Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Infection


  • This topic is locked This topic is locked
49 replies to this topic

#1 GuyGun

GuyGun

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 08 January 2015 - 10:48 PM

   Hello world. I have an ASUS laptop running Windows 7. Recently, my CPU usage has been high even with no processes in task manager using any. I used to get random popups stating "Error: Access Is Denied" though I no longer get this. I've run Malwarebytes multiple times though it finds nothing. I tried installing Avast but I get an error saying "The Base Filtering Engine (BFE) service is not running". I can't even activate Windows firewall :(. A different website was able to assist me and found out I apparently have the ZeroAccess infection, though they couldn't help me any further. I'll post the DDS logs below, thanks for any help.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.45.2
Run by Ryan at 22:06:02 on 2015-01-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1179 [GMT -5:00]
.
AV: Trend Micro Internet Security *Disabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\010\duuwysugju32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\Dwm.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate09072013
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Akamai NetSession Interface] C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [TaskTray] <no file>
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\649455F535543455255475966496 : DHCPNameServer = 131.94.7.220 131.94.205.10 131.94.226.10
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\74275656E644F6C6078696E6 : DHCPNameServer = 205.152.144.23 205.152.132.23 192.168.1.1
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\84F4D454D224831323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\C496D65635973616D6F62756 : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\C4B4630383 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\C4B4630383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A6775F7C-C096-4A0D-9CAF-C9A78F38C57B} : NameServer = 4.2.2.1
TCP: Interfaces\{A6775F7C-C096-4A0D-9CAF-C9A78F38C57B} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MRT] "C:\Windows\System32\MRT.exe" /R
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\
FF - prefs.js: browser.search.selectedEngine - uTorrentControl_v2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN26823413642493690&UM=false&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll
FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ryan\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - ExtSQL: !HIDDEN! 2011-03-09 22:28; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-6-14 15928]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-24 254528]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-11-19 41168]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-6-14 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-6-14 14904]
R2 duuwysugju32;duuwysugju32;C:\Program Files\010\duuwysugju32.exe run options=00100010100000000000000000000000 source=6315EBB8-4968-4AE5-8956-C5CABDE87E54  --> C:\Program Files\010\duuwysugju32.exe run options=00100010100000000000000000000000 source=6315EBB8-4968-4AE5-8956-C5CABDE87E54  [?]
R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-9-2 42576]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-5 25816]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CouponarificService64;CouponarificService64;C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\xtloowpkjv64.exe [2014-11-19 186368]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-1-1 969016]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-12 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-1-1 63704]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-1-1 1871160]
.
=============== Created Last 30 ================
.
2015-01-06 03:10:03 -------- d-----w- C:\FRST
2015-01-05 23:25:13 -------- d-----w- C:\zoek_backup
2015-01-05 21:42:45 -------- d-----w- C:\MGADiagToolOutput
2015-01-02 00:55:13 -------- d-----w- C:\ProgramData\AVAST Software
2015-01-01 07:52:46 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-01 07:51:52 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-01 07:51:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-01 07:51:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 00:29:24 -------- d-----w- C:\Program Files\Couponarific
2014-12-27 06:48:05 -------- d-----w- C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 06:46:35 -------- d-----w- C:\ProgramData\5558131108867548629
2014-12-27 06:46:35 -------- d-----w- C:\Program Files (x86)\YOeutuubeuAdBluoocke
2014-12-27 06:46:27 -------- d-----w- C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 06:46:26 -------- d-----w- C:\Program Files\010
2014-12-27 06:46:12 -------- d-----w- C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh
2014-12-27 06:45:04 -------- d-----w- C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej
2014-12-11 16:45:18 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 14:42:33 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 14:42:31 4121600 ----a-w- C:\Windows\System32\mf.dll
.
==================== Find3M  ====================
.
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:43 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:55:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 11:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 15:38:44 41168 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:04:21 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:46:24 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-07-09 17:52:17 1378888166 ----a-w- C:\Program Files (x86)\SilkroadOnline_GlobalOfficial_v1_403.exe
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 22:10:36.58 ===============
 
Attached File  attach.txt   2.76KB   0 downloads


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:06 PM

Posted 08 January 2015 - 11:26 PM

Hello GuyGun,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 GuyGun

GuyGun
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 09 January 2015 - 12:11 AM

Hi, thanks for responding so fast. Below is the AdwCleaner log. I'll post FRST.txt and Addition.txt in separate posts.

 

# AdwCleaner v4.107 - Report created 08/01/2015 at 23:39:35
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ryan - RYAN-PC
# Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : netfilter64
[#] Service Deleted : CouponArificService64
Service Deleted : duuwysugju32
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\ProgramData\5558131108867548629
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\PC Drivers HeadQuarters
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\CouponArific
Folder Deleted : C:\Program Files\010
Folder Deleted : C:\Users\Ryan\AppData\Local\Conduit
Folder Deleted : C:\Users\Ryan\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ryan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ryan\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Ryan\Documents\drivergenius
Folder Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\DTToolbar@toolbarnet.com
Folder Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\gB8A@g.edu
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\user.js
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKCU\Software\a2397ef133e9117c
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\couponarific
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : [x64] HKLM\SOFTWARE\couponarific
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v34.0 (x86 en-US)
 
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.1000234.TWC_TMP_city", "MIAMI");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.1000234.TWC_TMP_country", "US");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.1000234.TWC_locId", "USFL0316");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.1000234.TWC_location", "Miami, FL");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.1000234.TWC_region", "US");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.1000234.TWC_temp_dis", "f");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.1000234.TWC_wind_dis", "mph");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"74°F\",\"temperatureClear\":\"74°F\",\"highTemperature\":\"74°F\",\"lowTemperature\":\"67°F\",\"feelsLike\":\"74°F\",[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.FirstTime", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.FirstTimeFF3", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.LoginRevertSettingsEnabled", false);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.RevertSettingsEnabled", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.UserID", "UN95783283196511963");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.browser.search.defaultthis.engineName", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.fixUrls", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.isCheckedStartAsHidden", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.isNewTabEnabled", false);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.isPerformedSmartBarTransition", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.keyword", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.migrateAppsAndComponents", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.facebook.com%2Fmedia%2Fset%2F%3Fset%3Da.291397987625893.59610.204953999603626%26type%3D3[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.search.searchCount", "0");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2260173\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SwagBucks.OurToolbar.com//xpi\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Swag Bucks\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.settingsINI", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.smartbar.Uninstall", "0");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.toolbarBornServerTime", "3-12-2012");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "3-12-2012");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1354596611001,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM4NjExNzYzMCwidXVpZCI6NTkwODE1MDQ3OTI4OTE4LCJzZXFfaWQiOjIwMiwic3NiIjoxMzU3NzQyNzg0fQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.BT_Usage.enc", "eyJ1dWlkIjo1OTA4MTUwNDc5Mjg5MTgsInNlcV9pZCI6MX0=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.FirstTime", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM2OTc2NzY5Ng==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MzM3NTYzMQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "NA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_THROTTLE_BASEadd_stats0LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MjM2MjA5NA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_THROTTLE_BASEadd_stats0LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MTM4MjU0ODk0MA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_THROTTLE_BASEadd_stats0LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM4MzM3NTkwOA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_THROTTLE_BASEadd_statsLOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MTM3NzA3NDE5OQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_THROTTLE_BASEadd_statsLOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MTM3NzA3NDE5Ng==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.LOCAL_COOKIE_THROTTLE_BASEadd_statsLOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MTM4MzM3NTYzMg==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("C3220468.LoginRevertSettingsEnabled", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.PG_ENABLE.enc", "dHJ1ZQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.SEARCH_BOX_CNT.enc", "NTk=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.SF_JUST_INSTALLED.enc", "RkFMU0U=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.SF_STATUS.enc", "RU5BQkxFRA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.SF_USER_ID.enc", "Y2lkXzg0MjAxMzE0MjA0MTQ1MDc3ODM=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.UserID", "UN26823413642493690");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468._key_cl_active", "%BE%BC%EA%EA%BD%B8%EA%BF%B3%EB%E8%E9%E8%B3%BA%BD%BE%B8%B3%E7%BF%EB%E9%B3%E7%B9%E9%BB%EA%BE%BC%BB%E8%B7%BB%EA");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468._key_cl_active.enc", "ODZkZDcyZDktZWJjYi00NzgyLWE5ZWMtYTNjNWQ4NjViMTVk");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.acp_personal.appstate.enc", "ZW5hYmxl");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.autoDisableScopes", -1);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.cb_experience_000", "%B7%B8%BB%BE");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.cb_experience_000.enc", "MTI1OA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.cb_firstuse0100", "%B7");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.cb_firstuse0100.enc", "MQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.cb_user_id_000.enc", "Q0I0OTU1NzQyMjY5OThfMTM1NjIwNTEzODQ3Nl9GaXJlZm94");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.cbcountry_001.enc", "VVM=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.cbfirsttime.enc", "TW9uIERlYyAwMyAyMDEyIDIzOjUwOjI2IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.countryCode", "US");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.defaultSearch", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.discover-experiments-design.enc", "eyJuYW1lIjoibmFycm93T25lIiwidmVyc2lvbiI6MX0=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3AzIiwidmVyc2lvbiI6NX0=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzczNTU3OTQ5MzgxLDE0NDAwMDAwXX0=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.discover-user-id.enc", "ImM2MGM5NjQ2LTYzZWMtNDhhYS1hOTQ5LWUzYjM5MzQzN2M5NSI=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.enableAlerts", "always");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.fixUrls", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.fullUserID", "UN26823413642493690.UP.20130708003723");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.ground-country-code.enc", "IlVTIg==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZXJlc2l6ZWRzaXplPTAsdGl0bGViYXI9MCxjbG9zZW9uZXh0ZXJuYWxjbGljaz0xLHNhdmVsb2NhdGlvbj0wLG9wZW5wb3NpdGlvbj1vZmZ[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc2Nyb2xsYmFycz1ubyx0aXRsZW[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.installType", "xpe");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.isNewTabEnabled", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.keyword", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN26823413642493690&SSPV=&Lay=1&UM=false\"}[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.lastVersion", "10.20.0.513");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appStateReportTime", "%B7%B9%BE%BC%B7%B7%BD%BC%B9%BA%BA%BE%BF");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM4NjExNzYzNDQ4OQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appState_Clarity_Active", "%F5%F4");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appState_Clarity_Active.enc", "b24=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_calledSetupService.enc", "MQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_currentBadgeValue.enc", "MQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BB%B4%B7");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS4xMS41LjE=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_first_time", "%B7");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_lastLoginTime", "%B7%B9%BE%BC%B7%B7%BD%BC%B9%BA%BE%BB%BE");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM4NjExNzYzNDg1OA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_newApps", "%E1%E3");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_newApps.enc", "W10=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMDMiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjgzXzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.11.4.2", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjciLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjgzXzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.11.5.1", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.11.5.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMDQiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjgzXzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_stamp", "%BE%B9%E5%B6");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_stamp.enc", "ODNfMA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_userId", "%86");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_userId.enc", "AA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_user_approval_interacted", "%B7");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_user_approval_interacted.enc", "MQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_user_apps_selection", "%86");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "AA==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_welcomeDialogMode", "%B7");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_welcomeDialogMode.enc", "MQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.xnxx.com%2Fvideo4106190%2Fready_to_help_my_friend_s_mom_\",\"EB_MAIN_FRAME_TITLE\":\"Ready%20to%20help%20my%20fr[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.openUninstallPage", "false");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.originalHomepage", "hxxp://xfinity.comcast.net/?cid=insDate07152013");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN26823413642493690&UM=&q=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.originalSearchEngine", "XFINITY");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"03\\\\/05\\\\/2013 02\\\"}\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.revertSettingsEnabled", "false");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-country-code.enc", "IlVTIg==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-experiments-aaTest.enc", "eyJuYW1lIjoiYTIiLCJ2ZXJzaW9uIjoxfQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-experiments-animation.enc", "eyJuYW1lIjoiMC43NSIsInZlcnNpb24iOjN9");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-experiments-hover_effect.enc", "eyJuYW1lIjoic2hvcnQiLCJ2ZXJzaW9uIjoyfQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-experiments-image_analysis.enc", "eyJuYW1lIjoid2l0aG91dFN1YnRpdGxlIiwidmVyc2lvbiI6MX0=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-experiments-peoplebar_call_to_action.enc", "eyJuYW1lIjoiMyIsInZlcnNpb24iOjR9");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-experiments-placement.enc", "eyJuYW1lIjoiYnJhbmRlZC1iYXIiLCJ2ZXJzaW9uIjoxM30=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-experiments-play_icon.enc", "eyJuYW1lIjoibm8iLCJ2ZXJzaW9uIjoyfQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-experiments-taboola_config.enc", "eyJuYW1lIjoiYWxsVHlwZXMiLCJ2ZXJzaW9uIjozfQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzcxMzI3NjM1Njg5LDE0NDAwMDAwXX0=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-user-id.enc", "ImRkN2ExMjg2LTIzOTYtNDRjOS1hOWUxLTJhYWI1ZjQ3NDM2MCI=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac-yt-first-ping.enc", "MTM3MDk3ODMxMzA0OQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.sac_impressions_count.enc", "Ng==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.search.searchCount", "0");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.searchSuggestEnabledByUser", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.searchUserMode", "false");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2 \"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1386118009211");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1385700410792");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1356417747272");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1386121712492");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_clientErrorLog_lastUpdate", "1355773234951");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1385657708513");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1373233635673");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1362440667358");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364343917088");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363210086111");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369273608087");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373233636173");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374987836215");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379138743555");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.20.0.513_lastUpdate", "1386118008420");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1385657708466");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1386118009169");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1386118008221");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363146528065");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386118008274");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1386121712412");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1386118008257");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate", "1386121712808");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_userApps_lastUpdate", "1386121712822");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.settingsINI", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.showToolbarPermission", "false");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.smartbar.homepage", true);
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "4-12-2012");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "4-12-2013");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.toolbarDisabled", "true");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Fri Mar 15 2013 03:50:22 GMT-0400 (Eastern Daylight Time)");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.url_history0001", "%EE%FA%FA%F6%F9%C0%B5%B5%FD%FD%FD%B4%ED%F5%F5%ED%F2%EB%B4%E9%F5%F3%C0%C0%C0%E9%F2%EF%E9%F1%EE%E7%F4%EA%F2%EB%F8%C0%C0%C0%B7%B9%BE%BC%B6%BA%BB%BC%B9%BB%B6%BB%B9%[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzODYwNDU2MzUwNTMsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM4NjA0NTYzNTU1NywsLGh0dHBz[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.wreck-experiments-design.enc", "eyJuYW1lIjoibGlnaHQiLCJ2ZXJzaW9uIjo0fQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.wreck-experiments-feed.enc", "eyJuYW1lIjoidHJ1ZmZsZXMiLCJ2ZXJzaW9uIjozfQ==");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.wreck-experiments-hover_effect.enc", "eyJuYW1lIjoiaGFsZiIsInZlcnNpb24iOjF9");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.wreck-experiments-trigger.enc", "eyJuYW1lIjoieDAuNSIsInZlcnNpb24iOjF9");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.wreck-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzcxMzI3NjM1OTQ5LDE0NDAwMDAwXX0=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468.wreck-user-id.enc", "IjJmYzI4ZDMxLTQ5M2YtNGQ5Zi05ZmRiLWNhN2E5ODgyNzcwMiI=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386121708116,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl_v2 Customized Web Search");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN26823413642493690&UM=false&q=");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3220468");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=[...]
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3220468");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3220468");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "WVJU8LS5E0PMV7OMMYPICCTAZ+ARBHNQCDQZB5WR1GMPDKHU4KWQHU1EZTR0SFBKHG6MLTQMC63LUZKIPHNNPW");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
[sohgfkaq.default\prefs.js] - Line Deleted : user_pref("smartbar.originalSearchEngine", false);
 
