29 23:47 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-10 20:10 - 2014-08-29 23:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-10 20:10 - 2014-08-29 22:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-10 20:10 - 2014-08-29 22:04 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-10 20:10 - 2014-08-29 22:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-10 20:10 - 2014-07-24 07:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-11-10 20:10 - 2014-07-16 17:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-11-10 20:10 - 2014-07-16 16:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-11-10 20:10 - 2014-07-16 16:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-11-10 20:10 - 2014-07-12 00:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-11-10 20:10 - 2014-07-11 22:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-11-10 20:10 - 2014-07-11 22:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-11-10 20:10 - 2014-07-11 22:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-11-10 20:10 - 2014-07-11 22:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-11-10 20:10 - 2014-06-28 00:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-10 20:10 - 2014-06-27 20:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-10 20:10 - 2014-06-12 17:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-10 20:10 - 2014-06-12 17:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-08 18:08 - 2014-11-08 18:08 - 00001624 _____ () C:\Users\J\Downloads\prog.m3u8
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 11:46 - 2013-08-20 12:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-08 11:46 - 2013-08-20 12:11 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 11:46 - 2013-08-20 12:08 - 00000380 _____ () C:\Users\J\AppData\Roaming\sp_data.sys
2014-12-08 11:45 - 2012-08-01 19:20 - 00163184 _____ () C:\Windows\PFRO.log
2014-12-08 11:45 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 11:44 - 2012-10-11 18:25 - 02073677 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 11:38 - 2013-08-20 12:18 - 00000000 ____D () C:\Users\J\AppData\Roaming\uTorrent
2014-12-08 02:00 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-08 01:56 - 2013-08-20 12:11 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 01:40 - 2012-10-11 18:15 - 00038954 _____ () C:\Windows\DPINST.LOG
2014-12-08 01:32 - 2013-08-30 09:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-08 01:28 - 2012-07-25 23:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-08 01:27 - 2012-08-04 20:25 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-12-08 01:26 - 2014-03-30 16:56 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-608726029-3151777986-293780615-1001UA.job
2014-12-08 01:18 - 2012-07-26 01:28 - 00860782 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-08 01:16 - 2014-02-08 17:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 00:26 - 2014-03-30 16:56 - 00000854 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-608726029-3151777986-293780615-1001Core.job
2014-12-06 10:04 - 2013-08-20 19:36 - 00000000 ____D () C:\Users\J\AppData\Local\PokerStars.NET
2014-12-05 13:23 - 2013-08-20 12:57 - 00000000 ____D () C:\Program Files\PeerBlock
2014-12-05 11:30 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-03 19:24 - 2013-08-20 15:17 - 00000000 ____D () C:\Users\J\AppData\Roaming\vlc
2014-12-02 20:32 - 2013-11-25 15:38 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-12-02 17:54 - 2013-08-27 11:25 - 00000000 ____D () C:\Users\J\School
2014-11-28 16:00 - 2013-11-18 10:16 - 00000000 ____D () C:\ProgramData\Origin
2014-11-28 15:49 - 2013-11-18 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-28 15:49 - 2013-11-18 10:16 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-27 19:04 - 2012-07-26 01:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-25 15:16 - 2014-02-08 17:19 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-21 16:58 - 2013-08-26 08:29 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-21 16:49 - 2013-08-30 09:12 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-19 23:07 - 2014-10-19 11:05 - 00000019 _____ () C:\Users\J\Desktop\plum island.txt
2014-11-14 11:21 - 2012-07-26 02:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 11:21 - 2012-07-26 02:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 11:21 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 11:21 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-14 11:20 - 2012-07-26 02:12 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 11:20 - 2012-07-26 02:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-13 00:21 - 2014-03-30 16:56 - 00003844 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-608726029-3151777986-293780615-1001UA
2014-11-13 00:21 - 2014-03-30 16:56 - 00003464 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-608726029-3151777986-293780615-1001Core
2014-11-13 00:06 - 2013-08-21 09:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 16:51 - 2013-08-20 12:11 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 16:51 - 2013-08-20 12:11 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 11:57 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-10 16:22 - 2013-10-07 23:39 - 00000000 ____D () C:\Users\J\AppData\Roaming\mozilla
 
