Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Toolbar Hijacks & other malware


  • This topic is locked This topic is locked
25 replies to this topic

#1 sChi00

sChi00

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 30 December 2014 - 01:37 PM

Hi,

INFO: Desktop running Windows 7 Home Premium x64 (SvcPack 1).

 

Issues began with the Search /Conduit malware hijacking my brower settings. I ran Malwarebytes Antimalware, AdwCleaner & JRT to clean my system then removed the unwanted search engines & reset as default Bing & Google, respectively.

 

Both internet browsers are behaving normally, i.e., no redirects, etc.) but after running SpyHunter once more, it found the following (sorry, I have to post as .jpegs since I didn't pay for the app., just used their scan function which doesn't allow copy/paste).

 

Please advise on what & how to remove this malware which persists even after running above. 

 

Thank you.

sChi00

 

Attached Files



BC AdBot (Login to Remove)

 


#2 sChi00

sChi00
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 03 January 2015 - 05:16 PM

Did I post my issue incorrectly?

 

Thank you,

sChi00



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 04 January 2015 - 01:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561507 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 sChi00

sChi00
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 06 January 2015 - 02:58 PM

Hi,

> Gateway Desktop

> Windows 7 Home Premium x64

> System Recovery Partition on HD; No recovery discs

 

-------------------------------------------------------------------------

Copy/Paste from DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17183  BrowserJavaVersion: 10.71.2
Run by Mike Hobby at 14:44:44 on 2015-01-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6007.3510 [GMT -5:00]
.
AV: AVG Internet Security 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Mike Hobby\AppData\Roaming\Avg_Update_0514d\AVG-Secure-Search-Update_0514d.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [HLBackupScheduler] "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"                                                                                                                                                                                                               
uRun: [AVG-Secure-Search-Update_0514d] C:\Users\Mike Hobby\AppData\Roaming\Avg_Update_0514d\AVG-Secure-Search-Update_0514d.exe /PROMPT /mid=0d6bb12cbf89effa2dac12e43856ffdb-efb35f2f367b89eca03b70873383d2ea76ecbff2 /CMPID=0514d
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Uninstall C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe -update activex
uRunOnce: [DELTR80079057] cmd.exe /c rd /s /q  "C:\Users\Mike Hobby\AppData\Roaming\WSE_Vosteran"
uRunOnce: [Adobe Speed Launcher] 1420470055
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"                                                                                                                                                                                                          
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe                                                                                                                                                                                                                 
mRun: [NsPrtMon] C:\Program Files\NewSoft\Presto! PrintCentral\NsPrtMon.exe                                                                                                                                                                                                               
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe                                                                                                                                                                                            
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRunOnce: [DELTR80079119] cmd.exe /c rd /s /q  "C:\Users\Mike Hobby\AppData\Roaming\WSE_Vosteran"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\Users\MIKEHO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7CE48CC1-6B33-4761-82B0-A811EB83F53A} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bingdesktop.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: bonus.screenshotreader.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: express.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: gnotify.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: iastorui.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bingdesktop.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: bonus.screenshotreader.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: express.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: gnotify.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: iastorui.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-16 55280]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2014-3-10 534104]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-10-29 263960]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-15 46368]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-4-25 93272]
R1 RapportCerberus_80083;RapportCerberus_80083;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [2014-12-11 761720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-12-15 445912]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-12-15 557656]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [2014-11-9 1486664]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2014-11-28 858640]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-11-9 298080]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-7-30 204552]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-12-15 1919256]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2014-12-27 1025920]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesService64.exe [2014-11-24 2604856]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-16 240160]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2009-6-30 288256]
R3 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-7 438616]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-16 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-15 317440]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-1-3 271064]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesDriver64.sys [2014-8-28 14112]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-11-9 3488784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 kss;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2014-12-13 675096]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-28 969016]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-9-30 35840]
S3 e1kexpress;Intel® Network Connections Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-9-30 497424]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2014-12-27 22704]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-10-9 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-9-15 32512]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-12-28 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-28 63704]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2013-3-26 32768]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PrintNotify;Printer Extensions and Notifications;C:\Windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-8 19456]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-2 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-16 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-24 1255736]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-2 13336]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-28 1871160]
S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-5-16 65657]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-22 2314240]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="C:\Program Files (x86)\Microsoft Digital Image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2015-01-05 14:48:57 -------- d-----w- C:\Users\Mike Hobby\AppData\Roaming\WSE_Vosteran
2014-12-30 20:58:53 -------- d-----w- C:\Program Files\paint.net
2014-12-30 20:58:09 -------- d-----w- C:\Users\Mike Hobby\AppData\Local\paint.net
2014-12-29 14:31:00 -------- d-----w- C:\Program Files\Microsoft Games
2014-12-29 02:58:31 -------- d-----w- C:\Program Files\MyDefrag v4.3.1
2014-12-28 23:56:59 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-28 23:56:50 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-28 23:56:50 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-28 23:56:50 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-28 23:56:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 18:45:40 -------- d-----w- C:\Windows\pss
2014-12-28 16:29:59 -------- d-----w- C:\Program Files\CCleaner
2014-12-28 15:00:07 -------- d-----w- C:\Users\Mike Hobby\AppData\Local\IsolatedStorage
2014-12-28 04:58:06 -------- d-----w- C:\Users\Mike Hobby\AppData\Roaming\Enigma Software Group
2014-12-28 04:57:55 -------- d-----w- C:\sh4ldr
2014-12-28 04:57:18 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-12-28 04:32:43 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2014-12-28 03:57:34 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-12-27 21:53:19 -------- d-----w- C:\Users\Mike Hobby\AppData\Local\Jeff_Key
2014-12-27 21:12:25 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-27 21:04:30 -------- d-----w- C:\ProgramData\Oracle
2014-12-27 19:41:06 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-12-11 08:39:15 -------- d-----w- C:\Windows\System32\appraiser
2014-12-11 08:04:53 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-11 08:04:53 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 10:20:11 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-10 10:20:11 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-10 10:20:11 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-10 10:20:11 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-10 10:20:10 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-10 10:20:09 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-10 10:20:09 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-10 10:20:09 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-10 10:19:38 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-10 10:19:37 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-10 10:19:35 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
.
==================== Find3M  ====================
.
2014-12-16 04:03:30 534104 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-12-10 18:19:22 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 18:19:22 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-24 11:48:40 40248 ----a-w- C:\Windows\System32\TURegOpt.exe
2014-11-24 11:48:24 42808 ----a-w- C:\Windows\System32\uxtuneup.dll
2014-11-24 11:48:24 35640 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2014-11-24 11:48:24 29496 ----a-w- C:\Windows\System32\authuitu.dll
2014-11-24 11:48:24 25400 ----a-w- C:\Windows\SysWow64\authuitu.dll
2014-11-19 09:26:34 1614504 ----a-w- C:\Windows\System32\FM20.DLL
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 02:35:16 263960 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 19:14:32 274200 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2013-07-18 14:51:47 4188160 ----a-w- C:\Program Files (x86)\GUT7954.tmp
2010-11-04 17:23:15 468 ----a-w- C:\Program Files (x86)\1104201013231490.bat
.
============= FINISH: 14:45:52.23 ===============
 
Thank you,
sChi00

Attached Files



#5 sChi00

sChi00
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 06 January 2015 - 03:11 PM

As mentioned in original post, I previously ran Malwarebytes Anti-Malware, AdwCleaner[R5], and JRT (respectively) to remove Search/Conduit & Vosteran malware. Then rescan using SpyHunter which detected the stuff shown in the jpegs in beginning post.

 

I've attached the log files created from the 3 cleaners mentioned above as .zips.