-\\ Google Chrome v
 
[C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
 
*************************
 
AdwCleaner[R0].txt - [84350 octets] - [08/01/2015 23:34:24]
AdwCleaner[S0].txt - [88928 octets] - [08/01/2015 23:39:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [88989 octets] ##########


#4 GuyGun

GuyGun
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 09 January 2015 - 12:13 AM

Here is FRST.txt.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Ryan (administrator) on RYAN-PC on 09-01-2015 00:01:25
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [65309168 2012-10-11] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [610776 2012-12-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Ryuvkcjkhoi] => C:\Windows\system32\regsvr32.exe /s "C:\Windows\TEMP\lcclokw.dll"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2010-12-16] (AOL Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe [3303000 2011-11-17] (Akamai Technologies, Inc)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-25] (Google Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {0d0036b2-558f-11e0-83a1-485b398dea3c} - D:\setup.exe -a
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {b7da57dd-9b60-11e3-9182-485b398dea3c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate09072013
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A6775F7C-C096-4A0D-9CAF-C9A78F38C57B}: [NameServer] 4.2.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @livecode.runrev.com/LiveCode Player;version=1 -> C:\Users\Ryan\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll ()
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll (Tamarack Software, Inc.)
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
FF Extension: MaskMe - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\idme@abine.com [2014-11-22]
FF Extension: uTorrentControl_v2  - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013-09-14]
FF Extension: TopLine - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack.xpi [2012-07-15]
FF Extension: turkopticon - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{68d0652a-86ef-4c6a-89f4-808652357b2c}.xpi [2012-07-04]
FF Extension: Greasemonkey - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-01-06]
FF HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Xfinity) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-07-15]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (unIISaleus) - C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej\ [2013-08-23]
CHR Extension: (unisaaeles) - C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh\ [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 incdfs; C:\Windows\system32\mcvsrte.dll [6656 2009-07-13] (Oak Technology Inc.) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1270744 2012-12-03] (Cisco Systems, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859640 2010-02-23] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-31] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-24] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: incdfs -> C:\Windows\system32\mcvsrte.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 00:01 - 2015-01-09 00:02 - 00027242 _____ () C:\Users\Ryan\Desktop\FRST.txt
2015-01-08 23:59 - 2015-01-08 23:59 - 02124288 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2015-01-08 23:52 - 2015-01-08 23:54 - 00000000 ____D () C:\Users\Ryan\Desktop\Backups
2015-01-08 23:34 - 2015-01-08 23:40 - 00000000 ____D () C:\AdwCleaner
2015-01-08 23:32 - 2015-01-08 23:32 - 02191360 _____ () C:\Users\Ryan\Desktop\AdwCleaner.exe
2015-01-08 22:10 - 2015-01-08 22:10 - 00026536 _____ () C:\Users\Ryan\Desktop\dds.txt
2015-01-08 22:10 - 2015-01-08 22:10 - 00002831 _____ () C:\Users\Ryan\Desktop\attach.txt
2015-01-08 22:04 - 2015-01-08 22:04 - 00688992 ____R (Swearware) C:\Users\Ryan\Desktop\dds.com
2015-01-05 22:10 - 2015-01-09 00:01 - 00000000 ____D () C:\FRST
2015-01-05 18:25 - 2015-01-05 18:25 - 00000000 ____D () C:\zoek_backup
2015-01-05 18:24 - 2015-01-05 18:59 - 00001773 _____ () C:\Users\Ryan\Desktop\New Text Document.txt
2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\MGADiagToolOutput
2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-01-05 16:19 - 2015-01-08 21:49 - 00000000 ____D () C:\Users\Ryan\Desktop\S
2015-01-01 19:55 - 2015-01-01 19:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online.exe
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-01-01 02:52 - 2015-01-01 14:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 02:51 - 2015-01-01 02:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 02:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 02:51 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-31 19:29 - 2015-01-08 23:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2014-12-31 19:29 - 2015-01-08 23:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-31 02:59 - 2014-12-31 04:12 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E09.HDTV.x264-LOL[ettv]
2014-12-31 02:57 - 2014-12-31 02:57 - 00016204 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e09.hdtv.x264.lol.ettv.torrent
2014-12-31 01:21 - 2014-12-31 01:41 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E08 HDTV XviD-FUM[ettv]
2014-12-31 01:21 - 2014-12-31 01:21 - 00028745 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e08.hdtv.xvid.fum.ettv.torrent
2014-12-30 00:13 - 2014-12-30 00:34 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E07.HDTV.x264-LOL[ettv]
2014-12-30 00:12 - 2014-12-30 00:12 - 00017250 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e07.hdtv.x264.lol.ettv.torrent
2014-12-29 21:37 - 2014-12-29 21:47 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E06.HDTV.x264-LOL[ettv]
2014-12-29 21:36 - 2014-12-29 21:36 - 00016954 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e06.hdtv.x264.lol.ettv.torrent
2014-12-29 15:06 - 2014-12-29 15:15 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E05 HDTV x264-LOL[ettv]
2014-12-29 15:05 - 2014-12-29 15:05 - 00016204 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e05.hdtv.x264.lol.ettv.torrent
2014-12-28 01:11 - 2014-12-29 00:19 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E04 HDTV x264-LOL[ettv]
2014-12-28 01:11 - 2014-12-28 01:11 - 00015498 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e04.hdtv.x264.lol.ettv.torrent
2014-12-27 23:47 - 2014-12-28 00:41 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E03 HDTV x264-LOL[ettv]
2014-12-27 23:46 - 2014-12-27 23:46 - 00016615 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e03.hdtv.x264.lol.ettv.torrent
2014-12-27 01:49 - 2014-12-27 01:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E02 HDTV x264-LOL[ettv]
2014-12-27 01:48 - 2014-12-27 01:48 - 00018398 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e02.hdtv.x264.lol.ettv.torrent
2014-12-27 01:48 - 2014-12-27 01:48 - 00000000 ____D () C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:46 - 2015-01-01 03:42 - 00000000 ____D () C:\Program Files (x86)\YOeutuubeuAdBluoocke
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:45 - 2014-12-27 01:45 - 00000000 ____D () C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej
2014-12-16 23:22 - 2014-12-17 00:34 - 00000000 ____D () C:\Users\Ryan\Downloads\The Walking Dead S5 1-8
2014-12-16 23:20 - 2014-12-16 23:20 - 00018206 _____ () C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.s5.1.8.torrent
2014-12-16 22:54 - 2014-12-16 22:55 - 00013573 _____ () C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.season.5.first.8.episodes.with.subtitles.torrent
2014-12-14 23:33 - 2014-12-14 23:33 - 00883712 _____ () C:\Users\Ryan\Downloads\Chap020.ppt
2014-12-11 11:45 - 2014-12-11 11:45 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 09:42 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 09:42 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 23:58 - 2010-06-14 21:18 - 01467400 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 23:51 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 23:51 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 23:42 - 2013-01-14 10:00 - 00277852 _____ () C:\Windows\PFRO.log
2015-01-08 23:42 - 2012-12-29 14:09 - 00222904 _____ () C:\Windows\setupact.log
2015-01-08 23:42 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 23:33 - 2012-08-25 12:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA.job
2015-01-08 22:42 - 2011-11-15 20:59 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Akamai
2015-01-08 20:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At42.job
2015-01-08 20:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At41.job
2015-01-08 19:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At40.job
2015-01-08 19:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At39.job
2015-01-08 18:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At38.job
2015-01-08 18:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At37.job
2015-01-08 17:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At36.job
2015-01-08 17:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At35.job
2015-01-08 16:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At34.job
2015-01-08 16:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At33.job
2015-01-08 15:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At32.job
2015-01-08 15:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At31.job
2015-01-08 14:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At30.job
2015-01-08 14:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At29.job
2015-01-08 13:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At28.job
2015-01-08 13:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At27.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At8.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At26.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At24.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At22.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At20.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At18.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At16.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At14.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At12.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At10.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At9.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At7.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At25.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At23.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At21.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At19.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At17.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At15.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At13.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At11.job
2015-01-08 02:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At6.job
2015-01-08 02:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At5.job
2015-01-08 01:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At4.job
2015-01-08 01:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At3.job
2015-01-08 01:33 - 2012-08-25 12:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001Core.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At48.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At46.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At44.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At2.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At47.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At45.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At43.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At1.job
2015-01-01 14:40 - 2013-01-13 02:25 - 00000000 ____D () C:\Users\Ryan\AppData\Local\PMB Files
2015-01-01 14:19 - 2010-12-27 22:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2015-01-01 14:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-01 02:53 - 2012-09-05 20:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-01 02:52 - 2012-09-05 20:55 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
2015-01-01 02:51 - 2012-09-05 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 02:10 - 2010-06-14 21:53 - 00001254 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-31 03:54 - 2012-12-03 20:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\uTorrent
2014-12-14 23:33 - 2012-12-19 17:56 - 00308736 ___SH () C:\Users\Ryan\Downloads\Thumbs.db
2014-12-12 01:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 16:35 - 2012-08-25 12:23 - 00002362 _____ () C:\Users\Ryan\Desktop\Google Chrome.lnk
2014-12-11 11:54 - 2009-07-14 00:13 - 00866832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 11:49 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-11 11:47 - 2012-06-12 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 11:47 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-11 11:47 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-11 11:45 - 2014-04-30 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 11:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 09:45 - 2011-04-24 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 09:41 - 2012-05-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
ZeroAccess:
C:\Windows\System32\consrv.dll
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
C:\ProgramData\O4Ol0Glu.dat
C:\ProgramData\odbcHost64.dll
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
 