Some content of TEMP:
====================
C:\Users\J\AppData\Local\Temp\AcDeltree.exe
C:\Users\J\AppData\Local\Temp\CleanSchedule.exe
C:\Users\J\AppData\Local\Temp\GURCC15.exe
C:\Users\J\AppData\Local\Temp\install_flash_player_11_plugin.exe
C:\Users\J\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\J\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\J\AppData\Local\Temp\nsd887.tmp.exe
C:\Users\J\AppData\Local\Temp\OfficeSetup.exe
C:\Users\J\AppData\Local\Temp\oi_{DE9BEA68-65E1-40AB-BF2F-22942AF755C1}.exe
C:\Users\J\AppData\Local\Temp\Quarantine.exe
C:\Users\J\AppData\Local\Temp\safeguard.exe
C:\Users\J\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\J\AppData\Local\Temp\sqlite3.dll
C:\Users\J\AppData\Local\Temp\SRLDetectionLibrary6957721066292301791.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-01 13:08
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by J at 2014-12-08 11:55:08
Running from C:\Users\J\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
AutoCAD 2009 - English (HKLM\...\AutoCAD 2009 - English) (Version: 17.2.56.0 - Autodesk)
AutoCAD 2009 - English (Version: 17.2.56.0 - Autodesk) Hidden
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Baldur's Gate™ II - Shadows of Amn™ (HKLM-x32\...\{8DAE4336-2B71-11D4-9A6C-006067325E47}) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bradford Persistent Agent (HKLM-x32\...\{97FBB5BD-BCAD-4075-B87B-DD1DB9A70AB6}) (Version: 2.2.8.2 - Bradford Networks)
Bullet Candy (HKLM-x32\...\Steam App 6600) (Version:  - R C Knight)
Capsized (HKLM-x32\...\Steam App 95300) (Version:  - Alientrap Games Inc)
CDisplayEx 1.9.15 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DS3 Tool 1.0005 Windows (HKLM-x32\...\{C029726A-CCBF-46D8-893A-E62105DB9803}_is1) (Version: 1.0005 - MotionInJoy.)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.4 - Echobit, LLC)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Fortix (HKLM-x32\...\Steam App 45400) (Version:  - Nemesys Games)
Galcon Fusion (HKLM-x32\...\Steam App 44200) (Version:  - Hassey Enterprises, Inc.)
Geometry Wars: Retro Evolved (HKLM-x32\...\Steam App 8400) (Version:  - Bizarre Creations)
Gnomoria (HKLM-x32\...\Steam App 224500) (Version:  - Robotronic Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
LUFTRAUSERS (HKLM-x32\...\Steam App 233150) (Version:  - Vlambeer)
Mathcad 13 (HKLM-x32\...\{E8334783-E2F9-4CA6-86F8-090051418F09}) (Version: 13.1.3.0 - Mathsoft)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic: Duel of Champions (HKLM-x32\...\Steam App 256410) (Version:  - Ubisoft Quebec)
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version:  - )
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PCKeeper (HKLM-x32\...\{E44BBEE3-3F83-4670-9E2E-EE0556442287}) (Version: 2.2.775 - Kromtech)
PCKeeper (Version: 2.2.775 - Kromtech) Hidden
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHG Installation (HKLM-x32\...\{C12A5D6D-433D-49F3-822A-70E36C9D71D3}) (Version: 2.0.78 - SafeHarborGames)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
Super Laser Racer (HKLM-x32\...\Steam App 44100) (Version:  - New Star Games Ltd)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{E362724E-9320-4946-AF34-874E7B6B2927}) (Version: 6.0.7.0 - Husdawg, LLC)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Longest Journey (HKLM-x32\...\The Longest Journey_is1) (Version:  - GOG.com)
The Stanley Parable (HKLM-x32\...\The Stanley Parable_is1) (Version:  - )
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
v9 uninstall (HKLM-x32\...\v9 uninstall) (Version:  - v9)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9820 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.00 beta 8 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{2F1F7574-ECCA-4361-B4DE-C411BF7EEE23}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\J\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\J\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\J\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\J\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\J\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
28-11-2014 00:23:10 Windows Update
08-12-2014 04:23:01 Installed SHG Installation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 23:26 - 2012-07-25 23:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {163A4E93-7219-43D7-9CD7-DCC009BFFD40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {1946CF53-FA16-4344-82C6-CD64B8471579} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {27DCB66D-344B-48F6-901F-32228DED29D6} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {2B820D7C-17A1-4335-B86F-FA33765DF01C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-20] (Google Inc.)
Task: {4C7790BE-DFA2-40B7-9DCC-7E2154910CBC} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {6CE0285C-0F54-4B5A-8499-4C2AD1B54A90} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {6EAC6400-BA03-49C2-820E-CA3E67DEB289} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {8628A33B-26D8-44D0-88FE-7C0CC9E89F30} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {A875FB2A-A1BE-44A3-860E-A38B14D0782E} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {B0E54641-2C51-4B91-8F7A-ADD6BD802F53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-608726029-3151777986-293780615-1001UA => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-30] (Google Inc.)
