Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zoomify installed on my computer. Can not uninstall it please help.


  • This topic is locked This topic is locked
12 replies to this topic

#1 bhenson

bhenson

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 26 December 2014 - 12:55 AM

December 22nd I was updating flash and my computer died. As I plugged it in the next morning i had several spyware and malware virus on my computer. I have uninstalled all of them i think with the exception of zoomify. Can someone please help me. Thank you in advance for your help.

 

Bryan



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:43 PM

Posted 26 December 2014 - 10:55 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 bhenson

bhenson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 28 December 2014 - 01:13 AM

Jurgen,

 

Thank you for the replay. Here is the information you requested.

 

 

"FRST NOTEPAD"

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Vauled Customer (administrator) on XSTREAMDELLLAPT on 27-12-2014 12:03:08
Running from C:\Users\Vauled Customer\Desktop
Loaded Profiles: Vauled Customer &  (Available profiles: Vauled Customer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\WINDOWS\VPDAgent_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Printer Extension) C:\ProgramData\zoomify_29\1.1.0.29\cozwdhost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Printer Extension) C:\ProgramData\zoomify_29\1.1.0.29\coz32host.exe
(Printer Extension) C:\ProgramData\zoomify_29\1.1.0.29\cozahost.exe
(Printer Extension) C:\ProgramData\zoomify_29\1.1.0.29\coz64host.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\msfeedssync.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Printer Extension) C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Extension Manager] => C:\Program Files (x86)\Extension Manager\SystemBrowser.exe
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-03] (Google Inc.)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\RunOnce: [Uninstall C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\RunOnce: [Uninstall C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-03] (Google Inc.)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Vauled Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-485000846-1325268589-2709162160-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKU\S-1-5-21-485000846-1325268589-2709162160-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-485000846-1325268589-2709162160-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default
FF DefaultSearchEngine: KeyBar 1.8 Customized Web Search
FF SelectedSearchEngine: KeyBar 1.8 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3304782&CUI=UN42671751642356122&UM=2&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304782&SearchSource=2&CUI=UN42671751642356122&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\user.js
FF SearchPlugin: C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\searchplugins\askcom.xml
FF Extension: SelectionLinks - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\plugin@selectionlinks.com [2013-01-10]
FF Extension: Zoomify - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\sdd@zmfpro.com [2014-12-22]
FF Extension: Vafmusic  - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [2013-07-24]
FF Extension: MixiDJ V31  - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\{988919ff-0cd8-4d0c-bc7e-60d55a49eb64} [2013-07-24]
FF Extension: KeyBar 1.8  - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79} [2013-07-24]
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com [2013-08-19]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-22]
CHR Extension: (YouTube) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2014-05-04]
CHR Extension: (Free Invoice Maker) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp [2012-12-03]
CHR Extension: (Enhancements for Gmail) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdnblnolcinnndenjnollpiplgkbjcn [2013-08-26]
CHR Extension: (Google Wallet) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (VEGA Conflict) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnhjmhhejnacfimcjhjbcphfnndhfec [2014-05-04]
CHR Extension: (Gmail) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Chrome\Extension: [hllhlhdmmmpbclddmhffaghecjaklneo] - C:\Users\Vauled Customer\AppData\Local\CRE\hllhlhdmmmpbclddmhffaghecjaklneo.crx [2013-08-07]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Chrome\Extension: [lckhfkchegmijelhopmcncefmhlmfagm] - C:\Users\Vauled Customer\AppData\Local\CRE\lckhfkchegmijelhopmcncefmhlmfagm.crx [2013-07-17]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Vauled Customer\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-13]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [hllhlhdmmmpbclddmhffaghecjaklneo] - C:\Users\Vauled Customer\AppData\Local\CRE\hllhlhdmmmpbclddmhffaghecjaklneo.crx [2013-08-07]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [lckhfkchegmijelhopmcncefmhlmfagm] - C:\Users\Vauled Customer\AppData\Local\CRE\lckhfkchegmijelhopmcncefmhlmfagm.crx [2013-07-17]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Vauled Customer\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [hllhlhdmmmpbclddmhffaghecjaklneo] - C:\Users\Vauled Customer\AppData\Local\CRE\hllhlhdmmmpbclddmhffaghecjaklneo.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [kdcnnmifdmlmjffdgeieikcokcogpbej] - C:\Program Files (x86)\OApps\chromeaddon2.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lckhfkchegmijelhopmcncefmhlmfagm] - C:\Users\Vauled Customer\AppData\Local\CRE\lckhfkchegmijelhopmcncefmhlmfagm.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Vauled Customer\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots) [File not signed]
R2 cozaghost; C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe [472560 2014-12-18] (Printer Extension)
R2 cozwdhost; C:\ProgramData\zoomify_29\1.1.0.29\cozwdhost.exe [199152 2014-12-18] (Printer Extension)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 12:03 - 2014-12-27 12:03 - 00000000 ____D () C:\Users\Vauled Customer\Desktop\FRST-OlderVersion
2014-12-25 17:31 - 2014-12-25 17:31 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 10:19 - 2014-12-25 13:51 - 00031738 _____ () C:\Users\Vauled Customer\Desktop\Addition.txt
2014-12-25 10:18 - 2014-12-27 12:04 - 00028485 _____ () C:\Users\Vauled Customer\Desktop\FRST.txt
2014-12-25 10:17 - 2014-12-27 12:03 - 02122752 _____ (Farbar) C:\Users\Vauled Customer\Desktop\FRST64.exe
2014-12-25 10:17 - 2014-12-27 12:03 - 00000000 ____D () C:\FRST
2014-12-24 10:20 - 2014-12-25 17:27 - 00000560 _____ () C:\Windows\setupact.log
2014-12-24 10:20 - 2014-12-24 10:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-24 09:59 - 2014-12-25 17:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 09:58 - 2014-12-24 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 09:58 - 2014-12-24 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 09:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-24 09:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-23 15:13 - 2014-12-23 15:13 - 00000423 _____ () C:\Users\Vauled Customer\Desktop\Continue JFileManager installation.lnk
2014-12-23 12:58 - 2014-12-23 12:58 - 01946777 _____ () C:\Windows\shost.bin
2014-12-22 12:28 - 2014-12-22 12:29 - 00001744 _____ () C:\ProgramData\tempimage.bmp
2014-12-22 12:19 - 2014-12-23 12:58 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-22 12:19 - 2014-12-22 12:20 - 01319212 _____ ( ) C:\Users\Vauled Customer\Desktop\Flash.exe
2014-12-22 12:19 - 2014-12-22 12:19 - 00000088 _____ () C:\Users\Vauled Customer\AppData\Local\c326b775a59d1c72d7c3299b9dcf4470
2014-12-22 12:19 - 2014-12-22 12:19 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\globalUpdate
2014-12-22 12:18 - 2014-12-22 12:19 - 00000000 ____D () C:\Users\Vauled Customer\Documents\ProPCCleaner
2014-12-22 12:18 - 2014-12-22 12:18 - 00003494 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2014-12-22 12:18 - 2014-12-22 12:18 - 00003230 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2014-12-22 12:18 - 2014-12-22 12:18 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\Pro_PC_Cleaner
2014-12-22 12:16 - 2014-12-22 12:16 - 00003542 _____ () C:\Windows\System32\Tasks\BBQLeads
2014-12-22 00:31 - 2014-12-22 12:32 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-12-22 00:31 - 2014-12-22 00:31 - 00000000 ____D () C:\ProgramData\zoomify_29
2014-12-22 00:16 - 2014-12-22 00:16 - 05624386 _____ () C:\Users\Vauled Customer\Desktop\2009-04-21_Hampton_Forest_Apartment_Homes_playground.jpeg
2014-12-21 02:06 - 2014-12-21 00:55 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-21 02:06 - 2013-01-12 03:30 - 00859552 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-12-21 02:06 - 2013-01-12 03:30 - 00780192 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-12-21 00:55 - 2014-12-21 00:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-21 00:55 - 2014-12-21 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-21 00:53 - 2014-12-21 00:53 - 00638888 _____ (Oracle Corporation) C:\Users\Vauled Customer\Desktop\chromeinstall-8u25.exe
2014-12-17 14:10 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 14:10 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 03:46 - 2014-12-12 03:46 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 03:02 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 03:02 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 00:34 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-12 00:34 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 00:34 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 00:34 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-12 00:34 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 00:34 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-12 00:34 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 00:34 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-12 00:34 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-12 00:34 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 00:34 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-12 00:34 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 00:34 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-12 00:34 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 00:34 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-12 00:34 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-12 00:34 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 00:34 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 00:34 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 00:34 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 00:34 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-12 00:34 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 00:34 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 00:34 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-12 00:34 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-12 00:34 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 00:34 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-12 00:34 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 00:34 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 00:34 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-12 00:34 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 00:34 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-12 00:34 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 00:34 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-12 00:34 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-12 00:34 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 00:34 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 00:34 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 00:34 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 00:34 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-12 00:34 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 00:34 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 00:34 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 00:34 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 00:34 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 00:34 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 00:34 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-12 00:34 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 00:34 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 00:34 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-12 00:34 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 00:34 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 00:34 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-12 00:33 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-12 00:32 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-12 00:32 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-12 00:31 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 00:31 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 00:31 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 00:31 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 00:31 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-12 00:31 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 00:31 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 00:31 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 00:31 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 00:31 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 00:31 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 00:31 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 00:31 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 00:31 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 00:31 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 00:29 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 00:29 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 12:02 - 2013-07-15 19:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 12:02 - 2013-07-09 21:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 12:02 - 2013-06-12 21:22 - 01398996 _____ () C:\Windows\WindowsUpdate.log
2014-12-25 18:27 - 2014-11-03 15:07 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Google
2014-12-25 17:38 - 2013-06-12 21:23 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-25 17:38 - 2013-06-12 21:23 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 17:29 - 2012-11-28 10:24 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-25 17:29 - 2012-11-28 10:24 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-25 17:29 - 2011-04-21 15:12 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-25 17:28 - 2013-07-15 19:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 17:27 - 2013-06-12 21:16 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 17:26 - 2014-11-07 23:45 - 00120650 _____ () C:\Windows\PFRO.log
2014-12-25 10:14 - 2013-06-12 21:24 - 00006392 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-12-24 10:44 - 2013-06-12 21:16 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-24 10:19 - 2012-11-28 07:53 - 00000000 ____D () C:\Windows\SMINST
2014-12-24 10:12 - 2013-08-19 10:00 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 09:58 - 2013-08-19 10:00 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Malwarebytes
2014-12-24 09:58 - 2013-08-19 10:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-24 09:58 - 2013-08-19 10:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-24 09:54 - 2014-10-04 21:29 - 00000000 ____D () C:\found.001
2014-12-22 12:28 - 2012-12-03 09:51 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-12-22 12:17 - 2009-07-13 20:34 - 00000537 _____ () C:\Windows\win.ini
2014-12-22 00:13 - 2013-06-09 16:49 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\CrashDumps
2014-12-21 00:55 - 2013-02-01 11:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-21 00:55 - 2013-02-01 11:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-21 00:55 - 2013-02-01 11:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-21 00:55 - 2012-11-28 10:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-17 14:07 - 2014-02-28 01:41 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-15 14:57 - 2014-04-10 21:43 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 08:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:55 - 2012-11-28 10:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 03:46 - 2014-05-16 02:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 03:46 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:46 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 03:18 - 2013-08-19 09:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:04 - 2012-12-03 10:21 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 00:33 - 2013-07-09 21:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 00:32 - 2013-07-09 21:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 00:32 - 2013-07-09 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-03 05:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-01 14:46 - 2013-01-10 19:30 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\CutePDF Writer
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 14:41
 