 
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\05596eru0p11w4S1.dll
C:\Users\Ryan\AppData\Local\Temp\0AtJU3H08j7kIYj5.dll
C:\Users\Ryan\AppData\Local\Temp\0han9IqtiL4v1LGy.dll
C:\Users\Ryan\AppData\Local\Temp\0q4Efl4Xb3N460DN.dll
C:\Users\Ryan\AppData\Local\Temp\0R3Cuh2VoU82KcWR.dll
C:\Users\Ryan\AppData\Local\Temp\16RW2XHuevihdQDe.dll
C:\Users\Ryan\AppData\Local\Temp\1hB87W0z47619wcL.dll
C:\Users\Ryan\AppData\Local\Temp\1ixFGfQvu5ONuzON.dll
C:\Users\Ryan\AppData\Local\Temp\1QAKwa7TxxaN1toB.dll
C:\Users\Ryan\AppData\Local\Temp\20k8zzLeg55rp34J.dll
C:\Users\Ryan\AppData\Local\Temp\217z5p9amtwhmcF4.dll
C:\Users\Ryan\AppData\Local\Temp\2ayF2NrYv5cojV9a.dll
C:\Users\Ryan\AppData\Local\Temp\2clV425y48NanqFo.dll
C:\Users\Ryan\AppData\Local\Temp\2dY65R25gwCir6G1.dll
C:\Users\Ryan\AppData\Local\Temp\2Egsrr243md7kQJC.dll
C:\Users\Ryan\AppData\Local\Temp\2Y1c2gk03q226E9W.dll
C:\Users\Ryan\AppData\Local\Temp\388ReHQr11iSE6t9.dll
C:\Users\Ryan\AppData\Local\Temp\3A072xf3TSz85Bc6.dll
C:\Users\Ryan\AppData\Local\Temp\3i2N0vP3LRN3G61M.dll
C:\Users\Ryan\AppData\Local\Temp\3IRavuh8B62638mF.dll
C:\Users\Ryan\AppData\Local\Temp\3jhGn3p3mb4Nxr61.dll
C:\Users\Ryan\AppData\Local\Temp\3sLXLADZvUHh7D09.dll
C:\Users\Ryan\AppData\Local\Temp\3USe0qa64Szkj8wL.dll
C:\Users\Ryan\AppData\Local\Temp\40TdzDz589m7f18L.dll
C:\Users\Ryan\AppData\Local\Temp\41Y3JDxsdUS2px0Z.dll
C:\Users\Ryan\AppData\Local\Temp\430Et8462t3DTs4M.dll
C:\Users\Ryan\AppData\Local\Temp\4FA1196rUH9dEQrK.dll
C:\Users\Ryan\AppData\Local\Temp\4ZHN2b1d29QpD0Z5.dll
C:\Users\Ryan\AppData\Local\Temp\52dU8B31Vz0f041D.dll
C:\Users\Ryan\AppData\Local\Temp\58eUVcI5PBE8FRFP.dll
C:\Users\Ryan\AppData\Local\Temp\5d09IokO2ZDBr2c6.dll
C:\Users\Ryan\AppData\Local\Temp\5Jc07xDr2d6t23do.dll
C:\Users\Ryan\AppData\Local\Temp\69r4D43n5EH3Qjy6.dll
C:\Users\Ryan\AppData\Local\Temp\6l4mb003085T5R00.dll
C:\Users\Ryan\AppData\Local\Temp\6l9ewc8D92sooBI9.dll
C:\Users\Ryan\AppData\Local\Temp\6rLUGKXvk6g9518S.dll
C:\Users\Ryan\AppData\Local\Temp\748CRTfX418umi1r.dll
C:\Users\Ryan\AppData\Local\Temp\75kjrRNjO2R76nvy.dll
C:\Users\Ryan\AppData\Local\Temp\7615ZtIw5BW27Yo6.dll
C:\Users\Ryan\AppData\Local\Temp\7aLncqhS406OaP64.dll
C:\Users\Ryan\AppData\Local\Temp\7F3oIxKiBjs9ZwDG.dll
C:\Users\Ryan\AppData\Local\Temp\7qJr9QZt8E04pJ8Q.dll
C:\Users\Ryan\AppData\Local\Temp\7VDGWN832QRwh6Kv.dll
C:\Users\Ryan\AppData\Local\Temp\7vgs9ZCs6Ts4JJR4.dll
C:\Users\Ryan\AppData\Local\Temp\7ZacT7k5UTQxQp75.dll
C:\Users\Ryan\AppData\Local\Temp\815516k9Y1oihRN4.dll
C:\Users\Ryan\AppData\Local\Temp\86wazg4qxZ1u8dA8.dll
C:\Users\Ryan\AppData\Local\Temp\8CRtmlWV5yaM6mdJ.dll
C:\Users\Ryan\AppData\Local\Temp\8j4SXFQjPnafy7E3.dll
C:\Users\Ryan\AppData\Local\Temp\8K1J6DB3N26Xl6T5.dll
C:\Users\Ryan\AppData\Local\Temp\8pvmUzjrmzi169wv.dll
C:\Users\Ryan\AppData\Local\Temp\8UEVMK325g6y2121.dll
C:\Users\Ryan\AppData\Local\Temp\8VAOe2TgQ8mAKWkq.dll
C:\Users\Ryan\AppData\Local\Temp\91zd92O1mTgIALdh.dll
C:\Users\Ryan\AppData\Local\Temp\920OU0r4m5cWve83.dll
C:\Users\Ryan\AppData\Local\Temp\934E98Q8v79jGmJs.dll
C:\Users\Ryan\AppData\Local\Temp\9c81Kn80uiPsm724.dll
C:\Users\Ryan\AppData\Local\Temp\9gTQF2zl55hFKx9c.dll
C:\Users\Ryan\AppData\Local\Temp\9hA1z3d8bA7P7k0m.dll
C:\Users\Ryan\AppData\Local\Temp\9M26iZBeOLg2q874.dll
C:\Users\Ryan\AppData\Local\Temp\9P2A3r6cU3xBsuX9.dll
C:\Users\Ryan\AppData\Local\Temp\a2jEG2wk8MNgYx7v.dll
C:\Users\Ryan\AppData\Local\Temp\AmqGbLKX8jRB8Prg.dll
C:\Users\Ryan\AppData\Local\Temp\aN84P01nMY58137m.dll
C:\Users\Ryan\AppData\Local\Temp\au8NdmwAt09Bk7Yl.dll
C:\Users\Ryan\AppData\Local\Temp\Az5N80klXl52pM27.dll
C:\Users\Ryan\AppData\Local\Temp\B1uB9ojw2MZo6MBi.dll
C:\Users\Ryan\AppData\Local\Temp\b3y7iN629pE3n8Vo.dll
C:\Users\Ryan\AppData\Local\Temp\b40QKN5u86I3mh2S.dll
C:\Users\Ryan\AppData\Local\Temp\b5C99r4b0GcH8J6p.dll
C:\Users\Ryan\AppData\Local\Temp\bFfAs49A366DKVZo.dll
C:\Users\Ryan\AppData\Local\Temp\BVC7Qw7M3LzN22gu.dll
C:\Users\Ryan\AppData\Local\Temp\BxL26qf9Dl1U11r2.dll
C:\Users\Ryan\AppData\Local\Temp\By3JxmaojNUE2T1u.dll
C:\Users\Ryan\AppData\Local\Temp\C6uVAdho643h28za.dll
C:\Users\Ryan\AppData\Local\Temp\C9oWXZraSjhGOV9i.dll
C:\Users\Ryan\AppData\Local\Temp\CRs20A6uMGzmdGcv.dll
C:\Users\Ryan\AppData\Local\Temp\D9726JHh3B587ORy.dll
C:\Users\Ryan\AppData\Local\Temp\dv7NI0zdaxeI53E7.dll
C:\Users\Ryan\AppData\Local\Temp\e3G7cVuqh7w28K6k.dll
C:\Users\Ryan\AppData\Local\Temp\eesL2agMchLsDPeg.dll
C:\Users\Ryan\AppData\Local\Temp\EI1i5LquL9O8YtOZ.dll
C:\Users\Ryan\AppData\Local\Temp\El0RvWOX8D2q5sUf.dll
C:\Users\Ryan\AppData\Local\Temp\evM8HC46D5uSdw89.dll
C:\Users\Ryan\AppData\Local\Temp\F32Um5rksk3967sz.dll
C:\Users\Ryan\AppData\Local\Temp\FDQxtClPxIxc461s.dll
C:\Users\Ryan\AppData\Local\Temp\fm8O5335kwQG5aB5.dll
C:\Users\Ryan\AppData\Local\Temp\gfjUSb8lUbInQ1O7.dll
C:\Users\Ryan\AppData\Local\Temp\gMm5j6a9etfi2a9E.dll
C:\Users\Ryan\AppData\Local\Temp\gN8g86dF55OU1ctP.dll
C:\Users\Ryan\AppData\Local\Temp\GtQ77y8e3qV43n34.dll
C:\Users\Ryan\AppData\Local\Temp\H311Q6sC2UH23R06.dll
C:\Users\Ryan\AppData\Local\Temp\H9M30S6y4g2l7YoL.dll
C:\Users\Ryan\AppData\Local\Temp\hHk6U6x2cWD5b7nl.dll
C:\Users\Ryan\AppData\Local\Temp\HWIqy7644kVcIF7U.dll
C:\Users\Ryan\AppData\Local\Temp\hxkPLy6dli6wrJOC.dll
C:\Users\Ryan\AppData\Local\Temp\I11coWvf06JQt2hG.dll
C:\Users\Ryan\AppData\Local\Temp\i2Y6HRwBcZT43D8W.dll
C:\Users\Ryan\AppData\Local\Temp\i3FmRQg1KcLr63D8.dll
C:\Users\Ryan\AppData\Local\Temp\i82IUWw981xzqJ88.dll
C:\Users\Ryan\AppData\Local\Temp\iZ77KcWerqcYhH3i.dll
C:\Users\Ryan\AppData\Local\Temp\Jl8A2YsAwxSrZB1k.dll
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jutoldQaY53B3t1C.dll
C:\Users\Ryan\AppData\Local\Temp\k41V48P414u90gu8.dll
C:\Users\Ryan\AppData\Local\Temp\kBR6bvY3Sh9P29fo.dll
C:\Users\Ryan\AppData\Local\Temp\Ke16ifOibDWMtFCE.dll
C:\Users\Ryan\AppData\Local\Temp\KGG01P800Jo11xOQ.dll
C:\Users\Ryan\AppData\Local\Temp\kGK3wv7vbC9i9BAc.dll
C:\Users\Ryan\AppData\Local\Temp\LJTA48X97MFMp535.dll
C:\Users\Ryan\AppData\Local\Temp\ll7Yh71MfRMr1YzC.dll
C:\Users\Ryan\AppData\Local\Temp\M2s4Ezem7iSvjwRw.dll
C:\Users\Ryan\AppData\Local\Temp\M3G0UBz44LsPn9JU.dll
C:\Users\Ryan\AppData\Local\Temp\m45s9Daa1e2RC8pr.dll
C:\Users\Ryan\AppData\Local\Temp\MA46v358zxrJs1Dd.dll
C:\Users\Ryan\AppData\Local\Temp\MLeoCmOCt9sBA5g9.dll
C:\Users\Ryan\AppData\Local\Temp\Mmk2h5IrROVkW8yY.dll
C:\Users\Ryan\AppData\Local\Temp\mv3b4NeRDWMUI361.dll
C:\Users\Ryan\AppData\Local\Temp\Mvy5As65gV23hL0q.dll
C:\Users\Ryan\AppData\Local\Temp\N6ZD9uTkiDrt168L.dll
C:\Users\Ryan\AppData\Local\Temp\nHq0Lk1cWd1dDsQX.dll
C:\Users\Ryan\AppData\Local\Temp\OEL5rdM6s8mRP3zw.dll
C:\Users\Ryan\AppData\Local\Temp\OJhPEUcXl3j50v48.dll
C:\Users\Ryan\AppData\Local\Temp\oL7jNgrgFc1LaYsV.dll
C:\Users\Ryan\AppData\Local\Temp\osSqUrbaypPsZS0y.dll
C:\Users\Ryan\AppData\Local\Temp\P04nj0BuhQXY2V43.dll
C:\Users\Ryan\AppData\Local\Temp\p0u40Fn39GiXR6Wg.dll
C:\Users\Ryan\AppData\Local\Temp\pkz6Zu6g1tOpD5Rk.dll
C:\Users\Ryan\AppData\Local\Temp\PPNPCk9L8go7UQcY.dll
C:\Users\Ryan\AppData\Local\Temp\ppU28SU6UFcruh41.dll
C:\Users\Ryan\AppData\Local\Temp\pz65cYI3z2cOsaTo.dll
C:\Users\Ryan\AppData\Local\Temp\QH19pXMT664SEYSB.dll
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ryan\AppData\Local\Temp\qWL81EVrYA5lD852.dll
C:\Users\Ryan\AppData\Local\Temp\R3JnVVfLO86ISHE8.dll
C:\Users\Ryan\AppData\Local\Temp\R77M8829pTx75eCP.dll
C:\Users\Ryan\AppData\Local\Temp\rBUE1Tsitj6fyyvF.dll
C:\Users\Ryan\AppData\Local\Temp\rCXod24oH7CeO7EE.dll
C:\Users\Ryan\AppData\Local\Temp\rp0rlDf619105OiO.dll
C:\Users\Ryan\AppData\Local\Temp\RSRXUPbeHWZv6eZ4.dll
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ryan\AppData\Local\Temp\Sn5G6cIA98QC5Jb6.dll
C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
C:\Users\Ryan\AppData\Local\Temp\ss5xN2bU3ChjmIke.dll
C:\Users\Ryan\AppData\Local\Temp\SSOwXYg34Gu2Pa8o.dll
C:\Users\Ryan\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Ryan\AppData\Local\Temp\T6Y0aSV4xFHVhMa3.dll
C:\Users\Ryan\AppData\Local\Temp\T93rvl6g4I27oWeW.dll
C:\Users\Ryan\AppData\Local\Temp\te8Hj2PSOElMdmi2.dll
C:\Users\Ryan\AppData\Local\Temp\TEXsIaV5Irg3jOau.dll
C:\Users\Ryan\AppData\Local\Temp\Tf0OBF5u838eqe9l.dll
C:\Users\Ryan\AppData\Local\Temp\tgSbhk0upiX7UE80.dll
C:\Users\Ryan\AppData\Local\Temp\UBw9fb1Y1iZus5gL.dll
C:\Users\Ryan\AppData\Local\Temp\uF7uqBxT66QzgxNV.dll
C:\Users\Ryan\AppData\Local\Temp\uGQ8kKTF7ejb4N6R.dll
C:\Users\Ryan\AppData\Local\Temp\uLNb6Pn2xQmG1mb6.dll
C:\Users\Ryan\AppData\Local\Temp\uNhC382V8shIV665.dll
C:\Users\Ryan\AppData\Local\Temp\UQE7L51ww11fvUs0.dll
C:\Users\Ryan\AppData\Local\Temp\v0cQ2XcB0Tp5RE02.dll
C:\Users\Ryan\AppData\Local\Temp\Vh1dx0GUK2Ie8yn9.dll
C:\Users\Ryan\AppData\Local\Temp\w2Y9yEBRQnBC3K3X.dll
C:\Users\Ryan\AppData\Local\Temp\wieVi8Sg3WP3uaT9.dll
C:\Users\Ryan\AppData\Local\Temp\wPW17GMuV8SXiQ59.dll
C:\Users\Ryan\AppData\Local\Temp\X54qvSvm92pfPCuj.dll
C:\Users\Ryan\AppData\Local\Temp\xcywH68sx4EOYuGc.dll
C:\Users\Ryan\AppData\Local\Temp\xXT6PRoA2Yw7o8xB.dll
C:\Users\Ryan\AppData\Local\Temp\y1PD668d59fYVMAT.dll
C:\Users\Ryan\AppData\Local\Temp\Y924QX9mi4BOBsPw.dll
C:\Users\Ryan\AppData\Local\Temp\YD6y6lL7PmlrPp86.dll
C:\Users\Ryan\AppData\Local\Temp\Yn6091Hbp3j21fJ9.dll
C:\Users\Ryan\AppData\Local\Temp\yPjj4Qa82218U6K1.dll
C:\Users\Ryan\AppData\Local\Temp\Yrw0D543Oe7LkA1F.dll
C:\Users\Ryan\AppData\Local\Temp\YSu6zS5hb0TWjb04.dll
C:\Users\Ryan\AppData\Local\Temp\yxmj785I5Y87070x.dll
C:\Users\Ryan\AppData\Local\Temp\z6oqGz8ss0T1oP52.dll
C:\Users\Ryan\AppData\Local\Temp\z7uBNhO8bO8JLAO0.dll
C:\Users\Ryan\AppData\Local\Temp\Z8HT5iOlKA45ahK0.dll
C:\Users\Ryan\AppData\Local\Temp\Zg4RNo6H3aW30e70.dll
C:\Users\Ryan\AppData\Local\Temp\zI3vAR93SSYDpVwv.dll
C:\Users\Ryan\AppData\Local\Temp\Zm8z1QT0w5prvP01.dll
C:\Users\Ryan\AppData\Local\Temp\ZndTk2p7pdorrG2P.dll
C:\Users\Ryan\AppData\Local\Temp\Zvw19O9o114iKITp.dll
C:\Users\Ryan\AppData\Local\Temp\zZEmOwDH8E73eXp6.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 
 