Task: {B1BC783E-1639-44FB-B397-6C04588C2B5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-608726029-3151777986-293780615-1001Core => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-30] (Google Inc.)
Task: {B226DB75-17D1-4084-8893-CE401F37CB1D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {D5F708E6-511A-4E29-B280-CD44E4B98A25} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-20] (Google Inc.)
Task: {D89BB556-09BD-4AE0-89CC-36EADF240160} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {D9B4672D-2B9A-42BE-811A-E4095AD7DF86} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-06] (AVAST Software)
Task: {E6483A32-D993-4A4C-AA97-62236073029F} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-608726029-3151777986-293780615-1001Core.job => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-608726029-3151777986-293780615-1001UA.job => C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-04 11:34 - 2012-08-04 11:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-11-21 16:57 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-22 06:13 - 2012-08-16 02:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-06-13 19:14 - 2014-06-13 19:14 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-03-21 09:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-07-26 01:58 - 2012-07-26 01:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-03-14 08:47 - 2013-03-14 08:47 - 15500800 _____ () C:\Users\J\AppData\Local\Autobahn\nexdef.exe
2014-08-06 20:30 - 2014-08-06 20:30 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-12-08 11:38 - 2014-12-08 11:38 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120800\algo.dll
2013-04-21 19:44 - 2013-04-21 19:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 19:44 - 2013-04-21 19:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-07 15:12 - 2012-06-07 15:12 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-08-30 17:51 - 2014-11-11 12:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 17:51 - 2014-11-11 12:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 17:51 - 2014-11-11 12:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-07-01 09:20 - 2014-11-11 12:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-23 23:43 - 2014-11-18 14:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 17:51 - 2014-11-11 12:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 17:51 - 2014-11-11 12:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-26 15:46 - 2014-11-18 14:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-11-25 22:00 - 2014-11-25 00:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 22:00 - 2014-11-25 00:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-25 22:00 - 2014-11-25 00:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 22:00 - 2014-11-25 00:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-05-14 10:45 - 2014-05-14 10:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-03-14 08:47 - 2013-03-14 08:47 - 00020480 _____ () C:\Users\J\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 08:47 - 2013-03-14 08:47 - 00069632 _____ () C:\Users\J\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 08:47 - 2013-03-14 08:47 - 00126976 _____ () C:\Users\J\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 08:47 - 2013-03-14 08:47 - 00159744 _____ () C:\Users\J\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2014-08-06 20:30 - 2014-08-06 20:30 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-15 15:32 - 2014-11-11 12:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-10-11 18:12 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\StartupApproved\Run: => "EvolveClient"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-608726029-3151777986-293780615-500 - Administrator - Disabled)
ASPNET (S-1-5-21-608726029-3151777986-293780615-1029 - Limited - Enabled)
Guest (S-1-5-21-608726029-3151777986-293780615-501 - Limited - Disabled)
J (S-1-5-21-608726029-3151777986-293780615-1001 - Administrator - Enabled) => C:\Users\J
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Evolve Virtual Ethernet Adapter
Description: Evolve Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Echobit LLC
Service: EvolveVirtualAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2014 01:28:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ETDService.exe, version: 11.0.0.5, time stamp: 0x51593845
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b4864c
Exception code: 0xc0000374
Fault offset: 0x00000000000e9e99
Faulting process id: 0xa34
Faulting application start time: 0xETDService.exe0
Faulting application path: ETDService.exe1
Faulting module path: ETDService.exe2
Report Id: ETDService.exe3
Faulting package full name: ETDService.exe4
Faulting package-relative application ID: ETDService.exe5
 