==================== End Of Log ============================


#4 bhenson

bhenson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 28 December 2014 - 01:16 AM

"ADDITION NOTEPAD"

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by Vauled Customer at 2014-12-27 12:05:03
Running from C:\Users\Vauled Customer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Bing Bar (HKLM-x32\...\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}) (Version: 7.1.391.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-485000846-1325268589-2709162160-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
Neat (HKLM-x32\...\Neat) (Version: 5.5.2.7 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.0.61 - The Neat Company)
Neat Core Files (x32 Version: 5.5.2.7 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.0.63 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.0.69 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
Software Updater (HKLM-x32\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zoomify (HKLM-x32\...\zoomify) (Version: 1.1.0.29 - Zoomify) <==== ATTENTION!
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
20-11-2014 03:00:25 Windows Update
25-11-2014 01:40:47 Windows Update
02-12-2014 13:38:45 Scheduled Checkpoint
03-12-2014 01:45:00 Windows Update
07-12-2014 19:13:52 Windows Update
11-12-2014 15:20:35 Windows Update
12-12-2014 03:00:33 Windows Update
15-12-2014 14:45:08 Windows Update
18-12-2014 03:00:35 Windows Update
22-12-2014 12:24:55 Windows Update
24-12-2014 10:22:47 Removed Java 8 Update 25
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2013-06-30 22:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05273C59-7CEF-48A4-911A-0637F7621AE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0DCC0502-5249-4563-8A20-B6AA34FD59FA} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {3417651D-868E-48C3-9010-69DF37844C1E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {37429C74-6699-44CA-A299-E7354F4F9C90} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {3E4FE01B-8594-4377-B573-816521AE1850} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {56E17327-9A62-49CD-805F-BBDD7B27259C} - System32\Tasks\{524048D3-7F42-4785-96A6-024CE60D12B6} => pcalua.exe -a E:\converter.exe -d E:\
Task: {73D29333-8DE0-4F82-8987-4E95529169FA} - \VisualBeeRecovery No Task File <==== ATTENTION
Task: {74DB91B6-2881-4F52-9072-4B671548CD40} - System32\Tasks\Test TimeTrigger => C:\Users\VAULED~1\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {92535608-F934-461A-A1E2-6229CA3DE52D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {9F4DDC42-C916-40E1-89EC-35780A2BD68F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {E5FC05CD-76F8-43DC-BD02-B451665DAE75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {EEB79647-BAC5-419E-B585-F13A63B57298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {F6A6576D-65B9-4C2F-A85F-465129790D9D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-03 09:51 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-12-04 19:17 - 2012-09-06 06:41 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2009-10-15 02:10 - 2009-10-15 02:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-04-21 15:12 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-10-15 04:23 - 2014-10-15 04:23 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll
2011-04-21 14:31 - 2010-06-08 09:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: SysMain => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConduitFloatingPlugin_hllhlhdmmmpbclddmhffaghecjaklneo => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3287803\plugins\TBVerifier.dll",RunConduitFloatingPlugin hllhlhdmmmpbclddmhffaghecjaklneo
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: OtShot => C:\Program Files (x86)\OtShot\otshot.exe -minimize
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-485000846-1325268589-2709162160-500 - Administrator - Disabled)
Guest (S-1-5-21-485000846-1325268589-2709162160-501 - Limited - Disabled)
Vauled Customer (S-1-5-21-485000846-1325268589-2709162160-1000 - Administrator - Enabled) => C:\Users\Vauled Customer
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/25/2014 05:32:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (12/25/2014 05:32:15 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (12/25/2014 10:14:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (12/25/2014 10:14:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (12/25/2014 10:12:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (12/25/2014 10:12:20 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (12/25/2014 10:10:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x5492bce1
Faulting module name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x5492bce1
Exception code: 0xc0000005
Fault offset: 0x00017400
Faulting process id: 0x794
Faulting application start time: 0xcozaghost.exe0
Faulting application path: cozaghost.exe1
Faulting module path: cozaghost.exe2
Report Id: cozaghost.exe3
 
Error: (12/25/2014 09:51:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (12/25/2014 09:51:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (12/24/2014 11:45:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
 
System errors:
=============
Error: (12/25/2014 05:29:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Pml Driver HPZ12 service terminated with the following error: 
%%126
 
Error: (12/25/2014 05:29:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Net Driver HPZ12 service terminated with the following error: 
%%126
 
Error: (12/25/2014 05:28:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (12/25/2014 05:28:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (12/25/2014 05:27:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:25:41 PM on ‎12/‎25/‎2014 was unexpected.
 
Error: (12/25/2014 10:11:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The cozaghost service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/25/2014 10:09:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Pml Driver HPZ12 service terminated with the following error: 
%%126
 
Error: (12/25/2014 10:09:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Net Driver HPZ12 service terminated with the following error: 
%%126
 
Error: (12/25/2014 10:08:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:06:22 AM on ‎12/‎25/‎2014 was unexpected.
 