LastRegBack: 2015-01-05 18:04
 
==================== End Of Log ============================

Here is Addition.txt. Again thanks for any help.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Ryan at 2015-01-09 00:05:09
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Internet Security (Disabled - Out of date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Trend Micro Internet Security (Disabled - Out of date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.2.28595 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Ace of Spades (HKLM-x32\...\{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}) (Version: 0.75.015 - Ben Aksoy)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Connect Add-in (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.262 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Akamai) (Version:  - )
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Aleks 3.14 (HKLM-x32\...\Aleks 3.14) (Version:  - )
Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.28 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Best Buy pc app (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\48e4cff94f039634) (Version: 3.1.2.0 - Best Buy)
Best Buy pc app (Version: 3.1.2.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.2.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   - )
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build and Shoot Launcher 1.1 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.1 - Buld Then Snip, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Cisco NAC Agent  (HKLM-x32\...\{0CB855E9-B05A-41C7-B743-C286A08433D0}) (Version: 4.9.2.8 - Cisco Systems, Inc.)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
couponarific (HKLM\...\6315EBB8-4968-4AE5-8956-C5CABDE87E54) (Version: 2.0.1 - couponarific) <==== ATTENTION
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version:  - Z8Games.com)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D1600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_SF_06_D1600_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Driver Detective (HKLM-x32\...\{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}) (Version: 7 - PC Drivers HeadQuarters)
EasyBits GO (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Game Organizer) (Version:  - EasyBits Media)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
F.lux (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Flux) (Version:  - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FrostWire 4.21.5 (HKLM-x32\...\FrostWire) (Version: 4.21.5.0 - FrostWire Team)
FrostWire 5.4.0 (HKLM-x32\...\FrostWire 5) (Version: 5.4.0.0 - FrostWire Team)
Ghost Recon Phantoms - NA (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\fc418bf9b18f76aa) (Version: 1.35.9476.1 - Ubisoft)
Google Chrome (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{E80963EC-EED7-411A-8AC0-149EC57FB0F9}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{177F4FEE-E119-4AB7-9B32-ECF6A1D03719}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6 (HKLM\...\{96178C0A-BAF9-4E49-A2A5-CDE76722105B}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
ICCup Launcher (HKLM-x32\...\ICCup Launcher_is1) (Version: 1.6 - ICCup)
I-Doser Premium (HKLM-x32\...\I-Doser) (Version: 5.0 - I-Doser.com)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2021 - Intel Corporation)
iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lexmark Z700-P700 Series (HKLM\...\Lexmark Z700-P700 Series) (Version:  - Lexmark International, Inc.)
Lexmark Z700-P700 Series (HKLM-x32\...\Lexmark Z700-P700 Series) (Version:  - Lexmark International, Inc.)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.1.4 - www.leaguereplays.com)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31010.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
P2V version 2.0.1.2 (HKLM-x32\...\{32926394-C1FC-4C7F-9B48-BA9C035701DB}_is1) (Version: 2.0.1.2 - IPEVO)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PartyPoker (HKLM-x32\...\PartyPoker) (Version: 147 - PartyGaming)
Pearson LockDown Browser (HKLM-x32\...\{1F8BAD3E-1EE5-43ED-B5DB-F6311DA7666A}) (Version: 1.04.23 - Respondus, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Python 3.4.0 (HKLM-x32\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
RunRev LiveCode Player Browser Plugin (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\LiveCode Player) (Version: 9 - RunRev Ltd.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Silkroad (HKLM-x32\...\Silkroad) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2300 - SRS Labs, Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Socks5Cap X86/X64 2.2.1.0 (HKLM-x32\...\{10578CAB-AE86-442E-97F0-96656404CD6F}_is1) (Version:  - www.networktunnel.net)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (64-bit) (HKLM\...\{15AD6738-23E8-4AE6-93E9-434E717EECB2}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tremulous 1.1.0 (HKLM-x32\...\Tremulous) (Version:  - )
Trend Micro Internet Security (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security (Version: 17.50 - Trend Micro Inc.) Hidden
TuneAid 3.76 (HKLM-x32\...\TuneAid_is1) (Version: 3.76 - DigiDNA)
USB 2.0 UVC 1.3M WebCam (HKLM\...\USB 2.0 UVC 1.3M WebCam) (Version:  - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. )
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
31-12-2014 19:27:01 Windows Update
31-12-2014 19:30:37 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
01-01-2015 02:04:34 Windows Update
01-01-2015 02:09:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
01-01-2015 03:00:41 Windows Update
01-01-2015 03:56:39 Windows Update
01-01-2015 14:14:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
01-01-2015 14:42:27 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
02-01-2015 03:00:33 Windows Update
03-01-2015 03:00:17 Windows Update
04-01-2015 19:42:13 Windows Update
05-01-2015 03:00:18 Windows Update
06-01-2015 03:00:16 Windows Update
07-01-2015 03:00:15 Windows Update
08-01-2015 03:00:13 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-06-14 02:08 - 2012-06-14 02:08 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00217407-F410-4FCF-A5F6-19CA22A8769D} - System32\Tasks\At18 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {02C2677A-5CB4-4448-A52F-9D813FE7D3C0} - System32\Tasks\{B8F37857-BB96-472B-AAB9-219BFA259D72} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsProgressBar
Task: {030466B5-F3A2-416D-847E-0CE36AE8E17A} - System32\Tasks\{8CE7F0A4-61F1-45BB-BCD4-F3119DB28594} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {054E76ED-F598-42BF-81BA-2AF38518942C} - System32\Tasks\At22 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {0809E6E1-88F8-4D9C-ACFA-3964ACB3538C} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {0B832A70-8997-4A07-9812-41604DAF45F4} - System32\Tasks\At33 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {0F256C72-B130-4B26-BE66-12310EFFD98D} - System32\Tasks\At25 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {10B0FC57-B1E5-49B8-BB20-1615D49752AF} - System32\Tasks\At23 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {11B5D21A-E56A-4C54-A122-F442816840E9} - System32\Tasks\At36 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {25DFC395-5FEB-4ADB-8B2C-AB1BBD2ADEF5} - System32\Tasks\At21 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {2650FF7A-3CE9-47C0-A51D-A02514A6C2E0} - System32\Tasks\At27 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {29650289-3C8D-4F8B-B328-85B668E3904A} - System32\Tasks\At48 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {315FAFDE-2ECA-4BFE-AD2A-5237EB41A09A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {34C3BA6F-8BB5-44B7-82DA-DA3119A40AF7} - System32\Tasks\At9 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {38ED3C4B-9644-4E42-98DB-10BCFA1C48FA} - System32\Tasks\At7 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {3957E7F2-D8C2-4171-8ECC-CF4906A4D1A8} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
Task: {39CF4D1C-20C8-46C5-AE7D-498743024604} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {3AEF73E7-63A3-40DC-8B93-BE77599C0F7B} - System32\Tasks\At19 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {4494368B-7030-4309-827D-5B0BB5D384C7} - System32\Tasks\At2 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {44982330-D4C7-4F7F-968A-ECD114AB8DD3} - System32\Tasks\At29 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {498E3DE2-EB7E-4C06-B072-E762A6439BDC} - System32\Tasks\At31 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {4B6B73AF-4476-4EDD-8008-A9BE499A5763} - System32\Tasks\At46 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {539AB19B-C222-496C-ADBE-9F0B2D8EA235} - System32\Tasks\At13 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {54D84887-9747-4056-821E-C9AFD3E3FFDB} - System32\Tasks\At3 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {55B4F62D-2005-465D-9F5A-9BCBDD92E631} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2009-11-17] (ASUSTek Computer Inc.)
Task: {58DCF5A0-E5B7-4127-927C-4931C8301403} - System32\Tasks\At34 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5C5D2567-3A0C-4AD5-A29F-092A7B97A891} - System32\Tasks\At44 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5DFA52A2-0B67-4525-99E0-D640DA79A4C9} - System32\Tasks\At1 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5F524282-6D49-4E8A-8BC3-483F5D5A2459} - System32\Tasks\At28 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5F9E08B1-43A3-4282-A17A-FA680C12A079} - System32\Tasks\At8 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6376A557-3B8F-4EA4-96D8-3DBEE0B9A3FF} - System32\Tasks\At40 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {64E5C6BA-9355-4651-A856-40BC9BBD4416} - System32\Tasks\At35 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6532A6B4-757D-4B40-AAB7-F8063A232C0A} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {68081B1E-3D94-4A21-BC51-566D938B811E} - System32\Tasks\At45 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {68A07868-C00B-4403-A8BC-415AD0990CBF} - System32\Tasks\At41 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6E7442EE-0BAC-4F82-B5EA-D8EA374BD1FF} - System32\Tasks\At39 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6EE03B75-A6CD-44DF-A030-F5CE449B0489} - System32\Tasks\At20 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {71EBAB05-36AB-46E0-A723-8A4AFE080A01} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {7EBF90D4-B334-4DB7-8B0E-42295ACF05EE} - System32\Tasks\{19FEE98D-D83C-4598-9466-600054E329A2} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsProgressBar
Task: {8A42BC69-77CF-4D7D-9CEB-761F51443D02} - System32\Tasks\At4 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {98BFDE1F-8383-4E26-9BF7-52D3C5607033} - System32\Tasks\At47 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {9FCF0CF0-3A68-45F0-B8AA-0CF6A5A0E33F} - System32\Tasks\At43 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {A594F16C-8E5F-4AB3-B79B-03F38AEF85A1} - System32\Tasks\At42 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {A5C7D1BE-9D76-4C4D-9A2E-D05C74D9AD2E} - System32\Tasks\At11 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {A5D034DC-BCCA-4559-AF54-016479CE3876} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {AF1D11F7-284B-4EEF-AA53-81921779EDB5} - System32\Tasks\At17 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {B114995E-A5F5-4536-BF17-696D2912195C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {B2E66392-9BA6-49BE-A366-116589599F2D} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-05] (ATK)
Task: {B426ED23-991E-4114-921A-CFC099B0CE32} - System32\Tasks\At26 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {B4DB6E0C-350F-4130-A732-733F3ABD19BD} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {B6F873B1-4668-46D6-B261-3A7DFFB72BAB} - System32\Tasks\At12 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {BC27576A-F488-4853-B757-6A8E7E9123B9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C3B62085-7836-46E0-8A14-C0059EE454BD} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-01-31] (Hewlett-Packard Co.)
Task: {C41FD112-5424-4FF2-8F4B-E0B9546C094B} - System32\Tasks\At37 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {C44965DB-FB60-4AA1-A5E3-673B8550A5EF} - System32\Tasks\At32 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {C597DEAC-444E-45DE-B860-65430DF61DDC} - System32\Tasks\At5 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {CAC3A799-2951-43AD-9757-42F180D95FD7} - System32\Tasks\At38 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {CB9698B5-E5CA-49BE-93B7-F1F7AD1FEEAB} - System32\Tasks\At6 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {CDFD6661-A2DF-49DD-BF33-88214D7132AB} - System32\Tasks\At24 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {D0D65AE3-6534-42B9-AD6A-09C8535BAC96} - System32\Tasks\{4E20000B-CE8A-4509-9108-CC28812A9797} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {D689F337-1E11-4CB3-A117-B1A804C7F1FF} - System32\Tasks\At30 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {D9A39236-24CC-45FD-BFC5-C0C9BC482421} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {DD92A53B-00C2-45B0-9684-A719EB3EBC34} - System32\Tasks\At10 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {ED03EC02-C86B-4B57-BEB9-7D186A88E85A} - System32\Tasks\At15 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {EF67B6D0-F5CF-49B0-8D5D-653CEB248D5B} - System32\Tasks\{136DCF48-1405-40A1-9591-D379BF2CAF90} => pcalua.exe -a "C:\Program Files (x86)\SilkroadOnline_GlobalOfficial_v1_403.exe" -d "C:\Program Files (x86)"
Task: {F5149501-547D-4158-A6D2-EC4796C7AFAC} - System32\Tasks\At14 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {F82ADA5E-9649-48EC-83C4-71CD6DD3FEEF} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {FCBC4A96-C28D-49C3-8F3C-CCE1224306D2} - System32\Tasks\At16 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => ?
Task: C:\Windows\Tasks\At10.job => ?
Task: C:\Windows\Tasks\At11.job => ?
Task: C:\Windows\Tasks\At12.job => ?
Task: C:\Windows\Tasks\At13.job => ?
Task: C:\Windows\Tasks\At14.job => ?
Task: C:\Windows\Tasks\At15.job => ?
Task: C:\Windows\Tasks\At16.job => ?
Task: C:\Windows\Tasks\At17.job => ?
Task: C:\Windows\Tasks\At18.job => ?
Task: C:\Windows\Tasks\At19.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At20.job => ?
Task: C:\Windows\Tasks\At21.job => ?
Task: C:\Windows\Tasks\At22.job => ?
Task: C:\Windows\Tasks\At23.job => ?
Task: C:\Windows\Tasks\At24.job => ?
Task: C:\Windows\Tasks\At25.job => ?
Task: C:\Windows\Tasks\At26.job => ?
Task: C:\Windows\Tasks\At27.job => ?
Task: C:\Windows\Tasks\At28.job => ?
Task: C:\Windows\Tasks\At29.job => ?
Task: C:\Windows\Tasks\At3.job => ?
Task: C:\Windows\Tasks\At30.job => ?
Task: C:\Windows\Tasks\At31.job => ?
Task: C:\Windows\Tasks\At32.job => ?
Task: C:\Windows\Tasks\At33.job => ?
Task: C:\Windows\Tasks\At34.job => ?
Task: C:\Windows\Tasks\At35.job => ?
Task: C:\Windows\Tasks\At36.job => ?
Task: C:\Windows\Tasks\At37.job => ?
Task: C:\Windows\Tasks\At38.job => ?
Task: C:\Windows\Tasks\At39.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At40.job => ?
Task: C:\Windows\Tasks\At41.job => ?
Task: C:\Windows\Tasks\At42.job => ?
Task: C:\Windows\Tasks\At43.job => ?
Task: C:\Windows\Tasks\At44.job => ?
Task: C:\Windows\Tasks\At45.job => ?
Task: C:\Windows\Tasks\At46.job => ?
Task: C:\Windows\Tasks\At47.job => ?
Task: C:\Windows\Tasks\At48.job => ?
Task: C:\Windows\Tasks\At5.job => ?
Task: C:\Windows\Tasks\At6.job => ?
Task: C:\Windows\Tasks\At7.job => ?
Task: C:\Windows\Tasks\At8.job => ?
Task: C:\Windows\Tasks\At9.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-10 05:37 - 2013-09-07 21:27 - 00327168 _____ () C:\Windows\system32\mswsock.dll
2010-06-14 21:46 - 2007-08-08 02:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2010-02-23 14:03 - 2010-02-23 14:03 - 01106864 _____ () C:\Program Files\Trend Micro\Internet Security\sqlite3.dll
2014-12-31 19:29 - 2014-12-31 16:27 - 00087208 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2010-01-04 19:43 - 2010-01-04 19:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2009-11-24 15:45 - 2009-11-24 15:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2008-10-01 01:02 - 2008-10-01 01:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-12-23 15:12 - 2009-12-23 15:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-18 21:11 - 2009-12-18 21:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-06-14 21:46 - 2007-03-09 20:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2010-06-14 21:53 - 2007-11-30 13:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2007-06-15 12:28 - 2007-06-15 12:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 18:52 - 2007-06-01 18:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-02 14:06 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2008-08-13 22:59 - 2008-08-13 22:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2010-06-14 21:44 - 2009-05-07 03:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-06-14 21:44 - 2009-05-07 03:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-06-14 21:44 - 2008-01-18 01:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-06-14 21:44 - 2009-09-15 22:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-12-31 19:29 - 2015-01-01 02:37 - 39577256 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2010-12-16 19:57 - 2010-12-16 19:57 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll
2009-11-02 16:20 - 2009-11-02 16:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 16:23 - 2009-11-02 16:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-12-31 19:29 - 2014-12-30 11:17 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2014-12-31 19:29 - 2014-12-30 11:17 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2014-12-31 19:29 - 2014-12-30 11:17 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2014-12-31 19:29 - 2014-12-15 21:02 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2009-09-23 13:07 - 2009-09-23 13:07 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2007-06-15 12:28 - 2007-06-15 12:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 19:08 - 2007-06-01 19:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-11 16:35 - 2014-12-05 20:50 - 01077064 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 16:35 - 2014-12-05 20:50 - 00211272 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 16:35 - 2014-12-05 20:50 - 09009480 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 16:35 - 2014-12-05 20:50 - 01677128 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: avPYOWQgOag.exe => C:\ProgramData\avPYOWQgOag.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: F.lux => "C:\Users\Ryan\Local Settings\Apps\F.lux\flux.exe" /noshow
MSCONFIG\startupreg: forfsync => rundll32 "C:\ProgramData\odbcHost64.dll",CreateProcessNotify
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: UfSeAgnt.exe => "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1451728270-2969058520-848758415-500 - Administrator - Disabled)
Guest (S-1-5-21-1451728270-2969058520-848758415-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1451728270-2969058520-848758415-1002 - Limited - Enabled)
Ryan (S-1-5-21-1451728270-2969058520-848758415-1001 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
 