Error: (12/08/2014 00:31:32 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (12/06/2014 10:56:54 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (12/06/2014 00:16:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
 
Error: (12/06/2014 00:16:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
 
Error: (12/06/2014 00:16:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/06/2014 11:07:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (12/06/2014 10:05:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26000
 
Error: (12/06/2014 10:05:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26000
 
Error: (12/06/2014 10:05:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (12/08/2014 11:45:18 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (12/08/2014 11:44:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/08/2014 11:44:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (12/08/2014 11:44:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/08/2014 11:44:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/08/2014 11:44:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/08/2014 11:44:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/08/2014 11:44:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/08/2014 11:44:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/08/2014 11:44:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PasswordBox service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (12/08/2014 01:28:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ETDService.exe11.0.0.551593845ntdll.dll6.2.9200.1704653b4864cc000037400000000000e9e99a3401d012b6379cc2a9C:\Program Files\Elantech\ETDService.exeC:\Windows\SYSTEM32\ntdll.dllbe6aa9d5-7eab-11e4-bec3-50465de46ee1
 
Error: (12/08/2014 00:31:32 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (12/06/2014 10:56:54 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (12/06/2014 00:16:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
 
Error: (12/06/2014 00:16:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
 
Error: (12/06/2014 00:16:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/06/2014 11:07:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (12/06/2014 10:05:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26000
 
Error: (12/06/2014 10:05:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26000
 
Error: (12/06/2014 10:05:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 8077.68 MB
Available physical RAM: 5405.12 MB
Total Pagefile: 12173.68 MB
Available Pagefile: 9188.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:17.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:398.18 GB) (Free:252.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 52891CA4)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#6 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 December 2014 - 01:02 PM

Is that all 3 logs requested?  I can not tell. 



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:36 AM

Posted 08 December 2014 - 01:40 PM

Yes that is all 3. Thanks. How is the machine running now? I will look over the logs and get back to you.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:36 AM

Posted 08 December 2014 - 01:51 PM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

PCKeeper
PCKeeper
v9 uninstall


Additional instructions can be found here if needed.

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   6.83KB   3 downloads


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 December 2014 - 02:22 PM

Clicking uninstall on PCKeeper does nothing.

Windows claims v9 was uninstalled, but it still on my list. 

 

Doing next step now. 