Error: (12/25/2014 10:06:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The cozaghost service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (12/25/2014 05:32:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (12/25/2014 05:32:15 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
 
Error: (12/25/2014 10:14:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000
 
Error: (12/25/2014 10:14:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000
 
Error: (12/25/2014 10:12:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (12/25/2014 10:12:20 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
 
Error: (12/25/2014 10:10:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cozaghost.exe1.1.0.295492bce1cozaghost.exe1.1.0.295492bce1c00000050001740079401d0205d120feeedC:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exeC:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe9635570a-8c50-11e4-b953-782bcbe65aec
 
Error: (12/25/2014 09:51:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000
 
Error: (12/25/2014 09:51:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000
 
Error: (12/24/2014 11:45:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-30 23:46:05.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 23:46:04.731
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 55%
Total physical RAM: 3034.36 MB
Available physical RAM: 1353.34 MB
Total Pagefile: 6066.91 MB
Available Pagefile: 4062.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:223.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4FB734B4)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:43 PM

Posted 28 December 2014 - 08:23 AM

Hi,

please try this:

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Zoomify
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 bhenson

bhenson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 29 December 2014 - 06:17 PM

# AdwCleaner v4.106 - Report created 29/12/2014 at 05:07:52
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Vauled Customer - XSTREAMDELLLAPT
# Running from : C:\Users\Vauled Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46L6NXBL\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\BasicSeek
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\otshot
Folder Deleted : C:\Program Files (x86)\Qwiklinx
Folder Deleted : C:\Program Files (x86)\snipsmart
Folder Deleted : C:\Users\Vauled Customer\AppData\Local\Conduit
Folder Deleted : C:\Users\Vauled Customer\AppData\Local\DefineExt
Folder Deleted : C:\Users\Vauled Customer\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Vauled Customer\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Vauled Customer\AppData\LocalLow\zoomify
Folder Deleted : C:\Users\Vauled Customer\AppData\Roaming\Qwiklinx
Folder Deleted : C:\Users\Vauled Customer\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Vauled Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\plugin@selectionlinks.com
Folder Deleted : C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdnblnolcinnndenjnollpiplgkbjcn
File Deleted : C:\END
File Deleted : C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\invalidprefs.js
File Deleted : C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : VisualBeeRecovery
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287375
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287803
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298567
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3304782
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E7C8B5A-96AB-438F-BF9B-782400655440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E7C8B5A-96AB-438F-BF9B-782400655440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3E7C8B5A-96AB-438F-BF9B-782400655440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E7C8B5A-96AB-438F-BF9B-782400655440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Microsoft\KanarCore
Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\Define Ext
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\BasicSeek
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\Define Ext
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.1000082.isPlayDisplay", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.FirstTime", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.FirstTimeFF3", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NjAxMTM1OQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.PG_ENABLE", "dHJ1ZQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.SF_JUST_INSTALLED.enc", "RkFMU0U=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.SF_STATUS.enc", "RU5BQkxFRA==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.SF_USER_ID.enc", "Y2lkXzExODIwMTMxODEzODg3OTcyNjA=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.UserID", "UN26092226832738213");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.YTbyClickFavorites.enc", "W10=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.YTbyClickRecent.enc", "W10=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375._key_cl_active", "%EA%BA%E9%BB%BF%BF%EA%EA%B3%B9%BA%E9%B8%B3%BA%E9%B9%E7%B3%E8%B9%BA%EB%B3%B9%B9%E8%B7%B8%BF%EA%B8%EA%EC%BF%BF");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375._key_cl_active.enc", "ZDRjNTk5ZGQtMzRjMi00YzNhLWIzNGUtMzNiMTI5ZDJkZjk5");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.acp_personal.appstate.enc", "ZW5hYmxl");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.addressBarTakeOverEnabledInHidden", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.browser.search.defaultthis.engineName", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.cb_experience_000.enc", "MQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.cb_firstuse0100.enc", "MQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.cb_user_id_000.enc", "Q0I0MDI0MDE4OTMzMDBfMTM3NjkzNTUyMDQzNV9GaXJlZm94");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.cbfirsttime.enc", "VGh1IEF1ZyAwOCAyMDEzIDIwOjIyOjIzIEdNVC0wNTAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.countryCode", "US");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc2NDM3MDkxOTM5LDE0NDAwMDAwXX0=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.discover-user-id.enc", "ImRkZWVhN2Q5LTgzYzQtNGI2Ny1hZDk2LWEzMWM1YmI3NDQyNiI=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.firstTimeDialogOpened", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.fixPageNotFoundErrorByUser", "TRUE");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.fixPageNotFoundErrorInHidden", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.fixUrls", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.fullUserID", "UN26092226832738213.UP.20130710000135");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.ground-country-code.enc", "IlVTIg==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.isCheckedStartAsHidden", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.isFirstTimeToolbarLoading", "false");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.keyword", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN26092226832738213&SSPV=&Lay=1&UM=2\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.lastVersion", "10.16.70.505");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appStateReportTime", "%B7%B9%BE%BD%BE%B8%B7%BF%BF%BD%BA%BD%BD");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appStateReportTime.enc", "MTM4NzgyMTk5NzQ3Nw==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_ACplus.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_Clarity_Active", "%F5%F4");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_Clarity_Active.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_CouponBuddy.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_Discover.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_Easytobook.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_Easytobook_targeted.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_Find-a-Pro.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_PriceGong.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appState_WindowShopper.enc", "b24=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_currentVersion", "%B7%B4%B7%B8%B4%B6%B4%BB");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_currentVersion.enc", "MS4xMi4wLjU=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_first_time", "%B7");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_first_time.enc", "MQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_installer_preapproved.enc", "VFJVRQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_lastLoginTime", "%B7%B9%BE%BD%BE%B8%B7%BF%BF%BE%BA%B6%B9");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_lastLoginTime.enc", "MTM4NzgyMTk5ODQwMw==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_settings1.12.0.5", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMjMiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_stamp.enc", "MTA0M18w");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_userId", "%BE%BF%BD%BE%B6%BC%BE%BC%B3%E9%E7%BE%B9%B3%BA%E7%B8%BA%B3%BE%B8%BB%B6%B3%BA%E7%BD%BF%B8%BF%E7%E8%EB%BB%E8%B7");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_userId.enc", "ODk3ODA2ODYtY2E4My00YTI0LTgyNTAtNGE3OTI5YWJlNWIx");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_user_approval_interacted", "%B7");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_user_approval_interacted.enc", "MQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_welcomeDialogMode", "%B7");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.mam_gk_welcomeDialogMode.enc", "MQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.migrateAppsAndComponents", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.mozilla.com%2Fen-US%2Ffirefox%2F23.0.1%2Ffirstrun%2F\",\"EB_MAIN_FRAME_TITLE\":\"Problem[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287803&octid=CT3287803&SearchSource=61&CUI=UN76374116936281268&UM=2&UP=SPF61F7D10-7493-41EF-AE81-7EE2005794B1");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.originalSearchAddressUrl", "");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.originalSearchEngine", "Google");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.originalSearchEngineName", "Google");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.price-gong.isManagedApp", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.search.searchAppId", "10000002");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.search.searchCount", "1");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.searchFromAddressBarEnabledByUser", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.searchInNewTabEnabledByUser", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.searchInNewTabEnabledInHidden", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.searchSuggestEnabledByUser", "TRUE");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.searchUserMode", "2");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287375\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Vafmusic.OurToolbar.com//xpi\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vafmusic\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_Configuration_lastUpdate", "1376935562007");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1376935562523");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_appTracking_lastUpdate", "1376109046318");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_appsMetadata_lastUpdate", "1376935562537");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1376019359100");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_login_10.16.70.505_lastUpdate", "1376935562605");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1376019359033");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_searchAPI_lastUpdate", "1376935561940");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_serviceMap_lastUpdate", "1376935561815");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_toolbarContextMenu_lastUpdate", "1376019358961");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_toolbarSettings_lastUpdate", "1376935562582");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.serviceLayer_services_translation_lastUpdate", "1376935562554");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.settingsINI", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.showToolbarPermission", "false");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.smartbar.CTID", "CT3287375");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.smartbar.Uninstall", "0");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.smartbar.homepage", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.smartbar.toolbarName", "Vafmusic ");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.toolbarBornServerTime", "9-8-2013");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.toolbarCurrentServerTime", "19-8-2013");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.toolbarLoginClientTime", "Thu Aug 08 2013 20:21:20 GMT-0500 (Central Standard Time)");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375.url_history0001.enc", "aHR0cDovL2FxdWFmbGVldHNvbHV0aW9ucy5jb20vY2hlbWljYWxzLzo6OmNsaWNraGFuZGxlcjo6OjEzNzY0NDAyNTkwMTYsLCxodHRwOi8vYXF1YWZsZWV0c29sdXRpb25zLmNvbS9nYWxsZXJ5Lzo6OmNs[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3287375_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1419438934829,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.FirstTime", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.FirstTimeFF3", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.UserID", "UN11177249981562042");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.addressBarTakeOverEnabledInHidden", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.countryCode", "US");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.embeddedsData", "[{\"appId\":\"130110228079688309\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.fixPageNotFoundErrorByUser", "TRUE");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.fixPageNotFoundErrorInHidden", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.fixUrls", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.fullUserID", "UN11177249981562042.UP.20130710000135");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.isCheckedStartAsHidden", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.isFirstTimeToolbarLoading", "false");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.lastVersion", "10.16.70.505");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.mam_gk_installer_preapproved.enc", "VFJVRQ==");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.migrateAppsAndComponents", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.mozilla.com%2Fen-US%2Ffirefox%2F23.0.1%2Ffirstrun%2F\",\"EB_MAIN_FRAME_TITLE\":\"Problem[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.search.searchAppId", "130110228079688309");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.search.searchCount", "0");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.searchInNewTabEnabledByUser", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.searchInNewTabEnabledInHidden", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.searchSuggestEnabledByUser", "TRUE");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.searchUserMode", "2");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298567\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV31.OurToolbar.com//xpi\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V31\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.settingsINI", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.showToolbarPermission", "false");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.smartbar.CTID", "CT3298567");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.smartbar.Uninstall", "0");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.smartbar.toolbarName", "MixiDJ V31 ");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.toolbarBornServerTime", "19-8-2013");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.toolbarCurrentServerTime", "19-8-2013");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567.toolbarLoginClientTime", "Wed Dec 24 2014 10:35:50 GMT-0600 (Central Standard Time)");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3298567_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1419438947163,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.FirstTime", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.FirstTimeFF3", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304782&SearchSource=2&CUI=UN42671751642356122&UM=2&q=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.UserID", "UN42671751642356122");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.addressBarTakeOverEnabledInHidden", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.browser.search.defaultthis.engineName", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.countryCode", "US");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.defaultSearch", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.embeddedsData", "[{\"appId\":\"130149055053904800\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.enableAlerts", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.enableSearchFromAddressBar", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.firstTimeDialogOpened", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.fixPageNotFoundError", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.fixPageNotFoundErrorByUser", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.fixPageNotFoundErrorInHidden", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.fixUrls", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.fullUserID", "UN42671751642356122.IN.20130724093735");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.installId", "conduitinstaller.exe");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.installType", "conduitnsisintegration");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.isCheckedStartAsHidden", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.isFirstTimeToolbarLoading", "false");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.keyword", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3304782&octid=CT3304782&SearchSource=15&CUI=UN42671751642356122&SSPV=&Lay=1&UM=2\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.lastVersion", "10.16.7.25");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.migrateAppsAndComponents", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.mozilla.com%2Fen-US%2Ffirefox%2F23.0.1%2Ffirstrun%2F\",\"EB_MAIN_FRAME_TITLE\":\"Problem[...]
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.openThankYouPage", "false");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.openUninstallPage", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.originalHomepage", "chrome://branding/locale/browserconfig.properties");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.originalSearchAddressUrl", false);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.originalSearchEngine", "Google");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.originalSearchEngineName", "Google");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.revertSettingsEnabled", "false");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.search.searchAppId", "130149055053904800");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.search.searchCount", "0");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.searchFromAddressBarEnabledByUser", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.searchInNewTabEnabledByUser", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.searchInNewTabEnabledInHidden", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.searchSuggestEnabledByUser", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.searchUserMode", "2");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3304782\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBarSocialT1.OurToolbar.com//xpi\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.8\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.settingsINI", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.shouldFirstTimeDialog", "false");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.showToolbarPermission", "false");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.smartbar.CTID", "CT3304782");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.smartbar.Uninstall", "0");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.smartbar.homepage", true);
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.smartbar.toolbarName", "KeyBar 1.8 ");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.startPage", "true");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.toolbarBornServerTime", "19-8-2013");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.toolbarCurrentServerTime", "19-8-2013");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782.toolbarLoginClientTime", "Wed Dec 24 2014 10:35:49 GMT-0600 (Central Standard Time)");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("CT3304782_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1419438936827,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3304782&CUI=UN42671751642356122&UM=2&SearchSource=13");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.8 Customized Web Search");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304782&SearchSource=2&CUI=UN42671751642356122&UM=2&q=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3304782");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "KeyBar 1.8 Customized Web Search");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "KeyBar 1.8 Customized Web Search");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3304782&CUI=UN42671751642356122&UM=2&SearchSource=13");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304782&SearchSource=2&CUI=UN42671751642356122&UM=2&q=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3304782");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3304782&CUI=UN42671751642356122&UM=2&SearchSource=13");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304782&SearchSource=2&CUI=UN42671751642356122&UM=2&q=");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3304782");
[5m7yx7bq.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3304782");
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [37832 octets] - [29/12/2014 05:05:02]
AdwCleaner[S0].txt - [40320 octets] - [29/12/2014 05:07:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [40381 octets] ##########