System errors:
=============
Error: (01/08/2015 11:45:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (01/08/2015 11:43:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (01/08/2015 11:43:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (01/08/2015 11:43:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (01/08/2015 11:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Net.Tcp Port Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/08/2015 11:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Net.Tcp Listener Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/08/2015 11:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Net.Pipe Listener Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/08/2015 11:40:26 PM) (Source: WAS) (EventID: 5175) (User: )
Description: The listener adapter serving the 'net.pipe' protocol disconnected unexpectedly.
 
Error: (01/08/2015 11:40:25 PM) (Source: WAS) (EventID: 5175) (User: )
Description: The listener adapter serving the 'net.tcp' protocol disconnected unexpectedly.
 
Error: (01/08/2015 11:40:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (01/08/2015 11:39:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 67%
Total physical RAM: 4061.09 MB
Available physical RAM: 1300.08 MB
Total Pagefile: 8120.35 MB
Available Pagefile: 5008.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:196.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=446.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:06 PM

Posted 09 January 2015 - 12:29 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   59.91KB   7 downloads

 

 

Let me know how the machine is running now?


Edited by fireman4it, 09 January 2015 - 12:34 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 GuyGun

GuyGun
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 09 January 2015 - 01:18 AM

   Hello, I don't know if you received my PM or not, but after I ran the fix (the first one) and restarted, my computer failed to boot. Windows went into some system recovery and I believe went back to a previous restore point. Anyways, my computer feels the same, CPU usage still high and same symptoms. Do you want me to run the updated fixlist? Thanks for any help.



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:06 PM

Posted 09 January 2015 - 01:44 AM

yes use the updated list


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 GuyGun

GuyGun
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 09 January 2015 - 02:51 AM