#10 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 December 2014 - 02:47 PM

PCKeeper is still installed, and I can not remove it through control panel.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by J at 2014-12-08 13:26:25 Run:1
Running from C:\Users\J\Downloads
Loaded Profile: J (Available profiles: J)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: F - "F:\Setup.exe" 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: G - "G:\Setup.exe" 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: {326e991e-59e3-11e3-be90-c810bc8d9c17} - "K:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: {8e22e617-0c10-11e3-be7d-50465de46ee1} - "J:\TL-Bootstrap.exe" 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\...\MountPoints2: {9f9d0dcb-1400-11e2-be6a-806e6f6e6963} - "E:\.\Autorun.exe" 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-608726029-3151777986-293780615-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-608726029-3151777986-293780615-1001 -> {540B23FF-418C-49C2-8E66-7B18A30008C2} URL = 
BHO-x32: FindRight -> {cf710881-c002-4ea4-860a-b6931b040948} -> C:\Program Files (x86)\FindRight\FindRightbho.dll No File
C:\Program Files (x86)\FindRight
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
U0 msahci; No ImagePath
2014-12-08 00:44 - 2014-12-08 00:44 - 00001948 _____ () C:\Users\Public\Desktop\PCKeeper.lnk
2014-12-07 22:25 - 2014-12-07 22:25 - 00001985 _____ () C:\Users\Public\Desktop\SafeHarborGames.lnk
2014-12-08 11:38 - 2013-08-20 12:18 - 00000000 ____D () C:\Users\J\AppData\Roaming\uTorrent
2014-12-08 02:00 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru
C:\Users\J\AppData\Local\Temp\AcDeltree.exe
C:\Users\J\AppData\Local\Temp\CleanSchedule.exe
C:\Users\J\AppData\Local\Temp\GURCC15.exe
C:\Users\J\AppData\Local\Temp\install_flash_player_11_plugin.exe
C:\Users\J\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\J\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\J\AppData\Local\Temp\nsd887.tmp.exe
C:\Users\J\AppData\Local\Temp\OfficeSetup.exe
C:\Users\J\AppData\Local\Temp\oi_{DE9BEA68-65E1-40AB-BF2F-22942AF755C1}.exe
C:\Users\J\AppData\Local\Temp\Quarantine.exe
C:\Users\J\AppData\Local\Temp\safeguard.exe
C:\Users\J\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\J\AppData\Local\Temp\sqlite3.dll
C:\Users\J\AppData\Local\Temp\SRLDetectionLibrary6957721066292301791.dll
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\J\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Emptytemp:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
HKU\S-1-5-21-608726029-3151777986-293780615-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-608726029-3151777986-293780615-1001" => Key not found.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-608726029-3151777986-293780615-1001" => Key not found.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{326e991e-59e3-11e3-be90-c810bc8d9c17}" => Key deleted successfully.
"HKCR\CLSID\{326e991e-59e3-11e3-be90-c810bc8d9c17}" => Key not found.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e22e617-0c10-11e3-be7d-50465de46ee1}" => Key deleted successfully.
"HKCR\CLSID\{8e22e617-0c10-11e3-be7d-50465de46ee1}" => Key not found.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f9d0dcb-1400-11e2-be6a-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{9f9d0dcb-1400-11e2-be6a-806e6f6e6963}" => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-608726029-3151777986-293780615-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{540B23FF-418C-49C2-8E66-7B18A30008C2}" => Key deleted successfully.
"HKCR\CLSID\{540B23FF-418C-49C2-8E66-7B18A30008C2}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf710881-c002-4ea4-860a-b6931b040948}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{cf710881-c002-4ea4-860a-b6931b040948}" => Key deleted successfully.
"C:\Program Files (x86)\FindRight" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
msahci => Service deleted successfully.
C:\Users\Public\Desktop\PCKeeper.lnk => Moved successfully.
C:\Users\Public\Desktop\SafeHarborGames.lnk => Moved successfully.
C:\Users\J\AppData\Roaming\uTorrent => Moved successfully.
C:\Windows\system32\sru => Moved successfully.
C:\Users\J\AppData\Local\Temp\AcDeltree.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\CleanSchedule.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\GURCC15.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\install_flash_player_11_plugin.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\nsd887.tmp.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\oi_{DE9BEA68-65E1-40AB-BF2F-22942AF755C1}.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\safeguard.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
C:\Users\J\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\J\AppData\Local\Temp\SRLDetectionLibrary6957721066292301791.dll => Moved successfully.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-608726029-3151777986-293780615-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
EmptyTemp: => Removed 2.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:36 AM