 

Thank you again,

sChi00

 

 

 

Attached Files



#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:34 AM

Posted 07 January 2015 - 06:03 AM

Hello, sChi00
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the t_reply.gif button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
  • Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 sChi00

sChi00
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 07 January 2015 - 03:36 PM

From FRST64/ FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Mike Hobby (administrator) on HOME-PC on 07-01-2015 15:30:59
Running from C:\Users\Mike Hobby\Desktop
Loaded Profile: Mike Hobby (Available profiles: Mike Hobby & User 2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesService64.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Mike Hobby\AppData\Roaming\Avg_Update_0514d\AVG-Secure-Search-Update_0514d.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesApp64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Dropbox, Inc.) C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-08-03] ()
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] => C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [NsPrtMon] => C:\Program Files\NewSoft\Presto! PrintCentral\NsPrtMon.exe [42832 2009-09-11] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1133584 2014-11-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
HKLM-x32\...\RunOnce: [DELTR80079119] => cmd.exe /c rd /s /q  "C:\Users\Mike Hobby\AppData\Roaming\WSE_Vosteran"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [19752256 2014-06-15] ()
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [AVG-Secure-Search-Update_0514d] => C:\Users\Mike Hobby\AppData\Roaming\Avg_Update_0514d\AVG-Secure-Search-Update_0514d.exe [2725912 2014-05-25] ()
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-13] (Siber Systems)
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\RunOnce: [Uninstall C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe [540848 2014-12-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\RunOnce: [DELTR80079057] => cmd.exe /c rd /s /q  "C:\Users\Mike Hobby\AppData\Roaming\WSE_Vosteran"
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\RunOnce: [Adobe Speed Launcher] => 1420470055
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: H - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: {839d87c0-3dda-11e4-9b9a-90fba648e9f8} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: {bb024c83-5880-11e3-8b61-90fba648e9f8} - H:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: {be3b8e12-0bf3-11e2-bac2-90fba648e9f8} - E:\setup.exe -a
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: {fac72626-3248-11e3-8f24-90fba648e9f8} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
IFEO\bingdesktop.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bonus.screenshotreader.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\express.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\gnotify.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\myheritage.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\nsprinter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\roxio burn.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sprint.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstallgmail.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\verizon.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\Mike Hobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk /r \??\K:autocheck autochk /r \??\K:autocheck autochk /r \??\K:autocheck autochk /r \??\K:autocheck autochk /r \??\K:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\.DEFAULT -> {C652C5B8-6806-4D59-B296-1C3949AD0B73} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1062301492-1630074354-764462962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1062301492-1630074354-764462962-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AdBlock) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-28]
CHR Extension: (Motorola Connect) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-06-16]
CHR Extension: (Google Wallet) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (RoboForm) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-10-23]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-10-22]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-10-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [858640 2014-11-28] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [643880 2014-10-15] (Apple Inc.)
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
S4 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2899968 2014-08-15] (Microsoft Corporation) [File not signed]
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-15] (IBM Corp.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-12-27] (Enigma Software Group USA, LLC.)
S4 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2014-11-24] (AVG Technologies)
S4 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-11-24] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-11-24] (AVG Technologies)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
S3 BTCFilterService; No ImagePath
R3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-06-30] (Conexant Systems, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-27] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-09-15] ()
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
S3 motccgp; No ImagePath
S3 motccgpfl; No ImagePath
S3 motmodem; No ImagePath
S3 MotoSwitchService; No ImagePath
S3 Motousbnet; No ImagePath
S3 motusbdevice; No ImagePath
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-11] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-12-15] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-12-15] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-12-15] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-23] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-08-28] (TuneUp Software)
S1 cvewbbln; \??\C:\Windows\system32\drivers\cvewbbln.sys [X]
S1 hskyirsq; \??\C:\Windows\system32\drivers\hskyirsq.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 15:30 - 2015-01-07 15:31 - 00028761 _____ () C:\Users\Mike Hobby\Desktop\FRST.txt
2015-01-07 15:30 - 2015-01-07 15:31 - 00000000 ____D () C:\FRST
2015-01-07 15:29 - 2015-01-07 15:29 - 02124288 _____ (Farbar) C:\Users\Mike Hobby\Desktop\FRST64.exe
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\Spider Solitaire.lnk
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\Mahjong.lnk
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\Hearts.lnk
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\FreeCell.lnk
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\Chess.lnk
2015-01-05 09:48 - 2015-01-05 09:48 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\WSE_Vosteran
2015-01-05 00:06 - 2015-01-05 00:06 - 00000622 _____ () C:\Users\Mike Hobby\Desktop\Solitaire.lnk
2014-12-30 16:51 - 2014-12-30 16:51 - 00000000 ____D () C:\Users\User 2\AppData\Local\Adobe
2014-12-30 16:42 - 2014-12-30 16:42 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\Greenshot
2014-12-30 16:41 - 2014-12-30 16:42 - 00000000 ____D () C:\Users\User 2\AppData\Local\Greenshot
2014-12-30 16:41 - 2014-12-30 16:41 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2014-12-30 16:40 - 2014-12-30 16:40 - 01352311 _____ (Greenshot ) C:\Users\User 2\Downloads\Greenshot-INSTALLER-1.2.4.10-RELEASE.exe
2014-12-30 16:02 - 2014-12-30 16:02 - 00000000 ____D () C:\Users\User 2\AppData\Local\paint.net
2014-12-30 15:59 - 2014-12-30 15:59 - 00001195 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-12-30 15:58 - 2014-12-30 15:59 - 00000000 ____D () C:\Program Files\paint.net
2014-12-30 15:58 - 2014-12-30 15:58 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\paint.net
2014-12-30 13:23 - 2014-12-30 13:23 - 01110476 _____ () C:\Users\User 2\Downloads\7z920.exe
2014-12-29 14:51 - 2014-12-29 14:51 - 00003634 _____ () C:\Users\User 2\Downloads\_My Pictures.lnk
2014-12-29 14:51 - 2014-12-29 14:51 - 00001084 _____ () C:\Users\User 2\Desktop\Pictures - Shortcut.lnk
2014-12-29 14:07 - 2014-12-29 14:07 - 04188536 _____ (Piriform Ltd) C:\Users\User 2\Downloads\ccsetup501_slim.exe
2014-12-29 09:31 - 2014-12-29 09:31 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-12-29 00:44 - 2015-01-01 00:40 - 00003704 _____ () C:\Windows\System32\Tasks\Java™ Platform SE Auto Updater
2014-12-28 22:14 - 2014-12-30 13:23 - 00000000 ____D () C:\Users\User 2\AppData\Local\Avg2015
2014-12-28 22:14 - 2014-12-28 22:14 - 00098200 _____ () C:\Users\User 2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\Macromedia
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\ICAClient
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\AVG2015
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Local\Wondershare
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Local\Citrix
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Local\Aimersoft
2014-12-28 22:13 - 2014-12-30 16:51 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\Adobe
2014-12-28 22:13 - 2014-12-28 22:13 - 00001420 _____ () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 22:12 - 2014-12-30 13:30 - 00000000 ____D () C:\Users\User 2\AppData\Local\VirtualStore
2014-12-28 22:12 - 2014-12-29 14:02 - 00000000 ____D () C:\Users\User 2\AppData\Local\Google
2014-12-28 22:12 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Local\Avg
2014-12-28 22:12 - 2014-12-28 22:13 - 00000000 ____D () C:\Users\User 2
2014-12-28 22:12 - 2014-12-28 22:12 - 00000258 __RSH () C:\Users\User 2\ntuser.pol
2014-12-28 22:12 - 2014-12-28 22:12 - 00000020 ___SH () C:\Users\User 2\ntuser.ini
2014-12-28 22:12 - 2014-12-28 22:12 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\AVG
2014-12-28 22:12 - 2014-04-07 09:07 - 00000000 ____D () C:\Users\User 2\AppData\Local\Trusteer
2014-12-28 22:12 - 2013-10-09 14:53 - 00002107 _____ () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-12-28 22:12 - 2010-09-15 02:02 - 00000000 ____D () C:\Users\User 2\AppData\Local\Microsoft Help
2014-12-28 22:12 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-28 22:12 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-28 21:58 - 2014-12-29 12:25 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-12-28 21:58 - 2014-12-28 21:58 - 00000870 _____ () C:\Users\Public\Desktop\MyDefrag.lnk
2014-12-28 21:58 - 2014-12-28 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
2014-12-28 20:04 - 2015-01-06 15:12 - 00000000 ____D () C:\Users\Public\Documents\Toolbar Hijack & Malware