Hello, after using the updated fixlist and restarting my computer failed to boot again. Windows used a restore point to fix it. I don't know if the fixlog is beneficial at this point but I'll post it below anyway.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Ryan at 2015-01-09 01:55:47 Run:2
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [Ryuvkcjkhoi] => C:\Windows\system32\regsvr32.exe /s "C:\Windows\TEMP\lcclokw.dll"
C:\Windows\TEMP\lcclokw.dll
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {0d0036b2-558f-11e0-83a1-485b398dea3c} - D:\setup.exe -a
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {b7da57dd-9b60-11e3-9182-485b398dea3c} - F:\VZW_Software_upgrade_assistant.exe
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
Toolbar: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
FF Extension: uTorrentControl_v2  - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013-09-14]
FF Extension: TopLine - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack.xpi [2012-07-15]
FF Extension: turkopticon - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{68d0652a-86ef-4c6a-89f4-808652357b2c}.xpi [2012-07-04]
FF Extension: Greasemonkey - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-24]
cmd: netsh winsock reset
CHR Extension: (unIISaleus) - C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej\ [2013-08-23]
CHR Extension: (unisaaeles) - C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh\ [2013-08-23]
C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej
C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-31] ()
R3 WinHttpAutoProxySvc; winhttp.dll [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
NETSVC: incdfs -> C:\Windows\system32\mcvsrte.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
C:\Windows\system32\mcvsrte.dll
2014-12-31 02:59 - 2014-12-31 04:12 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E09.HDTV.x264-LOL[ettv]
2014-12-31 02:57 - 2014-12-31 02:57 - 00016204 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e09.hdtv.x264.lol.ettv.torrent
2014-12-31 01:21 - 2014-12-31 01:41 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E08 HDTV XviD-FUM[ettv]
2014-12-31 01:21 - 2014-12-31 01:21 - 00028745 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e08.hdtv.xvid.fum.ettv.torrent
2014-12-30 00:13 - 2014-12-30 00:34 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E07.HDTV.x264-LOL[ettv]
2014-12-30 00:12 - 2014-12-30 00:12 - 00017250 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e07.hdtv.x264.lol.ettv.torrent
2014-12-29 21:37 - 2014-12-29 21:47 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E06.HDTV.x264-LOL[ettv]
2014-12-29 21:36 - 2014-12-29 21:36 - 00016954 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e06.hdtv.x264.lol.ettv.torrent
2014-12-29 15:06 - 2014-12-29 15:15 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E05 HDTV x264-LOL[ettv]
2014-12-29 15:05 - 2014-12-29 15:05 - 00016204 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e05.hdtv.x264.lol.ettv.torrent
2014-12-28 01:11 - 2014-12-29 00:19 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E04 HDTV x264-LOL[ettv]
2014-12-28 01:11 - 2014-12-28 01:11 - 00015498 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e04.hdtv.x264.lol.ettv.torrent
2014-12-27 23:47 - 2014-12-28 00:41 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E03 HDTV x264-LOL[ettv]
2014-12-27 23:46 - 2014-12-27 23:46 - 00016615 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e03.hdtv.x264.lol.ettv.torrent
2014-12-27 01:49 - 2014-12-27 01:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E02 HDTV x264-LOL[ettv]
2014-12-27 01:48 - 2014-12-27 01:48 - 00018398 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e02.hdtv.x264.lol.ettv.torrent
2014-12-27 01:48 - 2014-12-27 01:48 - 00000000 ____D () C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:46 - 2015-01-01 03:42 - 00000000 ____D () C:\Program Files (x86)\YOeutuubeuAdBluoocke
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:45 - 2014-12-27 01:45 - 00000000 ____D () C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej
2014-12-16 23:22 - 2014-12-17 00:34 - 00000000 ____D () C:\Users\Ryan\Downloads\The Walking Dead S5 1-8
2014-12-16 23:20 - 2014-12-16 23:20 - 00018206 _____ () C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.s5.1.8.torrent
2014-12-16 22:54 - 2014-12-16 22:55 - 00013573 _____ () C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.season.5.first.8.episodes.with.subtitles.torrent
2015-01-08 20:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At42.job
2015-01-08 20:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At41.job
2015-01-08 19:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At40.job
2015-01-08 19:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At39.job
2015-01-08 18:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At38.job
2015-01-08 18:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At37.job
2015-01-08 17:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At36.job
2015-01-08 17:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At35.job
2015-01-08 16:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At34.job
2015-01-08 16:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At33.job
2015-01-08 15:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At32.job
2015-01-08 15:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At31.job
2015-01-08 14:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At30.job
2015-01-08 14:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At29.job
2015-01-08 13:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At28.job
2015-01-08 13:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At27.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At8.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At26.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At24.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At22.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At20.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At18.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At16.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At14.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At12.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At10.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At9.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At7.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At25.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At23.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At21.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At19.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At17.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At15.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At13.job
2015-01-08 12:55 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At11.job
2015-01-08 02:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At6.job
2015-01-08 02:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At5.job
2015-01-08 01:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At4.job
2015-01-08 01:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At3.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At48.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At46.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At44.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At2.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At47.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At45.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At43.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At1.job
C:\Windows\System32\consrv.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\ProgramData\O4Ol0Glu.dat
C:\ProgramData\odbcHost64.dll
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
EmptyTemp:
C:\Users\Ryan\AppData\Local\Temp\05596eru0p11w4S1.dll
C:\Users\Ryan\AppData\Local\Temp\0AtJU3H08j7kIYj5.dll
C:\Users\Ryan\AppData\Local\Temp\0han9IqtiL4v1LGy.dll
C:\Users\Ryan\AppData\Local\Temp\0q4Efl4Xb3N460DN.dll
C:\Users\Ryan\AppData\Local\Temp\0R3Cuh2VoU82KcWR.dll
C:\Users\Ryan\AppData\Local\Temp\16RW2XHuevihdQDe.dll
C:\Users\Ryan\AppData\Local\Temp\1hB87W0z47619wcL.dll
C:\Users\Ryan\AppData\Local\Temp\1ixFGfQvu5ONuzON.dll
C:\Users\Ryan\AppData\Local\Temp\1QAKwa7TxxaN1toB.dll
C:\Users\Ryan\AppData\Local\Temp\20k8zzLeg55rp34J.dll
C:\Users\Ryan\AppData\Local\Temp\217z5p9amtwhmcF4.dll
C:\Users\Ryan\AppData\Local\Temp\2ayF2NrYv5cojV9a.dll
C:\Users\Ryan\AppData\Local\Temp\2clV425y48NanqFo.dll