#7 bhenson

bhenson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 29 December 2014 - 06:22 PM

FRST NOTEPAD

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Vauled Customer (administrator) on XSTREAMDELLLAPT on 29-12-2014 05:18:20
Running from C:\Users\Vauled Customer\Desktop
Loaded Profile: Vauled Customer (Available profiles: Vauled Customer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\WINDOWS\VPDAgent_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Extension Manager] => C:\Program Files (x86)\Extension Manager\SystemBrowser.exe
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-03] (Google Inc.)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\RunOnce: [Uninstall C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\RunOnce: [Uninstall C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Vauled Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Vauled Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-485000846-1325268589-2709162160-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKU\S-1-5-21-485000846-1325268589-2709162160-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Cartwheel Shopping -> {B50DF051-E1D4-439C-B94E-F4DE82B56542} -> C:\Users\Vauled Customer\AppData\Roaming\Cartwheel\Cartwheel.dll (Cartwheel, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-485000846-1325268589-2709162160-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Zoomify - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\sdd@zmfpro.com [2014-12-22]
FF Extension: Vafmusic  - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [2013-07-24]
FF Extension: MixiDJ V31  - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\{988919ff-0cd8-4d0c-bc7e-60d55a49eb64} [2013-07-24]
FF Extension: KeyBar 1.8  - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79} [2013-07-24]
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com [2013-08-19]
FF Extension: No Name - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\extensions\plugin@selectionlinks.com [Not Found]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-22]
CHR Extension: (YouTube) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2014-05-04]
CHR Extension: (Free Invoice Maker) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp [2012-12-03]
CHR Extension: (Google Wallet) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (VEGA Conflict) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnhjmhhejnacfimcjhjbcphfnndhfec [2014-05-04]
CHR Extension: (Gmail) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Chrome\Extension: [hllhlhdmmmpbclddmhffaghecjaklneo] - C:\Users\Vauled Customer\AppData\Local\CRE\hllhlhdmmmpbclddmhffaghecjaklneo.crx [2013-08-07]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Chrome\Extension: [lckhfkchegmijelhopmcncefmhlmfagm] - C:\Users\Vauled Customer\AppData\Local\CRE\lckhfkchegmijelhopmcncefmhlmfagm.crx [2013-07-17]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Vauled Customer\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [hllhlhdmmmpbclddmhffaghecjaklneo] - C:\Users\Vauled Customer\AppData\Local\CRE\hllhlhdmmmpbclddmhffaghecjaklneo.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [lckhfkchegmijelhopmcncefmhlmfagm] - C:\Users\Vauled Customer\AppData\Local\CRE\lckhfkchegmijelhopmcncefmhlmfagm.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Vauled Customer\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots) [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 cozaghost; "C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe" /ts2=1 [X]
S2 cozwdhost; "C:\ProgramData\zoomify_29\1.1.0.29\cozwdhost.exe" -scm [X]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
S2 XlJLnAeCdY; "C:\ProgramData\FwpxMIXWFN\XlJLnAeCdY.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-29 05:07 - 2014-12-29 05:07 - 00004048 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-12-29 05:07 - 2014-12-29 05:07 - 00001931 _____ () C:\Users\Vauled Customer\Desktop\Sync Folder.lnk
2014-12-29 05:07 - 2014-12-29 05:07 - 00001031 _____ () C:\Users\Vauled Customer\Desktop\MyPC Backup.lnk
2014-12-29 05:07 - 2014-12-29 05:07 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-12-29 05:06 - 2014-12-29 05:07 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-12-29 05:05 - 2014-12-29 05:06 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Cartwheel
2014-12-29 05:04 - 2014-12-29 05:12 - 00000000 ____D () C:\ProgramData\FwpxMIXWFN
2014-12-29 05:04 - 2014-12-29 05:08 - 00000000 ____D () C:\AdwCleaner
2014-12-29 05:04 - 2014-12-29 05:04 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\WebGuard
2014-12-29 05:03 - 2014-12-29 05:04 - 00000000 ____D () C:\ProgramData\WebGuard
2014-12-29 05:03 - 2014-12-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall AdwCleaner and Options
2014-12-29 05:03 - 2014-12-29 05:03 - 00000000 ____D () C:\Program Files (x86)\AdwCleaner and Options
2014-12-29 05:01 - 2014-12-29 05:02 - 00802976 _____ (Download Publisher) C:\Users\Vauled Customer\Desktop\AdwCleaner Setup.exe
2014-12-29 04:53 - 2014-12-29 04:53 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-12-29 04:53 - 2014-12-29 04:53 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\VS Revo Group
2014-12-29 04:53 - 2014-12-29 04:53 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-29 04:53 - 2014-12-29 04:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-29 04:53 - 2014-12-29 04:53 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-29 04:53 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-12-29 04:46 - 2014-12-29 04:47 - 10801480 _____ (VS Revo Group ) C:\Users\Vauled Customer\Desktop\RevoUninProSetup.exe
2014-12-27 12:03 - 2014-12-29 05:18 - 00000000 ____D () C:\Users\Vauled Customer\Desktop\FRST-OlderVersion
2014-12-25 17:31 - 2014-12-25 17:31 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 10:19 - 2014-12-27 12:05 - 00031557 _____ () C:\Users\Vauled Customer\Desktop\Addition.txt
2014-12-25 10:18 - 2014-12-29 05:19 - 00024080 _____ () C:\Users\Vauled Customer\Desktop\FRST.txt
2014-12-25 10:17 - 2014-12-29 05:18 - 02123264 _____ (Farbar) C:\Users\Vauled Customer\Desktop\FRST64.exe
2014-12-25 10:17 - 2014-12-29 05:18 - 00000000 ____D () C:\FRST
2014-12-24 10:20 - 2014-12-29 05:10 - 00000672 _____ () C:\Windows\setupact.log
2014-12-24 10:20 - 2014-12-24 10:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-24 09:59 - 2014-12-29 05:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 09:58 - 2014-12-24 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 09:58 - 2014-12-24 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 09:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-24 09:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-23 15:13 - 2014-12-23 15:13 - 00000423 _____ () C:\Users\Vauled Customer\Desktop\Continue JFileManager installation.lnk
2014-12-23 12:58 - 2014-12-23 12:58 - 01946777 _____ () C:\Windows\shost.bin
2014-12-22 12:28 - 2014-12-22 12:29 - 00001744 _____ () C:\ProgramData\tempimage.bmp
2014-12-22 12:19 - 2014-12-22 12:20 - 01319212 _____ ( ) C:\Users\Vauled Customer\Desktop\Flash.exe
2014-12-22 12:19 - 2014-12-22 12:19 - 00000088 _____ () C:\Users\Vauled Customer\AppData\Local\c326b775a59d1c72d7c3299b9dcf4470
2014-12-22 12:18 - 2014-12-22 12:19 - 00000000 ____D () C:\Users\Vauled Customer\Documents\ProPCCleaner
2014-12-22 12:18 - 2014-12-22 12:18 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\Pro_PC_Cleaner
2014-12-22 12:16 - 2014-12-22 12:16 - 00003542 _____ () C:\Windows\System32\Tasks\BBQLeads
2014-12-22 00:31 - 2014-12-29 05:09 - 00000000 ____D () C:\ProgramData\zoomify_29
2014-12-22 00:16 - 2014-12-22 00:16 - 05624386 _____ () C:\Users\Vauled Customer\Desktop\2009-04-21_Hampton_Forest_Apartment_Homes_playground.jpeg
2014-12-21 02:06 - 2014-12-21 00:55 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-21 02:06 - 2013-01-12 03:30 - 00859552 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-12-21 02:06 - 2013-01-12 03:30 - 00780192 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-12-21 00:55 - 2014-12-21 00:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-21 00:55 - 2014-12-21 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-21 00:53 - 2014-12-21 00:53 - 00638888 _____ (Oracle Corporation) C:\Users\Vauled Customer\Desktop\chromeinstall-8u25.exe
2014-12-17 14:10 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 14:10 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 03:46 - 2014-12-12 03:46 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 03:02 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 03:02 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 00:34 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-12 00:34 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 00:34 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 00:34 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-12 00:34 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 00:34 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-12 00:34 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 00:34 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-12 00:34 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-12 00:34 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 00:34 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-12 00:34 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 00:34 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-12 00:34 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 00:34 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-12 00:34 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-12 00:34 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 00:34 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 00:34 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 00:34 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 00:34 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-12 00:34 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 00:34 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 00:34 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-12 00:34 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-12 00:34 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 00:34 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-12 00:34 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 00:34 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 00:34 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-12 00:34 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 00:34 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-12 00:34 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 00:34 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-12 00:34 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-12 00:34 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 00:34 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 00:34 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 00:34 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 00:34 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-12 00:34 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 00:34 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 00:34 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 00:34 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 00:34 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 00:34 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 00:34 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-12 00:34 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 00:34 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 00:34 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-12 00:34 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 00:34 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 00:34 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-12 00:33 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-12 00:32 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-12 00:32 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-12 00:31 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 00:31 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 00:31 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 00:31 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 00:31 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-12 00:31 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 00:31 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 00:31 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 00:31 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 00:31 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 00:31 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 00:31 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 00:31 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 00:31 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 00:31 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 00:29 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 00:29 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-29 05:17 - 2013-06-12 21:22 - 01479073 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 05:15 - 2013-06-12 21:23 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 05:15 - 2013-06-12 21:23 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 05:13 - 2011-04-21 15:12 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-29 05:12 - 2012-11-28 10:24 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-29 05:12 - 2012-11-28 10:24 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-29 05:11 - 2013-07-15 19:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 05:10 - 2013-06-12 21:16 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 05:09 - 2014-11-07 23:45 - 00120960 _____ () C:\Windows\PFRO.log
2014-12-29 04:47 - 2013-06-09 16:49 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\CrashDumps
2014-12-27 12:07 - 2013-06-12 21:24 - 00006392 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-12-27 12:02 - 2013-07-15 19:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 12:02 - 2013-07-09 21:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-25 18:27 - 2014-11-03 15:07 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Google
2014-12-24 10:44 - 2013-06-12 21:16 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-24 10:19 - 2012-11-28 07:53 - 00000000 ____D () C:\Windows\SMINST
2014-12-24 10:12 - 2013-08-19 10:00 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 09:58 - 2013-08-19 10:00 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Malwarebytes
2014-12-24 09:58 - 2013-08-19 10:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-24 09:58 - 2013-08-19 10:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-24 09:54 - 2014-10-04 21:29 - 00000000 ____D () C:\found.001
2014-12-22 12:28 - 2012-12-03 09:51 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-12-22 12:17 - 2009-07-13 20:34 - 00000537 _____ () C:\Windows\win.ini
2014-12-21 00:55 - 2013-02-01 11:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-21 00:55 - 2013-02-01 11:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-21 00:55 - 2013-02-01 11:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-21 00:55 - 2012-11-28 10:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-17 14:07 - 2014-02-28 01:41 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-15 14:57 - 2014-04-10 21:43 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 08:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:55 - 2012-11-28 10:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 03:46 - 2014-05-16 02:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 03:46 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:46 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 03:18 - 2013-08-19 09:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:04 - 2012-12-03 10:21 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 00:33 - 2013-07-09 21:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 00:32 - 2013-07-09 21:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 00:32 - 2013-07-09 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-03 05:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-01 14:46 - 2013-01-10 19:30 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\CutePDF Writer
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 14:41
 