2014-12-28 18:56 - 2015-01-04 10:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 18:56 - 2014-12-28 18:56 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-28 18:56 - 2014-12-28 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 18:56 - 2014-12-28 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 18:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-28 18:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-28 18:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-28 17:38 - 2014-12-28 17:38 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-28 17:38 - 2014-12-28 17:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-28 17:38 - 2014-12-28 17:38 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-28 17:38 - 2014-12-28 17:38 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-28 17:38 - 2014-12-28 17:38 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-28 17:38 - 2014-12-28 17:38 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-28 17:38 - 2014-12-28 17:38 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-28 17:38 - 2014-12-28 17:38 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-28 17:38 - 2014-12-28 17:38 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-28 17:38 - 2014-12-28 17:38 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-28 17:38 - 2014-12-28 17:38 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-28 13:45 - 2014-12-28 13:45 - 00000000 ____D () C:\Windows\pss
2014-12-28 13:39 - 2014-12-28 21:23 - 00000000 ____D () C:\Users\Mike Hobby\Documents\CCLeaner Registry Bu
2014-12-28 11:30 - 2014-12-28 11:30 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-28 11:29 - 2014-12-28 11:50 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-28 10:00 - 2014-12-28 10:00 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\IsolatedStorage
2014-12-28 09:54 - 2014-12-28 09:54 - 00797824 _____ ( ) C:\Users\Mike Hobby\Downloads\FileExtractorSetup.exe
2014-12-27 23:58 - 2014-12-28 11:45 - 00003346 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-12-27 23:58 - 2014-12-27 23:58 - 00001094 _____ () C:\Users\Mike Hobby\Desktop\SpyHunter.lnk
2014-12-27 23:58 - 2014-12-27 23:58 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-12-27 23:58 - 2014-12-27 23:58 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Enigma Software Group
2014-12-27 23:57 - 2014-12-27 23:58 - 00000000 ____D () C:\sh4ldr
2014-12-27 23:57 - 2014-12-27 23:57 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-12-27 23:56 - 2014-12-27 23:56 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Mike Hobby\Downloads\SpyHunter-Installer (1).exe
2014-12-27 23:55 - 2014-12-27 23:55 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Mike Hobby\Downloads\SpyHunter-Installer.exe
2014-12-27 23:32 - 2014-12-27 23:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-12-27 22:58 - 2014-12-27 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-12-27 22:58 - 2014-12-27 22:57 - 00001062 _____ () C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-27 22:54 - 2014-12-27 22:54 - 00362880 _____ (Kaspersky Lab) C:\Users\Mike Hobby\Downloads\setup.exe
2014-12-27 16:56 - 2014-12-27 16:56 - 00007609 _____ () C:\Users\Mike Hobby\AppData\Local\Resmon.ResmonCfg
2014-12-27 16:53 - 2014-12-27 16:53 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\Jeff_Key
2014-12-27 16:52 - 2014-12-27 16:52 - 00000000 ____D () C:\Users\Mike Hobby\Downloads\TaskbarMeters v1.1
2014-12-27 16:51 - 2014-12-27 16:51 - 00521265 _____ () C:\Users\Mike Hobby\Downloads\TaskbarMeters v1.1.zip
2014-12-27 16:25 - 2014-12-27 16:25 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-27 16:25 - 2014-12-27 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-27 16:12 - 2014-12-27 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-27 16:12 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-27 16:12 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-27 16:12 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-27 16:12 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-27 16:11 - 2014-12-27 16:12 - 00006217 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-27 16:05 - 2015-01-01 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-12-27 16:04 - 2014-12-27 16:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-27 15:55 - 2015-01-07 07:29 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B19831CB-4A06-4E38-9843-AD036D1B801F}
2014-12-27 15:36 - 2014-12-27 15:36 - 166272368 _____ () C:\Users\Mike Hobby\Downloads\setup_11.0.3.8.x01_2014_12_27_19_35.exe
2014-12-27 14:41 - 2014-12-27 22:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-26 23:02 - 2014-12-26 23:05 - 55915216 _____ (Microsoft Corporation) C:\Users\Mike Hobby\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-12-19 13:01 - 2014-12-20 12:24 - 00010850 _____ () C:\Users\Mike Hobby\Documents\herbs  spices.xlsx
2014-12-11 03:39 - 2014-12-11 03:39 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:04 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:04 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 05:20 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 05:20 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 05:19 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:19 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:19 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 05:18 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:18 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:18 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 05:18 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 05:18 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 05:18 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 05:18 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 05:18 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 05:18 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 05:18 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 05:18 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 05:18 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 05:18 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 05:18 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 15:19 - 2012-07-11 08:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 15:19 - 2010-04-22 21:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 14:06 - 2014-07-15 12:45 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-07 12:06 - 2010-02-22 17:16 - 01202768 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 21:19 - 2010-04-22 21:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 14:47 - 2013-01-11 10:54 - 00100864 ___SH () C:\Users\Mike Hobby\Documents\Thumbs.db
2015-01-06 14:42 - 2011-12-04 10:58 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Skype
2015-01-04 00:48 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2015-01-03 17:29 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-03 17:29 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 12:06 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 14:31 - 2014-03-20 11:58 - 00003558 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-12-30 12:27 - 2012-08-19 21:54 - 00000000 ___RD () C:\Users\Mike Hobby\Dropbox
2014-12-30 12:26 - 2012-08-19 21:51 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Dropbox
2014-12-30 12:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 12:23 - 2011-04-08 09:17 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-12-30 11:16 - 2014-03-10 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-12-29 16:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-29 12:15 - 2010-04-25 09:12 - 00000000 ____D () C:\Program Files (x86)\Paint Shop Pro 6
2014-12-29 09:49 - 2014-05-22 07:18 - 00003226 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1062301492-1630074354-764462962-1001
2014-12-29 09:49 - 2014-04-13 10:11 - 00003248 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1062301492-1630074354-764462962-1001
2014-12-29 09:49 - 2012-06-05 09:55 - 00003226 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1062301492-1630074354-764462962-1001
2014-12-29 09:40 - 2013-12-23 08:11 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-12-29 09:31 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-28 19:54 - 2013-12-14 21:43 - 00000000 ____D () C:\AdwCleaner
2014-12-28 18:13 - 2010-04-22 19:50 - 00001420 _____ () C:\Users\Mike Hobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 17:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-28 13:33 - 2014-02-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Family Trees Quick & Easy 5
2014-12-28 13:33 - 2009-11-16 05:19 - 00000000 ____D () C:\Program Files\Google
2014-12-28 13:28 - 2012-12-03 23:34 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-28 13:13 - 2014-09-16 14:43 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-28 13:11 - 2013-06-09 18:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-28 13:00 - 2010-04-24 09:36 - 00000000 ____D () C:\Users\Mike Hobby\Tracing
2014-12-28 12:03 - 2010-07-12 19:27 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\Citrix
2014-12-28 12:00 - 2010-04-22 19:47 - 00000000 ____D () C:\Users\Mike Hobby
2014-12-28 11:46 - 2012-05-22 09:35 - 00003232 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-12-28 10:56 - 2013-09-13 12:41 - 00000086 _____ () C:\Users\Mike Hobby\AppData\Roaming\WB.CFG
2014-12-27 23:57 - 2013-12-14 11:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-27 16:25 - 2009-11-16 05:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-27 16:24 - 2012-03-18 18:13 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\Deployment
2014-12-27 16:12 - 2012-09-05 14:19 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-27 16:04 - 2012-09-21 16:23 - 00000000 ____D () C:\Program Files\Java
2014-12-22 13:21 - 2014-10-26 09:31 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-22 13:21 - 2014-10-26 09:31 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-22 13:21 - 2011-12-04 10:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 13:13 - 2012-08-19 21:52 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-22 13:13 - 2012-07-16 15:57 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Smart Panel
2014-12-22 13:13 - 2010-04-23 21:46 - 00000000 __RSD () C:\Users\Mike Hobby\Documents\My Stationery
2014-12-22 13:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-22 13:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-21 09:39 - 2012-08-19 21:54 - 00001039 _____ () C:\Users\Mike Hobby\Desktop\Dropbox.lnk
2014-12-21 08:33 - 2011-12-04 10:57 - 00000000 ____D () C:\ProgramData\Skype
2014-12-17 00:12 - 2014-09-26 07:41 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2014-12-16 03:36 - 2014-07-15 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2014-12-15 23:03 - 2014-03-10 10:33 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-12-15 10:01 - 2013-04-18 08:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-13 08:49 - 2014-10-22 15:40 - 00004132 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-12-13 08:49 - 2014-10-22 15:40 - 00003500 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-12-13 08:48 - 2014-10-22 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-12-11 03:39 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:21 - 2013-08-10 11:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:10 - 2010-04-23 07:07 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 03:10 - 2009-11-16 05:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 00:48 - 2010-04-23 07:06 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\Microsoft Help
2014-12-10 13:19 - 2012-07-11 08:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 13:19 - 2012-07-11 08:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 13:19 - 2012-07-11 08:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2e760f6c-0e27-2323-734f-2d384a37e92e}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2e760f6c-0e27-2323-734f-2d384a37e92e}\@
 