C:\Users\Ryan\AppData\Local\Temp\2dY65R25gwCir6G1.dll
C:\Users\Ryan\AppData\Local\Temp\2Egsrr243md7kQJC.dll
C:\Users\Ryan\AppData\Local\Temp\2Y1c2gk03q226E9W.dll
C:\Users\Ryan\AppData\Local\Temp\388ReHQr11iSE6t9.dll
C:\Users\Ryan\AppData\Local\Temp\3A072xf3TSz85Bc6.dll
C:\Users\Ryan\AppData\Local\Temp\3i2N0vP3LRN3G61M.dll
C:\Users\Ryan\AppData\Local\Temp\3IRavuh8B62638mF.dll
C:\Users\Ryan\AppData\Local\Temp\3jhGn3p3mb4Nxr61.dll
C:\Users\Ryan\AppData\Local\Temp\3sLXLADZvUHh7D09.dll
C:\Users\Ryan\AppData\Local\Temp\3USe0qa64Szkj8wL.dll
C:\Users\Ryan\AppData\Local\Temp\40TdzDz589m7f18L.dll
C:\Users\Ryan\AppData\Local\Temp\41Y3JDxsdUS2px0Z.dll
C:\Users\Ryan\AppData\Local\Temp\430Et8462t3DTs4M.dll
C:\Users\Ryan\AppData\Local\Temp\4FA1196rUH9dEQrK.dll
C:\Users\Ryan\AppData\Local\Temp\4ZHN2b1d29QpD0Z5.dll
C:\Users\Ryan\AppData\Local\Temp\52dU8B31Vz0f041D.dll
C:\Users\Ryan\AppData\Local\Temp\58eUVcI5PBE8FRFP.dll
C:\Users\Ryan\AppData\Local\Temp\5d09IokO2ZDBr2c6.dll
C:\Users\Ryan\AppData\Local\Temp\5Jc07xDr2d6t23do.dll
C:\Users\Ryan\AppData\Local\Temp\69r4D43n5EH3Qjy6.dll
C:\Users\Ryan\AppData\Local\Temp\6l4mb003085T5R00.dll
C:\Users\Ryan\AppData\Local\Temp\6l9ewc8D92sooBI9.dll
C:\Users\Ryan\AppData\Local\Temp\6rLUGKXvk6g9518S.dll
C:\Users\Ryan\AppData\Local\Temp\748CRTfX418umi1r.dll
C:\Users\Ryan\AppData\Local\Temp\75kjrRNjO2R76nvy.dll
C:\Users\Ryan\AppData\Local\Temp\7615ZtIw5BW27Yo6.dll
C:\Users\Ryan\AppData\Local\Temp\7aLncqhS406OaP64.dll
C:\Users\Ryan\AppData\Local\Temp\7F3oIxKiBjs9ZwDG.dll
C:\Users\Ryan\AppData\Local\Temp\7qJr9QZt8E04pJ8Q.dll
C:\Users\Ryan\AppData\Local\Temp\7VDGWN832QRwh6Kv.dll
C:\Users\Ryan\AppData\Local\Temp\7vgs9ZCs6Ts4JJR4.dll
C:\Users\Ryan\AppData\Local\Temp\7ZacT7k5UTQxQp75.dll
C:\Users\Ryan\AppData\Local\Temp\815516k9Y1oihRN4.dll
C:\Users\Ryan\AppData\Local\Temp\86wazg4qxZ1u8dA8.dll
C:\Users\Ryan\AppData\Local\Temp\8CRtmlWV5yaM6mdJ.dll
C:\Users\Ryan\AppData\Local\Temp\8j4SXFQjPnafy7E3.dll
C:\Users\Ryan\AppData\Local\Temp\8K1J6DB3N26Xl6T5.dll
C:\Users\Ryan\AppData\Local\Temp\8pvmUzjrmzi169wv.dll
C:\Users\Ryan\AppData\Local\Temp\8UEVMK325g6y2121.dll
C:\Users\Ryan\AppData\Local\Temp\8VAOe2TgQ8mAKWkq.dll
C:\Users\Ryan\AppData\Local\Temp\91zd92O1mTgIALdh.dll
C:\Users\Ryan\AppData\Local\Temp\920OU0r4m5cWve83.dll
C:\Users\Ryan\AppData\Local\Temp\934E98Q8v79jGmJs.dll
C:\Users\Ryan\AppData\Local\Temp\9c81Kn80uiPsm724.dll
C:\Users\Ryan\AppData\Local\Temp\9gTQF2zl55hFKx9c.dll
C:\Users\Ryan\AppData\Local\Temp\9hA1z3d8bA7P7k0m.dll
C:\Users\Ryan\AppData\Local\Temp\9M26iZBeOLg2q874.dll
C:\Users\Ryan\AppData\Local\Temp\9P2A3r6cU3xBsuX9.dll
C:\Users\Ryan\AppData\Local\Temp\a2jEG2wk8MNgYx7v.dll
C:\Users\Ryan\AppData\Local\Temp\AmqGbLKX8jRB8Prg.dll
C:\Users\Ryan\AppData\Local\Temp\aN84P01nMY58137m.dll
C:\Users\Ryan\AppData\Local\Temp\au8NdmwAt09Bk7Yl.dll
C:\Users\Ryan\AppData\Local\Temp\Az5N80klXl52pM27.dll
C:\Users\Ryan\AppData\Local\Temp\B1uB9ojw2MZo6MBi.dll
C:\Users\Ryan\AppData\Local\Temp\b3y7iN629pE3n8Vo.dll
C:\Users\Ryan\AppData\Local\Temp\b40QKN5u86I3mh2S.dll
C:\Users\Ryan\AppData\Local\Temp\b5C99r4b0GcH8J6p.dll
C:\Users\Ryan\AppData\Local\Temp\bFfAs49A366DKVZo.dll
C:\Users\Ryan\AppData\Local\Temp\BVC7Qw7M3LzN22gu.dll
C:\Users\Ryan\AppData\Local\Temp\BxL26qf9Dl1U11r2.dll
C:\Users\Ryan\AppData\Local\Temp\By3JxmaojNUE2T1u.dll
C:\Users\Ryan\AppData\Local\Temp\C6uVAdho643h28za.dll
C:\Users\Ryan\AppData\Local\Temp\C9oWXZraSjhGOV9i.dll
C:\Users\Ryan\AppData\Local\Temp\CRs20A6uMGzmdGcv.dll
C:\Users\Ryan\AppData\Local\Temp\D9726JHh3B587ORy.dll
C:\Users\Ryan\AppData\Local\Temp\dv7NI0zdaxeI53E7.dll
C:\Users\Ryan\AppData\Local\Temp\e3G7cVuqh7w28K6k.dll
C:\Users\Ryan\AppData\Local\Temp\eesL2agMchLsDPeg.dll
C:\Users\Ryan\AppData\Local\Temp\EI1i5LquL9O8YtOZ.dll
C:\Users\Ryan\AppData\Local\Temp\El0RvWOX8D2q5sUf.dll
C:\Users\Ryan\AppData\Local\Temp\evM8HC46D5uSdw89.dll
C:\Users\Ryan\AppData\Local\Temp\F32Um5rksk3967sz.dll
C:\Users\Ryan\AppData\Local\Temp\FDQxtClPxIxc461s.dll
C:\Users\Ryan\AppData\Local\Temp\fm8O5335kwQG5aB5.dll
C:\Users\Ryan\AppData\Local\Temp\gfjUSb8lUbInQ1O7.dll
C:\Users\Ryan\AppData\Local\Temp\gMm5j6a9etfi2a9E.dll
C:\Users\Ryan\AppData\Local\Temp\gN8g86dF55OU1ctP.dll
C:\Users\Ryan\AppData\Local\Temp\GtQ77y8e3qV43n34.dll
C:\Users\Ryan\AppData\Local\Temp\H311Q6sC2UH23R06.dll
C:\Users\Ryan\AppData\Local\Temp\H9M30S6y4g2l7YoL.dll
C:\Users\Ryan\AppData\Local\Temp\hHk6U6x2cWD5b7nl.dll
C:\Users\Ryan\AppData\Local\Temp\HWIqy7644kVcIF7U.dll
C:\Users\Ryan\AppData\Local\Temp\hxkPLy6dli6wrJOC.dll
C:\Users\Ryan\AppData\Local\Temp\I11coWvf06JQt2hG.dll
C:\Users\Ryan\AppData\Local\Temp\i2Y6HRwBcZT43D8W.dll
C:\Users\Ryan\AppData\Local\Temp\i3FmRQg1KcLr63D8.dll
C:\Users\Ryan\AppData\Local\Temp\i82IUWw981xzqJ88.dll
C:\Users\Ryan\AppData\Local\Temp\iZ77KcWerqcYhH3i.dll
C:\Users\Ryan\AppData\Local\Temp\Jl8A2YsAwxSrZB1k.dll
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jutoldQaY53B3t1C.dll
C:\Users\Ryan\AppData\Local\Temp\k41V48P414u90gu8.dll
C:\Users\Ryan\AppData\Local\Temp\kBR6bvY3Sh9P29fo.dll
C:\Users\Ryan\AppData\Local\Temp\Ke16ifOibDWMtFCE.dll
C:\Users\Ryan\AppData\Local\Temp\KGG01P800Jo11xOQ.dll
C:\Users\Ryan\AppData\Local\Temp\kGK3wv7vbC9i9BAc.dll
C:\Users\Ryan\AppData\Local\Temp\LJTA48X97MFMp535.dll
C:\Users\Ryan\AppData\Local\Temp\ll7Yh71MfRMr1YzC.dll
C:\Users\Ryan\AppData\Local\Temp\M2s4Ezem7iSvjwRw.dll
C:\Users\Ryan\AppData\Local\Temp\M3G0UBz44LsPn9JU.dll
C:\Users\Ryan\AppData\Local\Temp\m45s9Daa1e2RC8pr.dll
C:\Users\Ryan\AppData\Local\Temp\MA46v358zxrJs1Dd.dll
C:\Users\Ryan\AppData\Local\Temp\MLeoCmOCt9sBA5g9.dll
C:\Users\Ryan\AppData\Local\Temp\Mmk2h5IrROVkW8yY.dll
C:\Users\Ryan\AppData\Local\Temp\mv3b4NeRDWMUI361.dll
C:\Users\Ryan\AppData\Local\Temp\Mvy5As65gV23hL0q.dll
C:\Users\Ryan\AppData\Local\Temp\N6ZD9uTkiDrt168L.dll
C:\Users\Ryan\AppData\Local\Temp\nHq0Lk1cWd1dDsQX.dll
C:\Users\Ryan\AppData\Local\Temp\OEL5rdM6s8mRP3zw.dll
C:\Users\Ryan\AppData\Local\Temp\OJhPEUcXl3j50v48.dll
C:\Users\Ryan\AppData\Local\Temp\oL7jNgrgFc1LaYsV.dll
C:\Users\Ryan\AppData\Local\Temp\osSqUrbaypPsZS0y.dll
C:\Users\Ryan\AppData\Local\Temp\P04nj0BuhQXY2V43.dll
C:\Users\Ryan\AppData\Local\Temp\p0u40Fn39GiXR6Wg.dll
C:\Users\Ryan\AppData\Local\Temp\pkz6Zu6g1tOpD5Rk.dll
C:\Users\Ryan\AppData\Local\Temp\PPNPCk9L8go7UQcY.dll
C:\Users\Ryan\AppData\Local\Temp\ppU28SU6UFcruh41.dll
C:\Users\Ryan\AppData\Local\Temp\pz65cYI3z2cOsaTo.dll
C:\Users\Ryan\AppData\Local\Temp\QH19pXMT664SEYSB.dll
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ryan\AppData\Local\Temp\qWL81EVrYA5lD852.dll
C:\Users\Ryan\AppData\Local\Temp\R3JnVVfLO86ISHE8.dll
C:\Users\Ryan\AppData\Local\Temp\R77M8829pTx75eCP.dll
C:\Users\Ryan\AppData\Local\Temp\rBUE1Tsitj6fyyvF.dll
C:\Users\Ryan\AppData\Local\Temp\rCXod24oH7CeO7EE.dll
C:\Users\Ryan\AppData\Local\Temp\rp0rlDf619105OiO.dll
C:\Users\Ryan\AppData\Local\Temp\RSRXUPbeHWZv6eZ4.dll
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ryan\AppData\Local\Temp\Sn5G6cIA98QC5Jb6.dll
C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
C:\Users\Ryan\AppData\Local\Temp\ss5xN2bU3ChjmIke.dll
C:\Users\Ryan\AppData\Local\Temp\SSOwXYg34Gu2Pa8o.dll
C:\Users\Ryan\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Ryan\AppData\Local\Temp\T6Y0aSV4xFHVhMa3.dll
C:\Users\Ryan\AppData\Local\Temp\T93rvl6g4I27oWeW.dll
C:\Users\Ryan\AppData\Local\Temp\te8Hj2PSOElMdmi2.dll
C:\Users\Ryan\AppData\Local\Temp\TEXsIaV5Irg3jOau.dll
C:\Users\Ryan\AppData\Local\Temp\Tf0OBF5u838eqe9l.dll
C:\Users\Ryan\AppData\Local\Temp\tgSbhk0upiX7UE80.dll
C:\Users\Ryan\AppData\Local\Temp\UBw9fb1Y1iZus5gL.dll
C:\Users\Ryan\AppData\Local\Temp\uF7uqBxT66QzgxNV.dll
C:\Users\Ryan\AppData\Local\Temp\uGQ8kKTF7ejb4N6R.dll
C:\Users\Ryan\AppData\Local\Temp\uLNb6Pn2xQmG1mb6.dll
C:\Users\Ryan\AppData\Local\Temp\uNhC382V8shIV665.dll
C:\Users\Ryan\AppData\Local\Temp\UQE7L51ww11fvUs0.dll
C:\Users\Ryan\AppData\Local\Temp\v0cQ2XcB0Tp5RE02.dll
C:\Users\Ryan\AppData\Local\Temp\Vh1dx0GUK2Ie8yn9.dll
C:\Users\Ryan\AppData\Local\Temp\w2Y9yEBRQnBC3K3X.dll
C:\Users\Ryan\AppData\Local\Temp\wieVi8Sg3WP3uaT9.dll
C:\Users\Ryan\AppData\Local\Temp\wPW17GMuV8SXiQ59.dll
C:\Users\Ryan\AppData\Local\Temp\X54qvSvm92pfPCuj.dll
C:\Users\Ryan\AppData\Local\Temp\xcywH68sx4EOYuGc.dll
C:\Users\Ryan\AppData\Local\Temp\xXT6PRoA2Yw7o8xB.dll
C:\Users\Ryan\AppData\Local\Temp\y1PD668d59fYVMAT.dll
C:\Users\Ryan\AppData\Local\Temp\Y924QX9mi4BOBsPw.dll
C:\Users\Ryan\AppData\Local\Temp\YD6y6lL7PmlrPp86.dll
C:\Users\Ryan\AppData\Local\Temp\Yn6091Hbp3j21fJ9.dll
C:\Users\Ryan\AppData\Local\Temp\yPjj4Qa82218U6K1.dll
C:\Users\Ryan\AppData\Local\Temp\Yrw0D543Oe7LkA1F.dll