==================== End Of Log ============================

ADDITION NOTEPAD

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Vauled Customer at 2014-12-29 05:19:56
Running from C:\Users\Vauled Customer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AdwCleaner and Options (HKLM\...\AdwCleaner_and_Options) (Version: 1.0 - AdwCleaner)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cartwheel Shopping (HKLM-x32\...\{63E29D1A-D6B5-4295-BFAC-967606232411}_is1) (Version: 1.10.0.2222 - Cartwheel, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
Neat (HKLM-x32\...\Neat) (Version: 5.5.2.7 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.0.61 - The Neat Company)
Neat Core Files (x32 Version: 5.5.2.7 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.0.63 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.0.69 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
Software Updater (HKLM-x32\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WebGuard (HKLM-x32\...\WebGuard) (Version: 3.0.26 - Interesting Solutions)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
02-12-2014 13:38:45 Scheduled Checkpoint
03-12-2014 01:45:00 Windows Update
07-12-2014 19:13:52 Windows Update
11-12-2014 15:20:35 Windows Update
12-12-2014 03:00:33 Windows Update
15-12-2014 14:45:08 Windows Update
18-12-2014 03:00:35 Windows Update
22-12-2014 12:24:55 Windows Update
24-12-2014 10:22:47 Removed Java 8 Update 25
29-12-2014 04:54:51 Revo Uninstaller Pro's restore point - Zoomify
29-12-2014 04:57:05 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2013-06-30 22:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05273C59-7CEF-48A4-911A-0637F7621AE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0DCC0502-5249-4563-8A20-B6AA34FD59FA} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {3417651D-868E-48C3-9010-69DF37844C1E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {56E17327-9A62-49CD-805F-BBDD7B27259C} - System32\Tasks\{524048D3-7F42-4785-96A6-024CE60D12B6} => pcalua.exe -a E:\converter.exe -d E:\
Task: {74DB91B6-2881-4F52-9072-4B671548CD40} - System32\Tasks\Test TimeTrigger => C:\Users\VAULED~1\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {92535608-F934-461A-A1E2-6229CA3DE52D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {9F4DDC42-C916-40E1-89EC-35780A2BD68F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {CC587508-69EB-4316-A15E-7AA24D2822BE} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: {E5FC05CD-76F8-43DC-BD02-B451665DAE75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {EEB79647-BAC5-419E-B585-F13A63B57298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {F6A6576D-65B9-4C2F-A85F-465129790D9D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-03 09:51 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-12-04 19:17 - 2012-09-06 06:41 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2014-12-29 05:07 - 2014-11-25 13:37 - 00012800 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2009-10-15 02:10 - 2009-10-15 02:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-04-21 15:12 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-12-15 14:56 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-15 14:56 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-10-15 04:23 - 2014-10-15 04:23 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll
2011-04-21 14:31 - 2010-06-08 09:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-15 14:56 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-15 14:56 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: SysMain => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConduitFloatingPlugin_hllhlhdmmmpbclddmhffaghecjaklneo => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3287803\plugins\TBVerifier.dll",RunConduitFloatingPlugin hllhlhdmmmpbclddmhffaghecjaklneo
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: OtShot => C:\Program Files (x86)\OtShot\otshot.exe -minimize
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-485000846-1325268589-2709162160-500 - Administrator - Disabled)
Guest (S-1-5-21-485000846-1325268589-2709162160-501 - Limited - Disabled)
Vauled Customer (S-1-5-21-485000846-1325268589-2709162160-1000 - Administrator - Enabled) => C:\Users\Vauled Customer
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/29/2014 05:15:42 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (12/29/2014 05:15:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (12/29/2014 04:54:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b21b29e1-3549-4fe1-ab91-7e5f69e5d30c}
 
Error: (12/29/2014 04:47:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7ec
 
Start Time: 01d023542652ba0c
 
Termination Time: 6
 
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: 10829a94-8f48-11e4-89ef-782bcbe65aec
 
Error: (12/29/2014 04:47:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WerFault.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2d9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x74d94d66
Faulting process id: 0x12f0
Faulting application start time: 0xWerFault.exe0
Faulting application path: WerFault.exe1
Faulting module path: WerFault.exe2
Report Id: WerFault.exe3
 
Error: (12/29/2014 04:47:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x74d94d66
Faulting process id: 0x15e0
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
 
Error: (12/29/2014 04:46:10 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (12/29/2014 04:45:38 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (12/27/2014 00:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x5492bce1
Faulting module name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x5492bce1
Exception code: 0xc0000005
Fault offset: 0x00017400
Faulting process id: 0xeb8
Faulting application start time: 0xcozaghost.exe0
Faulting application path: cozaghost.exe1
Faulting module path: cozaghost.exe2
Report Id: cozaghost.exe3
 
Error: (12/27/2014 00:17:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x5492bce1
Faulting module name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x5492bce1
Exception code: 0xc0000005
Fault offset: 0x00017440
Faulting process id: 0x1218
Faulting application start time: 0xcozaghost.exe0
Faulting application path: cozaghost.exe1
Faulting module path: cozaghost.exe2
Report Id: cozaghost.exe3
 
 
System errors:
=============
Error: (12/29/2014 05:12:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XlJLnAeCdY service failed to start due to the following error: 
%%1053
 
Error: (12/29/2014 05:12:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the XlJLnAeCdY service to connect.
 
Error: (12/29/2014 05:12:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Pml Driver HPZ12 service terminated with the following error: 
%%126
 
Error: (12/29/2014 05:12:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Net Driver HPZ12 service terminated with the following error: 
%%126
 
Error: (12/29/2014 05:11:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (12/29/2014 05:11:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (12/29/2014 05:11:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwdhost service failed to start due to the following error: 
%%2
 
Error: (12/29/2014 05:11:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozaghost service failed to start due to the following error: 
%%2
 
Error: (12/29/2014 05:11:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (12/29/2014 05:11:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (12/29/2014 05:15:42 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (12/29/2014 05:15:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
 
Error: (12/29/2014 04:54:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b21b29e1-3549-4fe1-ab91-7e5f69e5d30c}
 
Error: (12/29/2014 04:47:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.7117ec01d023542652ba0c6C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe10829a94-8f48-11e4-89ef-782bcbe65aec
 
Error: (12/29/2014 04:47:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WerFault.exe6.1.7600.163854a5bc2d9unknown0.0.0.000000000c000041d74d94d6612f001d02354c5c5150fC:\Windows\SysWOW64\WerFault.exeunknown09334fbc-8f48-11e4-89ef-782bcbe65aec
 
Error: (12/29/2014 04:47:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c000041d74d94d6615e001d02354bb40d1f4C:\Windows\SysWOW64\DllHost.exeunknown058750f9-8f48-11e4-89ef-782bcbe65aec
 
Error: (12/29/2014 04:46:10 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (12/29/2014 04:45:38 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
 
Error: (12/27/2014 00:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cozaghost.exe1.1.0.295492bce1cozaghost.exe1.1.0.295492bce1c000000500017400eb801d02201639c7ff1C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exeC:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exea6e46897-8df4-11e4-acbd-782bcbe65aec
 
Error: (12/27/2014 00:17:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cozaghost.exe1.1.0.295492bce1cozaghost.exe1.1.0.295492bce1c000000500017440121801d021ff48fbf2c6C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exeC:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe983f2a37-8df4-11e4-acbd-782bcbe65aec
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-30 23:46:05.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 23:46:04.731
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 70%
Total physical RAM: 3034.36 MB
Available physical RAM: 891.19 MB
Total Pagefile: 6066.91 MB
Available Pagefile: 3839.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:225.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4FB734B4)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:43 PM

Posted 31 December 2014 - 07:06 AM

Hi,
 

2014-12-29 05:03 - 2014-12-29 05:03 - 00000000 ____D () C:\Program Files (x86)\AdwCleaner and Options
2014-12-29 05:01 - 2014-12-29 05:02 - 00802976 _____ (Download Publisher) C:\Users\Vauled Customer\Desktop\AdwCleaner Setup.exe

from where have you downloaded the Adwcleaner?

# Running from : C:\Users\Vauled Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46L6NXBL\adwcleaner_4.106.exe

 

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

 

Please follow my instructions. :)

You are now reinfected with some adware...

2014-12-29 05:07 - 2014-12-29 05:07 - 00004048 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-12-29 05:07 - 2014-12-29 05:07 - 00001931 _____ () C:\Users\Vauled Customer\Desktop\Sync Folder.lnk
2014-12-29 05:07 - 2014-12-29 05:07 - 00001031 _____ () C:\Users\Vauled Customer\Desktop\MyPC Backup.lnk
2014-12-29 05:07 - 2014-12-29 05:07 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-12-29 05:06 - 2014-12-29 05:07 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-12-29 05:05 - 2014-12-29 05:06 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Cartwheel
2014-12-29 05:04 - 2014-12-29 05:12 - 00000000 ____D () C:\ProgramData\FwpxMIXWFN
2014-12-29 05:04 - 2014-12-29 05:08 - 00000000 ____D () C:\AdwCleaner
2014-12-29 05:04 - 2014-12-29 05:04 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\WebGuard
2014-12-29 05:03 - 2014-12-29 05:04 - 00000000 ____D () C:\ProgramData\WebGuard
2014-12-29 05:03 - 2014-12-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall AdwCleaner and Options
2014-12-29 05:03 - 2014-12-29 05:03 - 00000000 ____D () C:\Program Files (x86)\AdwCleaner and Options

Please uninstall:

AdwCleaner and Options (HKLM\...\AdwCleaner_and_Options) (Version: 1.0 - AdwCleaner)

and repeat the steps 2 and 3 as instructed above.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 bhenson

bhenson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 31 December 2014 - 01:07 PM