Some content of TEMP:
====================
C:\Users\Mike Hobby\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0_0_3v.dll
C:\Users\Mike Hobby\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\User 2\AppData\Local\Temp\ConfigurationWizard.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 00:37
 
==================== End Of Log ============================
 
From FRST64/ Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Mike Hobby at 2015-01-07 15:31:49
Running from C:\Users\Mike Hobby\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-zip v9.20 (HKLM-x32\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
ABBYY FineReader 9.0 Express Edition (HKLM-x32\...\ABBYY FineReader 9.0 Express Edition) (Version: 9.00.564.5977 - ABBYY)
ABBYY FineReader 9.0 Express Edition (x32 Version: 9.00.564.5977 - ABBYY) Hidden
Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aimersoft Video Editor(Build 3.6.2) (HKLM-x32\...\Aimersoft Video Editor_is1) (Version:  - Aimersoft Software)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.0.445 - AVG Technologies)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.238 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG Zen (Version: 1.0.445 - AVG Technologies) Hidden
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Citrix Presentation Server Client (HKLM-x32\...\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}) (Version: 10.00.52110 - Citrix Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Dropbox (HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: 4.00.00 - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FMW 1 (Version: 1.0.307 - AVG Technologies) Hidden
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Google Apps Migration For Microsoft Outlook® 3.1.21.46 (HKLM\...\{3465C52B-A3F8-4FCF-B321-28BCE2A33F99}) (Version: 3.1.21.46 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.7.0.1172 (HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
iPod for Windows 2005-06-26 (x32 Version: 3.8.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MATLAB R2009a (HKLM\...\MatlabR2009a) (Version: 7.8 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 (HKLM-x32\...\PictureItSuiteTrial_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM-x32\...\{797511D8-6C88-4605-B278-552756A3D4C3}) (Version: 2.8.4431.2 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyHarmony (HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7128 - MyHeritage.com)
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Paint Shop Pro 6.02 CD (HKLM-x32\...\Paint Shop Pro 6) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PCIe Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCIE_HSF) (Version: 7.80.5.0 - Conexant Systems)
Presto! PrintCentral (HKLM-x32\...\{A4FB2418-C84E-49A2-B7FE-48D71B54C1DF}) (Version: 1.00.02 - NewSoft Technology Corporation)
Rapport (x32 Version: 3.5.1404.37 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
RoboForm 7-9-11-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
ScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version:  - )
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Solitaire Master 4 (HKLM-x32\...\Solitaire Master 4) (Version:  - )
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 1.0.00.14080 - Sony Corporation)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.37 - Trusteer)
TWC Customer Controls (HKLM-x32\...\{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}) (Version: 11 - SupportSoft)
Verizon Cloud (HKLM-x32\...\Verizon Cloud) (Version:  - Verizon Wireless)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3008 - Gateway Incorporated)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\03558EE026C7D1019B4A138DD4B58B8AE39211C4) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\BF1AD0105EBDCA6E730BE93DE583343339830A7A) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\CAC45647A959F237CE25C052FDB9A4A914C34830) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/25/2013 9.1.9.1005) (HKLM\...\A86AAC18EC59E9369A037083AC25A97B89713EC8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Realtek (RSUSBSTOR) USB  (01/03/2014 6.3.9600.30174) (HKLM\...\9A1617D5AEFCCB6C90EDE2694757EE94A44992C7) (Version: 01/03/2014 6.3.9600.30174 - Realtek)
Windows Driver Package - Realtek (RSUSBSTOR) USB  (07/09/2013 6.2.9200.30164) (HKLM\...\BDA8EA85F9C040462E8B1ECBE01345A81168257E) (Version: 07/09/2013 6.2.9200.30164 - Realtek)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1083\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1062301492-1630074354-764462962-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
01-01-2015 00:31:14 Scheduled Checkpoint
04-01-2015 19:00:12 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-28 13:13 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06FD120E-3418-4CD0-9075-3D82340C5A87} - System32\Tasks\Java™ Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {09C1B1CA-EA5A-4CFC-B8D4-B935EB55597C} - System32\Tasks\4801 => Wscript.exe C:\Users\MIKEHO~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {0C3FEECB-C813-4D81-A9E0-DB43808AC65F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1062301492-1630074354-764462962-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {16950D96-B282-464C-891B-E96B1702C39D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1062301492-1630074354-764462962-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1E51CB9C-3826-4A79-A537-CF346CBBBE14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {204BE791-34FD-434B-AB86-9C825FDCCD87} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1062301492-1630074354-764462962-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2937859C-582B-4A7C-94D8-4F2FB388FC59} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-11-24] (AVG Technologies)
Task: {31AB3278-69B1-4136-AAF7-57C11C7E8C2F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {37643ECA-AE59-42FD-B1D0-748F9D95408E} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {3AE686B1-079D-4801-83C9-B7DDC5CF43C1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {47B25454-FD90-4214-BA2B-0D65F65DC043} - System32\Tasks\{C9143740-363B-46F0-B91F-696490884AAF} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
Task: {5028793B-A895-493A-8883-1AE72608324D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-13] (Siber Systems)
Task: {504D9C99-FB4A-495F-9281-C5EAAB55DD8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {60A3DD0F-6CA4-4890-B191-A49E837BB3F9} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1062301492-1630074354-764462962-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {624CDFC0-46E0-4F52-B072-F84A04B5E372} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {642BD863-9B9C-4AB9-9F07-D2121B226B53} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {654A1A00-803F-4F1C-B34A-21D04C71304D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6B74DAD5-3845-4790-A591-FFE0DC0A1120} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-12-27] (Enigma Software Group USA, LLC.)
Task: {6E9EA763-9335-4B0A-8BB5-ABB4E6299230} - System32\Tasks\{C880DE6E-B5E5-49CF-A98E-892AEE931B7D} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
Task: {6EA11BC4-4B6C-4BF2-A4C3-A42805D54890} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {6F3F6BCC-1DE8-4769-A098-B10FAFA6CA7F} - System32\Tasks\{F9E5F52C-3664-40CE-AB05-D7E648D401B5} => pcalua.exe -a "C:\Users\Mike Hobby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPM99YIJ\startuplite-setup-1.07.exe" -d "C:\Users\Mike Hobby\Desktop"
Task: {728F8C2F-B61C-453C-BB44-000CEDC68C84} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1062301492-1630074354-764462962-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {781AB389-EABA-45ED-BDB5-D267A24843F4} - System32\Tasks\Google Updater and Installer => C:\Users\Mike Hobby\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {78FFAC64-305C-40B9-BC35-8A1B5DE7FD88} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7D5DFD75-BD43-4A81-B814-145983334D0C} - System32\Tasks\{F9E0287E-E717-4D21-A8D0-37B3A7B17D0A} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Smart Panel\SmaPanel.exe"
Task: {82EFE37B-D8C5-4004-B13F-A4508E55B2C2} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {84CF3A72-3509-4CA8-BEDD-DD746535C7AE} - System32\Tasks\{7A8C15F1-91C1-4ECC-AAC7-9B502E367175} => pcalua.exe -a "C:\Users\Mike Hobby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\123AP78Y\DigitalImageStarter06.exe" -d "C:\Users\Mike Hobby\Desktop"
Task: {85AF1CB5-DF78-41D8-88DB-E5463EF314F7} - System32\Tasks\{550C5167-EC72-439E-8324-AB730EA29E34} => pcalua.exe -a "C:\Users\Mike Hobby\AppData\Local\Temp\IXP000.TMP\vcredist_x86.exe" -d C:\Users\MIKEHO~1\AppData\Local\Temp\IXP000.TMP -c /q
Task: {8BFB99F1-8459-4BF8-9873-1E21D2AD3AAA} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {971302DE-2FC2-4D0C-BB5C-F02F091B0A81} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9ED90D6E-01C8-43C8-930B-315DC358DF80} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {AEDA5DBB-7EA4-4508-8FA6-D85D13E0D704} - System32\Tasks\{745B5289-2B64-47E2-8972-A060553CDC6A} => pcalua.exe -a "C:\Users\Mike Hobby\Downloads\ESP40WINESD.exe" -d "C:\Users\Mike Hobby\Desktop"
Task: {B6C113D6-3953-4B53-835D-A24BA9B921F1} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1062301492-1630074354-764462962-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {C28EA621-4B82-4B84-A8BD-25289C16CE38} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {CA38F216-CA5D-41B1-AED8-FAC87FB6EACE} - System32\Tasks\{E7D1E3F8-E5CF-4CA9-981A-B205135A0980} => pcalua.exe -a "C:\Users\Mike Hobby\Downloads\k3dsurf-062.exe" -d "C:\Users\Mike Hobby\Downloads"
Task: {CF2CAF97-5934-44BB-85D3-12671F4C494C} - System32\Tasks\{8E076094-8889-40D8-A9B9-FC78008D3E2C} => C:\Program Files (x86)\Smart Panel\SmaPanel.exe [2010-11-29] (SEIKO EPSON CORPORATION.)
Task: {D070A62A-E5F8-4A0D-8310-D119A177D83C} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {D3556302-D90C-45B8-899A-B36D4A44473C} - System32\Tasks\{D91E7021-E6B6-4BEE-8035-497EC1C0A619} => pcalua.exe -a "C:\Program Files (x86)\Google\Google Calendar Sync\uninstall.exe" -d "C:\Program Files (x86)\Google\Google Calendar Sync"
Task: {D57FBCAC-04B1-4FE6-B87E-4DF8D758CA93} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F18BABAF-3FF1-41D1-93CE-BDD936176495} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F2DD8254-5D4B-4D16-8744-035C6B6999FE} - System32\Tasks\{A1274D91-9CE3-4989-A634-2A1D076C0E85} => C:\Program Files (x86)\Smart Panel\SmaPanel.exe [2010-11-29] (SEIKO EPSON CORPORATION.)
Task: {F72A416D-797B-4D3B-881B-D3693C8EC67B} - System32\Tasks\Real Player online update program => c:\program files (x86)\real\realplayer\Update\realsched.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-24 06:48 - 2014-11-24 06:48 - 00713528 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-07-21 09:56 - 2014-05-25 04:15 - 02725912 ____N () C:\Users\Mike Hobby\AppData\Roaming\Avg_Update_0514d\AVG-Secure-Search-Update_0514d.exe
2014-11-24 06:49 - 2014-11-24 06:49 - 00856888 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-30 12:26 - 2014-12-30 12:26 - 00043008 ____N () c:\Users\Mike Hobby\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0_0_3v.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-06-27 09:06 - 2014-04-01 13:37 - 00371712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-06-27 09:06 - 2013-07-24 08:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-07-15 12:44 - 2014-07-15 12:44 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:B34A7CD6
AlternateDataStreams: C:\ProgramData\TEMP:D96708E3
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57939058.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57939058.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Mike Hobby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk => C:\Windows\pss\Cyber-shot Viewer Media Check Tool.lnk.Startup
MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe                                                                                                                                                                                                                
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"                                                                                                                                                                                                             
MSCONFIG\startupreg: Gateway Photo Frame => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A                                                                                                                                                                                                          
MSCONFIG\startupreg: GoToMeeting => "C:\Program Files (x86)\Citrix\GoToMeeting\1083\g2mstart.exe" "/Trigger RunAtLogon"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1062301492-1630074354-764462962-500 - Administrator - Disabled)
Guest (S-1-5-21-1062301492-1630074354-764462962-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1062301492-1630074354-764462962-1004 - Limited - Enabled)
Mike Hobby (S-1-5-21-1062301492-1630074354-764462962-1001 - Administrator - Enabled) => C:\Users\Mike Hobby
User 2 (S-1-5-21-1062301492-1630074354-764462962-1006 - Limited - Enabled) => C:\Users\User 2
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/06/2015 03:35:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (01/05/2015 10:00:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (01/05/2015 10:00:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (01/05/2015 07:01:14 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).
 