Posted 08 December 2014 - 04:56 PM

How is the system running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 December 2014 - 05:00 PM

Seems to be running better, but PCKeeper is still installed.  Ideally, I would like to remove it. 



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:36 AM

Posted 08 December 2014 - 05:08 PM

PCKeeper is not installed anymore just the name in the control panel it's folder has been removed. You can see if this finds anything left but I doubt it.

 

 

You have unwanted programs on your computer system that should be removed.
I recommend using the following program to do this because it is good at removing any stray remnants that uninstallers often leave behind.

1. Please download REVO UNINSTALLER
and save it on your computer.

2. Install Revo Uninstaller on your computer system.

3. Once the program is installed start the program and insure the uninstaller tab is active. (See image below)

revo-main-menu.png

Icons from all your installed programs will appear alphabetically in the main window.

4. Right click the program you wish to uninstall by selecting the program's icon in the main window.
A menu will appear such as that shown below.

revo-uninstall.png

5. Next, choose Uninstall from this menu.

A confirmation from the program you wish to uninstall will appear on your screen, such as the one shown in the image below.

6. Please choose YES that you wish to uninstall the program.

revo-confirm.png

By default, Revo Uninstaller will be set to Moderate uninstall Mode.
Please change it to Advanced by clicking the radio button near Advanced as shown below and then click the NEXT button.

revo-advanced1.png

7. Next, you will see this screen where a system restore back up is made.

uninstall-1.png

The program's built in uninstaller will appear on screen, confirm removal and the uninstall procedure will begin.

confirm.png

The program you uninstalled will confirm it has been uninstalled and may ask for user feedback as shown below. It is really your choice if you wish to take the time to answer their survey, however it is not important if you do or not and you can skip it by clicking NO

uninstall-complete.png

If you are told to reboot to complete the uninstall, choose NO! We still have other things we need to remove from your computer using Revo Uninstaller's other features.

8. Once the program has been successfully uninstalled, click the NEXT button.

next-button.png

Revo Uninstaller will scan your computer for leftover information, files and registry entries.

leftover-info.png

If any registry entries are found, Revo Uninstaller will list those in BOLD text as shown below.

leftover-registry.png

It is safe to remove those entries as they are often only associated with the program you have just removed from your computer system.

9. Look for the Select All button and click it.
All the BOLD entries should now be checked off like shown in the image below.

select-all.png

Look for the DELETE button and click it.
When asked to confirm the deletion, click YES

confirm-delete-registry.png

When finished click the Next button.

Revo may confirm the uninstall is complete and offer a FINISH button. This means the program has been successfully uninstalled and no further action is needed.

If however, any leftover files and folders are found those will be presented. If you want to get rid of them click Select All then Delete.
This will remove those and send them to your RECYCLE BIN. The image below shows Revo Uninstaller asking for your confirmation, before sending them to the recycle bin, simply choose the Yes Button and away they go to the trash. You can then either retrieve them or clean your recycle bin permanently removing them from your computer system.

revo5.png

You can use Revo Uninstaller to remove other unwanted programs from your computer by performing the above procedures for each one.

 

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 DarthSparty

DarthSparty
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 December 2014 - 05:10 PM

I will run that when I get home.  Also, when I right click on the desktop one of the options is "Secure Delete with PCKeeper".  That is what leads me to believe that it is still around.  Also, it is still on my programs list.  How can I remove it from there?



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:36 AM

Posted 09 December 2014 - 09:58 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users