# AdwCleaner v4.106 - Report created 30/12/2014 at 23:55:29
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Vauled Customer - XSTREAMDELLLAPT
# Running from : C:\Users\Vauled Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTGE10NR\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BackupStack
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Vauled Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
File Deleted : C:\Users\Vauled Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Vauled Customer\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Vauled Customer\Desktop\Sync Folder.lnk
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B89CB2A9-2356-4931-9512-066D98247F36&apn_ptnrs=TV&apn_sauid=41626C14-5600-4E82-A59D-09AC7CCFB471&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B89CB2A9-2356-4931-9512-066D98247F36&apn_ptnrs=TV&apn_sauid=41626C14-5600-4E82-A59D-09AC7CCFB471&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN73950927824032164&ctid=CT3287803&UM=2
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN73950927824032164&ctid=CT3287803&UM=2
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={B796DF37-EA00-49F2-B446-A725DA9618C3}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={B796DF37-EA00-49F2-B446-A725DA9618C3}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=I6CF75065-AF65-4F3F-8158-19D1994D9672&SearchSource=58&CUI=&UM=8&UP=SPD4FF71AE-7F66-4553-9187-0F1AE1A611D2&q={searchTerms}&SSPV=
[C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=I6CF75065-AF65-4F3F-8158-19D1994D9672&SearchSource=58&CUI=&UM=8&UP=SPD4FF71AE-7F66-4553-9187-0F1AE1A611D2&q={searchTerms}&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [37832 octets] - [29/12/2014 05:05:02]
AdwCleaner[R1].txt - [4063 octets] - [30/12/2014 23:51:40]
AdwCleaner[S0].txt - [40490 octets] - [29/12/2014 05:07:52]
AdwCleaner[S1].txt - [4024 octets] - [30/12/2014 23:55:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4084 octets] ##########


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:43 PM

Posted 01 January 2015 - 05:48 AM

Happy New Year! :)

 

Please re-run FRST as well and post the logs. (FRST.txt and Addition.txt)

 

 

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

 

Thank you!


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 bhenson

bhenson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 04 January 2015 - 04:32 AM

FRST LOG

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Vauled Customer (administrator) on XSTREAMDELLLAPT on 03-01-2015 15:27:24
Running from C:\Users\Vauled Customer\Desktop
Loaded Profile: Vauled Customer (Available profiles: Vauled Customer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\WINDOWS\VPDAgent_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Extension Manager] => C:\Program Files (x86)\Extension Manager\SystemBrowser.exe
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-03] (Google Inc.)
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\RunOnce: [Uninstall C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\RunOnce: [Uninstall C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Vauled Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-485000846-1325268589-2709162160-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-485000846-1325268589-2709162160-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKU\S-1-5-21-485000846-1325268589-2709162160-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-485000846-1325268589-2709162160-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Zoomify - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\sdd@zmfpro.com [2014-12-22]
FF Extension: Vafmusic  - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [2013-07-24]
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com [2013-08-19]
FF Extension: No Name - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\extensions\plugin@selectionlinks.com [Not Found]
FF Extension: No Name - C:\Users\Vauled Customer\AppData\Roaming\Mozilla\Firefox\Profiles\5m7yx7bq.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79} [Not Found]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-22]
CHR Extension: (YouTube) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2014-05-04]
CHR Extension: (Free Invoice Maker) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp [2012-12-03]
CHR Extension: (Google Wallet) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (VEGA Conflict) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnhjmhhejnacfimcjhjbcphfnndhfec [2014-05-04]
CHR Extension: (Gmail) - C:\Users\Vauled Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Chrome\Extension: [hllhlhdmmmpbclddmhffaghecjaklneo] - C:\Users\Vauled Customer\AppData\Local\CRE\hllhlhdmmmpbclddmhffaghecjaklneo.crx [2013-08-07]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Chrome\Extension: [lckhfkchegmijelhopmcncefmhlmfagm] - C:\Users\Vauled Customer\AppData\Local\CRE\lckhfkchegmijelhopmcncefmhlmfagm.crx [2013-07-17]
CHR HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Vauled Customer\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [hllhlhdmmmpbclddmhffaghecjaklneo] - C:\Users\Vauled Customer\AppData\Local\CRE\hllhlhdmmmpbclddmhffaghecjaklneo.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [lckhfkchegmijelhopmcncefmhlmfagm] - C:\Users\Vauled Customer\AppData\Local\CRE\lckhfkchegmijelhopmcncefmhlmfagm.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Vauled Customer\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
S2 XlJLnAeCdY; "C:\ProgramData\FwpxMIXWFN\XlJLnAeCdY.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U0 dybsf; C:\Windows\System32\drivers\ionpi.sys [79064 2015-01-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 15:27 - 2015-01-03 15:28 - 00023350 _____ () C:\Users\Vauled Customer\Desktop\FRST.txt
2015-01-03 14:47 - 2015-01-03 14:47 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ionpi.sys
2014-12-30 03:00 - 2012-07-20 13:26 - 00233922 _____ () C:\Users\Vauled Customer\Desktop\Backup_of_Xstream Letterhead.cdr
2014-12-29 05:04 - 2014-12-30 23:55 - 00000000 ____D () C:\AdwCleaner
2014-12-29 05:04 - 2014-12-29 05:12 - 00000000 ____D () C:\ProgramData\FwpxMIXWFN
2014-12-29 05:04 - 2014-12-29 05:04 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\WebGuard
2014-12-29 05:03 - 2014-12-29 14:04 - 00000000 ____D () C:\ProgramData\WebGuard
2014-12-29 05:03 - 2014-12-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall AdwCleaner and Options
2014-12-29 05:03 - 2014-12-29 05:03 - 00000000 ____D () C:\Program Files (x86)\AdwCleaner and Options
2014-12-29 05:01 - 2014-12-29 05:02 - 00802976 _____ (Download Publisher) C:\Users\Vauled Customer\Desktop\AdwCleaner Setup.exe
2014-12-29 04:53 - 2014-12-29 04:53 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-12-29 04:53 - 2014-12-29 04:53 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\VS Revo Group
2014-12-29 04:53 - 2014-12-29 04:53 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-29 04:53 - 2014-12-29 04:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-29 04:53 - 2014-12-29 04:53 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-29 04:53 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-12-29 04:46 - 2014-12-29 04:47 - 10801480 _____ (VS Revo Group ) C:\Users\Vauled Customer\Desktop\RevoUninProSetup.exe
2014-12-27 12:03 - 2015-01-03 15:27 - 00000000 ____D () C:\Users\Vauled Customer\Desktop\FRST-OlderVersion
2014-12-25 17:31 - 2014-12-25 17:31 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 10:17 - 2015-01-03 15:27 - 02123776 _____ (Farbar) C:\Users\Vauled Customer\Desktop\FRST64.exe
2014-12-25 10:17 - 2015-01-03 15:27 - 00000000 ____D () C:\FRST
2014-12-24 10:20 - 2014-12-31 17:34 - 00001456 _____ () C:\Windows\setupact.log
2014-12-24 10:20 - 2014-12-24 10:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-24 09:59 - 2015-01-03 15:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 09:58 - 2014-12-24 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 09:58 - 2014-12-24 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 09:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-24 09:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-23 12:58 - 2014-12-23 12:58 - 01946777 _____ () C:\Windows\shost.bin
2014-12-22 12:28 - 2014-12-22 12:29 - 00001744 _____ () C:\ProgramData\tempimage.bmp
2014-12-22 12:19 - 2014-12-22 12:20 - 01319212 _____ ( ) C:\Users\Vauled Customer\Desktop\Flash.exe
2014-12-22 12:19 - 2014-12-22 12:19 - 00000088 _____ () C:\Users\Vauled Customer\AppData\Local\c326b775a59d1c72d7c3299b9dcf4470
2014-12-22 12:18 - 2014-12-22 12:19 - 00000000 ____D () C:\Users\Vauled Customer\Documents\ProPCCleaner
2014-12-22 12:18 - 2014-12-22 12:18 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\Pro_PC_Cleaner
2014-12-22 12:16 - 2014-12-22 12:16 - 00003542 _____ () C:\Windows\System32\Tasks\BBQLeads
2014-12-22 00:16 - 2014-12-22 00:16 - 05624386 _____ () C:\Users\Vauled Customer\Desktop\2009-04-21_Hampton_Forest_Apartment_Homes_playground.jpeg
2014-12-21 02:06 - 2014-12-21 00:55 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-21 02:06 - 2013-01-12 03:30 - 00859552 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-12-21 02:06 - 2013-01-12 03:30 - 00780192 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-12-21 00:55 - 2014-12-21 00:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-21 00:55 - 2014-12-21 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-21 00:53 - 2014-12-21 00:53 - 00638888 _____ (Oracle Corporation) C:\Users\Vauled Customer\Desktop\chromeinstall-8u25.exe
2014-12-17 14:10 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 14:10 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 03:46 - 2014-12-12 03:46 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 03:02 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 03:02 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 00:34 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-12 00:34 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 00:34 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 00:34 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-12 00:34 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 00:34 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-12 00:34 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 00:34 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-12 00:34 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-12 00:34 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 00:34 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-12 00:34 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 00:34 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-12 00:34 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 00:34 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-12 00:34 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-12 00:34 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 00:34 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 00:34 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 00:34 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 00:34 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-12 00:34 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 00:34 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 00:34 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-12 00:34 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-12 00:34 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 00:34 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-12 00:34 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 00:34 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 00:34 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-12 00:34 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 00:34 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-12 00:34 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 00:34 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-12 00:34 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-12 00:34 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 00:34 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 00:34 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 00:34 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 00:34 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-12 00:34 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 00:34 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 00:34 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 00:34 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 00:34 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 00:34 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 00:34 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-12 00:34 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 00:34 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 00:34 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-12 00:34 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 00:34 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 00:34 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-12 00:33 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-12 00:32 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-12 00:32 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-12 00:32 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-12 00:31 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 00:31 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 00:31 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 00:31 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 00:31 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-12 00:31 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 00:31 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 00:31 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 00:31 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 00:31 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 00:31 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 00:31 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 00:31 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 00:31 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 00:31 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 00:29 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 00:29 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 15:10 - 2013-06-12 21:23 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-03 15:10 - 2013-06-12 21:23 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 15:00 - 2013-06-12 21:22 - 01643168 _____ () C:\Windows\WindowsUpdate.log
2015-01-03 14:48 - 2013-06-12 21:24 - 00006392 _____ () C:\Windows\system32\PerfStringBackup.TMP
2015-01-03 14:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Branding
2015-01-03 14:45 - 2013-07-15 19:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 14:44 - 2013-07-09 21:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 10:34 - 2013-07-15 19:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 00:00 - 2012-11-28 10:24 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-31 00:00 - 2012-11-28 10:24 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-31 00:00 - 2011-04-21 15:12 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-30 23:58 - 2013-06-12 21:16 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 23:57 - 2014-11-07 23:45 - 00121278 _____ () C:\Windows\PFRO.log
2014-12-30 03:12 - 2012-12-04 17:36 - 00000000 ____D () C:\Users\Vauled Customer\Documents\Neat Data
2014-12-30 03:07 - 2014-02-28 01:41 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-29 04:47 - 2013-06-09 16:49 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Local\CrashDumps
2014-12-25 18:27 - 2014-11-03 15:07 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Google
2014-12-24 10:44 - 2013-06-12 21:16 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-24 10:19 - 2012-11-28 07:53 - 00000000 ____D () C:\Windows\SMINST
2014-12-24 10:12 - 2013-08-19 10:00 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 09:58 - 2013-08-19 10:00 - 00000000 ____D () C:\Users\Vauled Customer\AppData\Roaming\Malwarebytes
2014-12-24 09:58 - 2013-08-19 10:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-24 09:58 - 2013-08-19 10:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-24 09:54 - 2014-10-04 21:29 - 00000000 ____D () C:\found.001
2014-12-22 12:28 - 2012-12-03 09:51 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-12-22 12:17 - 2009-07-13 20:34 - 00000537 _____ () C:\Windows\win.ini
2014-12-21 00:55 - 2013-02-01 11:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-21 00:55 - 2013-02-01 11:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-21 00:55 - 2013-02-01 11:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-21 00:55 - 2012-11-28 10:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-15 14:57 - 2014-04-10 21:43 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 08:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:55 - 2012-11-28 10:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 03:46 - 2014-05-16 02:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 03:46 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:46 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 03:18 - 2013-08-19 09:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:04 - 2012-12-03 10:21 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 00:33 - 2013-07-09 21:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 00:32 - 2013-07-09 21:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 00:32 - 2013-07-09 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-29 14:00
 