Error: (01/04/2015 00:33:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17183 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7f98
 
Start Time: 01d02843dfa53241
 
Termination Time: 50
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (01/03/2015 10:47:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Sprint.exe version 9.0.0.1427 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a764
 
Start Time: 01d0276c8a665cdb
 
Termination Time: 5
 
Application Path: C:\Program Files (x86)\ABBYY FineReader 9.0 Express Edition\Sprint.exe
 
Report Id: d14deccf-935f-11e4-8279-90fba648e9f8
 
Error: (01/03/2015 10:46:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Sprint.exe version 9.0.0.1427 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a674
 
Start Time: 01d0276c49d00fb1
 
Termination Time: 5
 
Application Path: C:\Program Files (x86)\ABBYY FineReader 9.0 Express Edition\Sprint.exe
 
Report Id: 9fd61591-935f-11e4-8279-90fba648e9f8
 
Error: (12/30/2014 04:41:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (12/30/2014 03:59:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (12/30/2014 03:58:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {176bd5ec-3e65-4127-87c7-59de50e57d72}
 
 
System errors:
=============
Error: (01/04/2015 06:49:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (01/02/2015 04:43:49 PM) (Source: DCOM) (EventID: 10016) (User: Home-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Home-PCMike HobbyS-1-5-21-1062301492-1630074354-764462962-1001LocalHost (Using LRPC)
 
Error: (01/01/2015 00:15:08 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer KATHY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7CE48CC1-6B33-4761-82B0-A811EB83F53A}.
The master browser is stopping or an election is being forced.
 
Error: (12/31/2014 05:18:58 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/30/2014 06:23:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
 
Error: (12/30/2014 01:45:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/30/2014 00:27:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (12/29/2014 01:55:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (12/29/2014 00:56:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (12/29/2014 00:51:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
 
Microsoft Office Sessions:
=========================
Error: (01/06/2015 03:35:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files\CCleaner\CCleaner.exe
 
Error: (01/05/2015 10:00:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/05/2015 10:00:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/05/2015 07:01:14 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)
 
Error: (01/04/2015 00:33:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.171837f9801d02843dfa5324150C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (01/03/2015 10:47:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Sprint.exe9.0.0.1427a76401d0276c8a665cdb5C:\Program Files (x86)\ABBYY FineReader 9.0 Express Edition\Sprint.exed14deccf-935f-11e4-8279-90fba648e9f8
 
Error: (01/03/2015 10:46:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Sprint.exe9.0.0.1427a67401d0276c49d00fb15C:\Program Files (x86)\ABBYY FineReader 9.0 Express Edition\Sprint.exe9fd61591-935f-11e4-8279-90fba648e9f8
 
Error: (12/30/2014 04:41:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files\CCleaner\CCleaner.exe
 
Error: (12/30/2014 03:59:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files\CCleaner\CCleaner.exe
 
Error: (12/30/2014 03:58:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {176bd5ec-3e65-4127-87c7-59de50e57d72}
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-23 08:39:57.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-23 08:32:30.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-23 08:12:59.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 23:44:24.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 21:24:02.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 18:49:18.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 18:32:25.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 18:16:59.775
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 18:11:50.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 17:45:01.103
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 49%
Total physical RAM: 6007.09 MB
Available physical RAM: 3053.09 MB
Total Pagefile: 13677.31 MB
Available Pagefile: 3083.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:792.77 GB) NTFS
Drive k: (WD USB 2) (Fixed) (Total:232.83 GB) (Free:0.01 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D3FF55A9)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 5C74AE42)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=0C)
 
==================== End Of Log ============================
 

 



#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:34 AM

Posted 08 January 2015 - 01:10 AM

Please uninstall Spyhunter. This is a fake program. Also please uninstall 7zip. If you need 7zip, please download a fresh installer from a clean download page and install it again.

We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    (Attached File  fixlist.txt   2.03KB   4 downloads)
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Please post back with a fresh FRST scanlog.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 sChi00

sChi00
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 08 January 2015 - 11:02 AM

From Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Mike Hobby at 2015-01-08 10:46:08 Run:1
Running from C:\Users\Public\Documents\Toolbar Hijack & Malware\Bleeping Computers
Loaded Profile: Mike Hobby (Available profiles: Mike Hobby & User 2)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\RunOnce: [DELTR80079119] => cmd.exe /c rd /s /q  "C:\Users\Mike Hobby\AppData\Roaming\WSE_Vosteran"
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\RunOnce: [DELTR80079057] => cmd.exe /c rd /s /q  "C:\Users\Mike Hobby\AppData\Roaming\WSE_Vosteran"
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\.DEFAULT -> {C652C5B8-6806-4D59-B296-1C3949AD0B73} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S1 cvewbbln; \??\C:\Windows\system32\drivers\cvewbbln.sys [X]
S1 hskyirsq; \??\C:\Windows\system32\drivers\hskyirsq.sys [X]
ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2e760f6c-0e27-2323-734f-2d384a37e92e}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2e760f6c-0e27-2323-734f-2d384a37e92e}\@
Task: {09C1B1CA-EA5A-4CFC-B8D4-B935EB55597C} - System32\Tasks\4801 => Wscript.exe C:\Users\MIKEHO~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {8BFB99F1-8459-4BF8-9873-1E21D2AD3AAA} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B34A7CD6
AlternateDataStreams: C:\ProgramData\TEMP:D96708E3
Emptytemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\DELTR80079119 => Value not found.
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DELTR80079057 => Value not found.
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found. 
"HKU\S-1-5-21-1062301492-1630074354-764462962-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C652C5B8-6806-4D59-B296-1C3949AD0B73}" => Key deleted successfully.
HKCR\CLSID\{C652C5B8-6806-4D59-B296-1C3949AD0B73} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
cvewbbln => Service deleted successfully.
hskyirsq => Service deleted successfully.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2e760f6c-0e27-2323-734f-2d384a37e92e} => Moved successfully.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2e760f6c-0e27-2323-734f-2d384a37e92e}\@" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09C1B1CA-EA5A-4CFC-B8D4-B935EB55597C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09C1B1CA-EA5A-4CFC-B8D4-B935EB55597C}" => Key deleted successfully.
C:\Windows\System32\Tasks\4801 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4801" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BFB99F1-8459-4BF8-9873-1E21D2AD3AAA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BFB99F1-8459-4BF8-9873-1E21D2AD3AAA}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\ProgramData\TEMP => ":B34A7CD6" ADS removed successfully.
C:\ProgramData\TEMP => ":D96708E3" ADS removed successfully.
EmptyTemp: => Removed 327.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:46:29 ====
 