==================== End Of Log ============================

ADDITIONAL LOG

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Vauled Customer at 2015-01-03 15:29:40
Running from C:\Users\Vauled Customer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AdwCleaner and Options (HKLM\...\AdwCleaner_and_Options) (Version: 1.0 - AdwCleaner)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-485000846-1325268589-2709162160-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
Neat (HKLM-x32\...\Neat) (Version: 5.5.2.7 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.0.61 - The Neat Company)
Neat Core Files (x32 Version: 5.5.2.7 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.0.63 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.0.69 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
Software Updater (HKLM-x32\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WebGuard (HKLM-x32\...\WebGuard) (Version: 3.0.26 - Interesting Solutions)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485000846-1325268589-2709162160-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Vauled Customer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
02-12-2014 13:38:45 Scheduled Checkpoint
03-12-2014 01:45:00 Windows Update
07-12-2014 19:13:52 Windows Update
11-12-2014 15:20:35 Windows Update
12-12-2014 03:00:33 Windows Update
15-12-2014 14:45:08 Windows Update
18-12-2014 03:00:35 Windows Update
22-12-2014 12:24:55 Windows Update
24-12-2014 10:22:47 Removed Java 8 Update 25
29-12-2014 04:54:51 Revo Uninstaller Pro's restore point - Zoomify
29-12-2014 04:57:05 Windows Update
03-01-2015 14:57:42 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2013-06-30 22:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05273C59-7CEF-48A4-911A-0637F7621AE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0DCC0502-5249-4563-8A20-B6AA34FD59FA} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {3417651D-868E-48C3-9010-69DF37844C1E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {56E17327-9A62-49CD-805F-BBDD7B27259C} - System32\Tasks\{524048D3-7F42-4785-96A6-024CE60D12B6} => pcalua.exe -a E:\converter.exe -d E:\
Task: {74DB91B6-2881-4F52-9072-4B671548CD40} - System32\Tasks\Test TimeTrigger => C:\Users\VAULED~1\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {92535608-F934-461A-A1E2-6229CA3DE52D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {9F4DDC42-C916-40E1-89EC-35780A2BD68F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {E5FC05CD-76F8-43DC-BD02-B451665DAE75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {EEB79647-BAC5-419E-B585-F13A63B57298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {F6A6576D-65B9-4C2F-A85F-465129790D9D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-03 09:51 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-12-04 19:17 - 2012-09-06 06:41 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2009-10-15 02:10 - 2009-10-15 02:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-04-21 15:12 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-10-15 04:23 - 2014-10-15 04:23 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll
2011-04-21 14:31 - 2010-06-08 09:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-15 14:56 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-15 14:56 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-15 14:56 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-15 14:56 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-15 14:56 - 2014-12-05 19:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: SysMain => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConduitFloatingPlugin_hllhlhdmmmpbclddmhffaghecjaklneo => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3287803\plugins\TBVerifier.dll",RunConduitFloatingPlugin hllhlhdmmmpbclddmhffaghecjaklneo
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: OtShot => C:\Program Files (x86)\OtShot\otshot.exe -minimize
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-485000846-1325268589-2709162160-500 - Administrator - Disabled)
Guest (S-1-5-21-485000846-1325268589-2709162160-501 - Limited - Disabled)
Vauled Customer (S-1-5-21-485000846-1325268589-2709162160-1000 - Administrator - Enabled) => C:\Users\Vauled Customer
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/03/2015 02:58:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service cozwdhost since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/03/2015 02:58:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service cozaghost since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/03/2015 02:48:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (01/03/2015 02:48:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (12/31/2014 09:25:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (12/31/2014 09:25:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (12/31/2014 07:33:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (12/31/2014 07:33:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (12/31/2014 00:02:39 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (12/31/2014 00:02:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
 
System errors:
=============
Error: (12/31/2014 00:00:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XlJLnAeCdY service failed to start due to the following error: 
%%2
 
Error: (12/30/2014 11:59:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Pml Driver HPZ12 service terminated with the following error: 
%%126
 
Error: (12/30/2014 11:59:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Net Driver HPZ12 service terminated with the following error: 
%%126
 
Error: (12/30/2014 11:59:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (12/30/2014 11:59:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (12/30/2014 11:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwdhost service failed to start due to the following error: 
%%2
 
Error: (12/30/2014 11:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozaghost service failed to start due to the following error: 
%%2
 
Error: (12/30/2014 11:55:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/30/2014 11:55:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/30/2014 11:55:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/03/2015 02:58:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service cozwdhost since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (01/03/2015 02:58:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service cozaghost since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (01/03/2015 02:48:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000
 
Error: (01/03/2015 02:48:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000
 
Error: (12/31/2014 09:25:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000
 
Error: (12/31/2014 09:25:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000
 
Error: (12/31/2014 07:33:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000
 
Error: (12/31/2014 07:33:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000
 
Error: (12/31/2014 00:02:39 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (12/31/2014 00:02:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-30 23:46:05.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-30 23:46:04.731
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 61%
Total physical RAM: 3034.36 MB
Available physical RAM: 1171.55 MB
Total Pagefile: 6066.91 MB
Available Pagefile: 3845.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:223.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4FB734B4)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
 
==================== End Of Log


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:43 PM

Posted 05 January 2015 - 01:02 PM

Hi,
please run the following fix:


Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.)
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Attached File  fixlist.txt   4.17KB   5 downloads
 

After the Reboot:

Step 2


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:43 AM

Posted 09 January 2015 - 08:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users