From FRST64 /FRST (2)
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Mike Hobby (administrator) on HOME-PC on 08-01-2015 10:56:21
Running from C:\Users\Mike Hobby\Desktop
Loaded Profile: Mike Hobby (Available profiles: Mike Hobby & User 2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesService64.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Mike Hobby\AppData\Roaming\Avg_Update_0514d\AVG-Secure-Search-Update_0514d.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Dropbox, Inc.) C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-08-03] ()
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] => C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [NsPrtMon] => C:\Program Files\NewSoft\Presto! PrintCentral\NsPrtMon.exe [42832 2009-09-11] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1133584 2014-11-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [19752256 2014-06-15] ()
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [AVG-Secure-Search-Update_0514d] => C:\Users\Mike Hobby\AppData\Roaming\Avg_Update_0514d\AVG-Secure-Search-Update_0514d.exe [2725912 2014-05-25] ()
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-13] (Siber Systems)
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\RunOnce: [Uninstall C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike Hobby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: H - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: {839d87c0-3dda-11e4-9b9a-90fba648e9f8} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: {bb024c83-5880-11e3-8b61-90fba648e9f8} - H:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: {be3b8e12-0bf3-11e2-bac2-90fba648e9f8} - E:\setup.exe -a
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\...\MountPoints2: {fac72626-3248-11e3-8f24-90fba648e9f8} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
IFEO\bingdesktop.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bonus.screenshotreader.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\express.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\gnotify.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\myheritage.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\nsprinter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\roxio burn.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sprint.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstallgmail.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\verizon.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\Mike Hobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Hobby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk /r \??\K:autocheck autochk /r \??\K:autocheck autochk /r \??\K:autocheck autochk /r \??\K:autocheck autochk /r \??\K:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1062301492-1630074354-764462962-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5}
SearchScopes: HKU\S-1-5-21-1062301492-1630074354-764462962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1062301492-1630074354-764462962-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AdBlock) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-28]
CHR Extension: (Motorola Connect) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-06-16]
CHR Extension: (Google Wallet) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (RoboForm) - C:\Users\Mike Hobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-10-23]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-10-22]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-10-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [858640 2014-11-28] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [643880 2014-10-15] (Apple Inc.)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
S4 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2899968 2014-08-15] (Microsoft Corporation) [File not signed]
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-15] (IBM Corp.)
S4 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2014-11-24] (AVG Technologies)
S4 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-11-24] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-11-24] (AVG Technologies)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
S3 BTCFilterService; No ImagePath
R3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-06-30] (Conexant Systems, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-09-15] ()
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
S3 motccgp; No ImagePath
S3 motccgpfl; No ImagePath
S3 motmodem; No ImagePath
S3 MotoSwitchService; No ImagePath
S3 Motousbnet; No ImagePath
S3 motusbdevice; No ImagePath
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-11] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-12-15] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-12-15] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-12-15] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-23] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-08-28] (TuneUp Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 10:56 - 2015-01-08 10:56 - 00026698 _____ () C:\Users\Mike Hobby\Desktop\FRST.txt
2015-01-08 10:32 - 2015-01-08 10:48 - 00000112 _____ () C:\Windows\setupact.log
2015-01-08 10:32 - 2015-01-08 10:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-08 10:31 - 2015-01-08 10:31 - 00002264 _____ () C:\Windows\PFRO.log
2015-01-07 15:30 - 2015-01-08 10:56 - 00000000 ____D () C:\FRST
2015-01-07 15:29 - 2015-01-07 15:29 - 02124288 _____ (Farbar) C:\Users\Mike Hobby\Desktop\FRST64.exe
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\Spider Solitaire.lnk
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\Mahjong.lnk
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\Hearts.lnk
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\FreeCell.lnk
2015-01-05 09:56 - 2015-01-05 09:56 - 00000136 _____ () C:\Users\Mike Hobby\Desktop\Chess.lnk
2015-01-05 00:06 - 2015-01-05 00:06 - 00000622 _____ () C:\Users\Mike Hobby\Desktop\Solitaire.lnk
2014-12-30 16:51 - 2014-12-30 16:51 - 00000000 ____D () C:\Users\User 2\AppData\Local\Adobe
2014-12-30 16:42 - 2014-12-30 16:42 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\Greenshot
2014-12-30 16:41 - 2014-12-30 16:42 - 00000000 ____D () C:\Users\User 2\AppData\Local\Greenshot
2014-12-30 16:41 - 2014-12-30 16:41 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2014-12-30 16:40 - 2014-12-30 16:40 - 01352311 _____ (Greenshot ) C:\Users\User 2\Downloads\Greenshot-INSTALLER-1.2.4.10-RELEASE.exe
2014-12-30 16:02 - 2014-12-30 16:02 - 00000000 ____D () C:\Users\User 2\AppData\Local\paint.net
2014-12-30 15:59 - 2014-12-30 15:59 - 00001195 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-12-30 15:58 - 2014-12-30 15:59 - 00000000 ____D () C:\Program Files\paint.net
2014-12-30 15:58 - 2014-12-30 15:58 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\paint.net
2014-12-30 13:23 - 2014-12-30 13:23 - 01110476 _____ () C:\Users\User 2\Downloads\7z920.exe
2014-12-29 14:51 - 2014-12-29 14:51 - 00003634 _____ () C:\Users\User 2\Downloads\_My Pictures.lnk
2014-12-29 14:51 - 2014-12-29 14:51 - 00001084 _____ () C:\Users\User 2\Desktop\Pictures - Shortcut.lnk
2014-12-29 14:07 - 2014-12-29 14:07 - 04188536 _____ (Piriform Ltd) C:\Users\User 2\Downloads\ccsetup501_slim.exe
2014-12-29 09:31 - 2014-12-29 09:31 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-12-29 00:44 - 2015-01-01 00:40 - 00003704 _____ () C:\Windows\System32\Tasks\Java™ Platform SE Auto Updater
2014-12-28 22:14 - 2014-12-30 13:23 - 00000000 ____D () C:\Users\User 2\AppData\Local\Avg2015
2014-12-28 22:14 - 2014-12-28 22:14 - 00098200 _____ () C:\Users\User 2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\Macromedia
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\ICAClient
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\AVG2015
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Local\Wondershare
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Local\Citrix
2014-12-28 22:14 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Local\Aimersoft
2014-12-28 22:13 - 2014-12-30 16:51 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\Adobe
2014-12-28 22:13 - 2014-12-28 22:13 - 00001420 _____ () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 22:12 - 2014-12-30 13:30 - 00000000 ____D () C:\Users\User 2\AppData\Local\VirtualStore
2014-12-28 22:12 - 2014-12-29 14:02 - 00000000 ____D () C:\Users\User 2\AppData\Local\Google
2014-12-28 22:12 - 2014-12-28 22:14 - 00000000 ____D () C:\Users\User 2\AppData\Local\Avg
2014-12-28 22:12 - 2014-12-28 22:13 - 00000000 ____D () C:\Users\User 2
2014-12-28 22:12 - 2014-12-28 22:12 - 00000258 __RSH () C:\Users\User 2\ntuser.pol
2014-12-28 22:12 - 2014-12-28 22:12 - 00000020 ___SH () C:\Users\User 2\ntuser.ini
2014-12-28 22:12 - 2014-12-28 22:12 - 00000000 ____D () C:\Users\User 2\AppData\Roaming\AVG
2014-12-28 22:12 - 2014-04-07 09:07 - 00000000 ____D () C:\Users\User 2\AppData\Local\Trusteer
2014-12-28 22:12 - 2013-10-09 14:53 - 00002107 _____ () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-12-28 22:12 - 2010-09-15 02:02 - 00000000 ____D () C:\Users\User 2\AppData\Local\Microsoft Help
2014-12-28 22:12 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-28 22:12 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-28 21:58 - 2014-12-29 12:25 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-12-28 21:58 - 2014-12-28 21:58 - 00000870 _____ () C:\Users\Public\Desktop\MyDefrag.lnk
2014-12-28 21:58 - 2014-12-28 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
2014-12-28 20:04 - 2015-01-07 15:40 - 00000000 ____D () C:\Users\Public\Documents\Toolbar Hijack & Malware
2014-12-28 18:56 - 2015-01-04 10:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 18:56 - 2014-12-28 18:56 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-28 18:56 - 2014-12-28 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 18:56 - 2014-12-28 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 18:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-28 18:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-28 18:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-28 17:38 - 2014-12-28 17:38 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-28 17:38 - 2014-12-28 17:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-28 17:38 - 2014-12-28 17:38 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-28 17:38 - 2014-12-28 17:38 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-28 17:38 - 2014-12-28 17:38 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-28 17:38 - 2014-12-28 17:38 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-28 17:38 - 2014-12-28 17:38 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-28 17:38 - 2014-12-28 17:38 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-28 17:38 - 2014-12-28 17:38 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-28 17:38 - 2014-12-28 17:38 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-28 17:38 - 2014-12-28 17:38 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-28 17:38 - 2014-12-28 17:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-28 17:38 - 2014-12-28 17:38 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-28 13:45 - 2014-12-28 13:45 - 00000000 ____D () C:\Windows\pss
2014-12-28 13:39 - 2014-12-28 21:23 - 00000000 ____D () C:\Users\Mike Hobby\Documents\CCLeaner Registry Bu
2014-12-28 11:30 - 2014-12-28 11:30 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-28 11:29 - 2014-12-28 11:50 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-28 10:00 - 2014-12-28 10:00 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\IsolatedStorage
2014-12-28 09:54 - 2014-12-28 09:54 - 00797824 _____ ( ) C:\Users\Mike Hobby\Downloads\FileExtractorSetup.exe
2014-12-27 23:32 - 2014-12-27 23:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-12-27 22:58 - 2014-12-27 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-12-27 22:58 - 2014-12-27 22:57 - 00001062 _____ () C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-27 22:54 - 2014-12-27 22:54 - 00362880 _____ (Kaspersky Lab) C:\Users\Mike Hobby\Downloads\setup.exe
2014-12-27 16:56 - 2014-12-27 16:56 - 00007609 _____ () C:\Users\Mike Hobby\AppData\Local\Resmon.ResmonCfg
2014-12-27 16:53 - 2014-12-27 16:53 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\Jeff_Key
2014-12-27 16:52 - 2014-12-27 16:52 - 00000000 ____D () C:\Users\Mike Hobby\Downloads\TaskbarMeters v1.1
2014-12-27 16:51 - 2014-12-27 16:51 - 00521265 _____ () C:\Users\Mike Hobby\Downloads\TaskbarMeters v1.1.zip
2014-12-27 16:25 - 2014-12-27 16:25 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-27 16:25 - 2014-12-27 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-27 16:12 - 2014-12-27 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-27 16:12 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-27 16:12 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-27 16:12 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-27 16:12 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-27 16:11 - 2014-12-27 16:12 - 00006217 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-27 16:05 - 2015-01-01 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-12-27 16:04 - 2014-12-27 16:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-27 15:55 - 2015-01-08 09:18 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B19831CB-4A06-4E38-9843-AD036D1B801F}
2014-12-27 15:36 - 2014-12-27 15:36 - 166272368 _____ () C:\Users\Mike Hobby\Downloads\setup_11.0.3.8.x01_2014_12_27_19_35.exe
2014-12-27 14:41 - 2014-12-27 22:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-26 23:02 - 2014-12-26 23:05 - 55915216 _____ (Microsoft Corporation) C:\Users\Mike Hobby\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-12-19 13:01 - 2014-12-20 12:24 - 00010850 _____ () C:\Users\Mike Hobby\Documents\herbs  spices.xlsx
2014-12-11 03:39 - 2014-12-11 03:39 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:04 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:04 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 05:20 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 05:20 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 05:20 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 05:19 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:19 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:19 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 05:18 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:18 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:18 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 05:18 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 05:18 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 05:18 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 05:18 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 05:18 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 05:18 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 05:18 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 05:18 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 05:18 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 05:18 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 05:18 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 10:53 - 2010-02-22 17:16 - 01231600 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 10:50 - 2012-08-19 21:54 - 00000000 ___RD () C:\Users\Mike Hobby\Dropbox
2015-01-08 10:50 - 2012-08-19 21:51 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Dropbox
2015-01-08 10:50 - 2011-12-04 10:58 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Skype
2015-01-08 10:49 - 2010-04-22 21:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 10:48 - 2011-04-08 09:17 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-08 10:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 10:40 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 10:40 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 10:19 - 2012-07-11 08:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 10:19 - 2010-04-22 21:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 10:06 - 2014-07-15 12:45 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-07 18:06 - 2013-01-11 10:54 - 00100864 ___SH () C:\Users\Mike Hobby\Documents\Thumbs.db
2015-01-04 00:48 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2014-12-31 12:06 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 14:31 - 2014-03-20 11:58 - 00003558 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-12-30 11:16 - 2014-03-10 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-12-29 16:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-29 12:15 - 2010-04-25 09:12 - 00000000 ____D () C:\Program Files (x86)\Paint Shop Pro 6
2014-12-29 09:49 - 2014-05-22 07:18 - 00003226 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1062301492-1630074354-764462962-1001
2014-12-29 09:49 - 2014-04-13 10:11 - 00003248 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1062301492-1630074354-764462962-1001
2014-12-29 09:49 - 2012-06-05 09:55 - 00003226 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1062301492-1630074354-764462962-1001
2014-12-29 09:40 - 2013-12-23 08:11 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-12-29 09:31 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-28 19:54 - 2013-12-14 21:43 - 00000000 ____D () C:\AdwCleaner
2014-12-28 18:13 - 2010-04-22 19:50 - 00001420 _____ () C:\Users\Mike Hobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 17:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-28 13:33 - 2014-02-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Family Trees Quick & Easy 5
2014-12-28 13:33 - 2009-11-16 05:19 - 00000000 ____D () C:\Program Files\Google
2014-12-28 13:28 - 2012-12-03 23:34 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-28 13:13 - 2014-09-16 14:43 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-28 13:11 - 2013-06-09 18:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-28 13:00 - 2010-04-24 09:36 - 00000000 ____D () C:\Users\Mike Hobby\Tracing
2014-12-28 12:03 - 2010-07-12 19:27 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\Citrix
2014-12-28 12:00 - 2010-04-22 19:47 - 00000000 ____D () C:\Users\Mike Hobby
2014-12-28 11:46 - 2012-05-22 09:35 - 00003232 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-12-28 10:56 - 2013-09-13 12:41 - 00000086 _____ () C:\Users\Mike Hobby\AppData\Roaming\WB.CFG
2014-12-27 16:25 - 2009-11-16 05:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-27 16:24 - 2012-03-18 18:13 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\Deployment
2014-12-27 16:12 - 2012-09-05 14:19 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-27 16:04 - 2012-09-21 16:23 - 00000000 ____D () C:\Program Files\Java
2014-12-22 13:21 - 2014-10-26 09:31 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-22 13:21 - 2014-10-26 09:31 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-22 13:21 - 2011-12-04 10:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 13:13 - 2012-08-19 21:52 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-22 13:13 - 2012-07-16 15:57 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Roaming\Smart Panel
2014-12-22 13:13 - 2010-04-23 21:46 - 00000000 __RSD () C:\Users\Mike Hobby\Documents\My Stationery
2014-12-22 13:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-22 13:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-21 09:39 - 2012-08-19 21:54 - 00001039 _____ () C:\Users\Mike Hobby\Desktop\Dropbox.lnk
2014-12-21 08:33 - 2011-12-04 10:57 - 00000000 ____D () C:\ProgramData\Skype
2014-12-17 00:12 - 2014-09-26 07:41 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2014-12-16 03:36 - 2014-07-15 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2014-12-15 23:03 - 2014-03-10 10:33 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-12-15 10:01 - 2013-04-18 08:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-13 08:49 - 2014-10-22 15:40 - 00004132 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-12-13 08:49 - 2014-10-22 15:40 - 00003500 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-12-13 08:48 - 2014-10-22 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-12-11 03:39 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:21 - 2013-08-10 11:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:10 - 2010-04-23 07:07 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 03:10 - 2009-11-16 05:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 00:48 - 2010-04-23 07:06 - 00000000 ____D () C:\Users\Mike Hobby\AppData\Local\Microsoft Help
2014-12-10 13:19 - 2012-07-11 08:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 13:19 - 2012-07-11 08:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 13:19 - 2012-07-11 08:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
Some content of TEMP:
====================
C:\Users\Mike Hobby\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwxmi_y.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 00:37
 
==================== End Of Log ============================

 

Attached Files



#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:34 AM

Posted 08 January 2015 - 11:33 AM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Please let me know how the system is running now.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 sChi00

sChi00
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 09 January 2015 - 04:37 PM

Hi,

I ran ESET Online Scanner via esetsmartinstaller_enu version but as the scanner ran for over 20 hours and it still had only completed 83%, I stopped it. Should I run via IE browser version instead? It did find multiple infections, btw.

 

Thank you,

sChi00



#12 sChi00

sChi00
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 09 January 2015 - 04:43 PM

P.S. PC has AVG Internet Security 2015. 



#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:34 AM

Posted 10 January 2015 - 05:17 AM

The scan can take a very long time when there are a lot of files to scan. PLease let it run and don't stop it until it's finished.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 sChi00

sChi00
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 13 January 2015 - 08:14 PM

Hi,

I had to stop the second ESET scan due to a software update restart needed for AVG IS 2015. I am posting the results of the first scan any way in the hopes that it will be of some use because ever since that first ESET scan, the laptop (K/Home-PC) connected to HOME-PC network will not connect to the internet via any browser. I'm wondering if it has anything to do with the quarantined files or if this is just coincidence?

 

P.S. I just checked "C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt" & since the 2nd scan was stopped, there are no files/data in "C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine" nor its log file.

 

From ESET Online:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3306061\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mike Hobby\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mike Hobby\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mike Hobby\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mike Hobby\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mike Hobby\AppData\Local\Conduit\Chrome\CT3306061\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mike Hobby\AppData\Local\NativeMessaging\CT3306061\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\TDSSKiller_Quarantine\20.08.2012_09.43.58\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\Users\Mike Hobby\AppData\Local\Microsoft\Windows Live Mail\Gmail (kath 100\[Gmail]\Spam\59BB72F1-000000D4.eml HTML/Pharmacy.A trojan
C:\Users\Mike Hobby\AppData\Roaming\Wondershare\MobileGo\TempRoot\TempRoot.zip multiple threats
C:\Users\Mike Hobby\AppData\Roaming\Wondershare\MobileGo\TempRoot\root\pwn Android/Exploit.Lotoor.EP trojan
C:\Users\Mike Hobby\AppData\Roaming\Wondershare\MobileGo\TempRoot\root\rootf.apk Android/Exploit.Lotoor.EF trojan
C:\Users\Mike Hobby\Downloads\ErrorEND_Installer.exe multiple threats
C:\Users\Mike Hobby\Downloads\FileExtractorSetup.exe a variant of Win32/InstallCore.UF potentially unwanted application
C:\Users\Mike Hobby\Downloads\mobilego_full818.exe multiple threats
K:\HOME-PC\Backup Set 2014-11-14 110706\Backup Files 2014-11-14 110706\Backup files 7.zip multiple threats
K:\HOME-PC\Backup Set 2014-11-14 110706\Backup Files 2014-11-14 110706\Backup files 16.zip HTML/Pharmacy.A trojan
K:\HOME-PC\Backup Set 2014-11-14 110706\Backup Files 2014-11-14 110706\Backup files 26.zip multiple threats
 
Thank you,
sChi00
 
 
 


#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:34 AM

Posted 14 January 2015 - 01:01 AM

Please post a fresh FRST logfile from this system, then I can have a look about the internet problem :)
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users