C:\Users\Ryan\AppData\Local\Temp\YSu6zS5hb0TWjb04.dll
C:\Users\Ryan\AppData\Local\Temp\yxmj785I5Y87070x.dll
C:\Users\Ryan\AppData\Local\Temp\z6oqGz8ss0T1oP52.dll
C:\Users\Ryan\AppData\Local\Temp\z7uBNhO8bO8JLAO0.dll
C:\Users\Ryan\AppData\Local\Temp\Z8HT5iOlKA45ahK0.dll
C:\Users\Ryan\AppData\Local\Temp\Zg4RNo6H3aW30e70.dll
C:\Users\Ryan\AppData\Local\Temp\zI3vAR93SSYDpVwv.dll
C:\Users\Ryan\AppData\Local\Temp\Zm8z1QT0w5prvP01.dll
C:\Users\Ryan\AppData\Local\Temp\ZndTk2p7pdorrG2P.dll
C:\Users\Ryan\AppData\Local\Temp\Zvw19O9o114iKITp.dll
C:\Users\Ryan\AppData\Local\Temp\zZEmOwDH8E73eXp6.dll
DeleteJunctionsIndirectory: C:\Windows\system64
R2 incdfs; C:\Windows\system32\mcvsrte.dll [6656 2009-07-13] (Oak Technology Inc.) [File not signed]
Task: {00217407-F410-4FCF-A5F6-19CA22A8769D} - System32\Tasks\At18 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {054E76ED-F598-42BF-81BA-2AF38518942C} - System32\Tasks\At22 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {0B832A70-8997-4A07-9812-41604DAF45F4} - System32\Tasks\At33 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {0F256C72-B130-4B26-BE66-12310EFFD98D} - System32\Tasks\At25 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {10B0FC57-B1E5-49B8-BB20-1615D49752AF} - System32\Tasks\At23 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {11B5D21A-E56A-4C54-A122-F442816840E9} - System32\Tasks\At36 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {25DFC395-5FEB-4ADB-8B2C-AB1BBD2ADEF5} - System32\Tasks\At21 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {2650FF7A-3CE9-47C0-A51D-A02514A6C2E0} - System32\Tasks\At27 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {29650289-3C8D-4F8B-B328-85B668E3904A} - System32\Tasks\At48 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {34C3BA6F-8BB5-44B7-82DA-DA3119A40AF7} - System32\Tasks\At9 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {38ED3C4B-9644-4E42-98DB-10BCFA1C48FA} - System32\Tasks\At7 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {3AEF73E7-63A3-40DC-8B93-BE77599C0F7B} - System32\Tasks\At19 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {4494368B-7030-4309-827D-5B0BB5D384C7} - System32\Tasks\At2 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {44982330-D4C7-4F7F-968A-ECD114AB8DD3} - System32\Tasks\At29 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {498E3DE2-EB7E-4C06-B072-E762A6439BDC} - System32\Tasks\At31 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {4B6B73AF-4476-4EDD-8008-A9BE499A5763} - System32\Tasks\At46 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {539AB19B-C222-496C-ADBE-9F0B2D8EA235} - System32\Tasks\At13 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {54D84887-9747-4056-821E-C9AFD3E3FFDB} - System32\Tasks\At3 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {58DCF5A0-E5B7-4127-927C-4931C8301403} - System32\Tasks\At34 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5C5D2567-3A0C-4AD5-A29F-092A7B97A891} - System32\Tasks\At44 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5DFA52A2-0B67-4525-99E0-D640DA79A4C9} - System32\Tasks\At1 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5F524282-6D49-4E8A-8BC3-483F5D5A2459} - System32\Tasks\At28 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5F9E08B1-43A3-4282-A17A-FA680C12A079} - System32\Tasks\At8 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6376A557-3B8F-4EA4-96D8-3DBEE0B9A3FF} - System32\Tasks\At40 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {64E5C6BA-9355-4651-A856-40BC9BBD4416} - System32\Tasks\At35 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {68081B1E-3D94-4A21-BC51-566D938B811E} - System32\Tasks\At45 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {68A07868-C00B-4403-A8BC-415AD0990CBF} - System32\Tasks\At41 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6E7442EE-0BAC-4F82-B5EA-D8EA374BD1FF} - System32\Tasks\At39 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6EE03B75-A6CD-44DF-A030-F5CE449B0489} - System32\Tasks\At20 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {8A42BC69-77CF-4D7D-9CEB-761F51443D02} - System32\Tasks\At4 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {98BFDE1F-8383-4E26-9BF7-52D3C5607033} - System32\Tasks\At47 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {9FCF0CF0-3A68-45F0-B8AA-0CF6A5A0E33F} - System32\Tasks\At43 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {A594F16C-8E5F-4AB3-B79B-03F38AEF85A1} - System32\Tasks\At42 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {A5C7D1BE-9D76-4C4D-9A2E-D05C74D9AD2E} - System32\Tasks\At11 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {AF1D11F7-284B-4EEF-AA53-81921779EDB5} - System32\Tasks\At17 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {B426ED23-991E-4114-921A-CFC099B0CE32} - System32\Tasks\At26 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {B6F873B1-4668-46D6-B261-3A7DFFB72BAB} - System32\Tasks\At12 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {C41FD112-5424-4FF2-8F4B-E0B9546C094B} - System32\Tasks\At37 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {C44965DB-FB60-4AA1-A5E3-673B8550A5EF} - System32\Tasks\At32 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {C597DEAC-444E-45DE-B860-65430DF61DDC} - System32\Tasks\At5 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {CAC3A799-2951-43AD-9757-42F180D95FD7} - System32\Tasks\At38 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {CB9698B5-E5CA-49BE-93B7-F1F7AD1FEEAB} - System32\Tasks\At6 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {CDFD6661-A2DF-49DD-BF33-88214D7132AB} - System32\Tasks\At24 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {D689F337-1E11-4CB3-A117-B1A804C7F1FF} - System32\Tasks\At30 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {DD92A53B-00C2-45B0-9684-A719EB3EBC34} - System32\Tasks\At10 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {ED03EC02-C86B-4B57-BEB9-7D186A88E85A} - System32\Tasks\At15 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {F5149501-547D-4158-A6D2-EC4796C7AFAC} - System32\Tasks\At14 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {FCBC4A96-C28D-49C3-8F3C-CCE1224306D2} - System32\Tasks\At16 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => ?
Task: C:\Windows\Tasks\At10.job => ?
Task: C:\Windows\Tasks\At11.job => ?
Task: C:\Windows\Tasks\At12.job => ?
Task: C:\Windows\Tasks\At13.job => ?
Task: C:\Windows\Tasks\At14.job => ?
Task: C:\Windows\Tasks\At15.job => ?
Task: C:\Windows\Tasks\At16.job => ?
Task: C:\Windows\Tasks\At17.job => ?
Task: C:\Windows\Tasks\At18.job => ?
Task: C:\Windows\Tasks\At19.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At20.job => ?
Task: C:\Windows\Tasks\At21.job => ?
Task: C:\Windows\Tasks\At22.job => ?
Task: C:\Windows\Tasks\At23.job => ?
Task: C:\Windows\Tasks\At24.job => ?
Task: C:\Windows\Tasks\At25.job => ?
Task: C:\Windows\Tasks\At26.job => ?
Task: C:\Windows\Tasks\At27.job => ?
Task: C:\Windows\Tasks\At28.job => ?
Task: C:\Windows\Tasks\At29.job => ?
Task: C:\Windows\Tasks\At3.job => ?
Task: C:\Windows\Tasks\At30.job => ?
Task: C:\Windows\Tasks\At31.job => ?
Task: C:\Windows\Tasks\At32.job => ?
Task: C:\Windows\Tasks\At33.job => ?
Task: C:\Windows\Tasks\At34.job => ?
Task: C:\Windows\Tasks\At35.job => ?
Task: C:\Windows\Tasks\At36.job => ?
Task: C:\Windows\Tasks\At37.job => ?
Task: C:\Windows\Tasks\At38.job => ?
Task: C:\Windows\Tasks\At39.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At40.job => ?
Task: C:\Windows\Tasks\At41.job => ?
Task: C:\Windows\Tasks\At42.job => ?
Task: C:\Windows\Tasks\At43.job => ?
Task: C:\Windows\Tasks\At44.job => ?
Task: C:\Windows\Tasks\At45.job => ?
Task: C:\Windows\Tasks\At46.job => ?
Task: C:\Windows\Tasks\At47.job => ?
Task: C:\Windows\Tasks\At48.job => ?
Task: C:\Windows\Tasks\At5.job => ?
Task: C:\Windows\Tasks\At6.job => ?
Task: C:\Windows\Tasks\At7.job => ?
Task: C:\Windows\Tasks\At8.job => ?
Task: C:\Windows\Tasks\At9.job => ?
C:\ProgramData\avPYOWQgOag.exe
 
 
 
 
 
 
 
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ryuvkcjkhoi => value deleted successfully.
"C:\Windows\TEMP\lcclokw.dll" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TaskTray => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1451728270-2969058520-848758415-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d0036b2-558f-11e0-83a1-485b398dea3c}" => Key deleted successfully.
HKCR\CLSID\{0d0036b2-558f-11e0-83a1-485b398dea3c} => Key not found. 
"HKU\S-1-5-21-1451728270-2969058520-848758415-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7da57dd-9b60-11e3-9182-485b398dea3c}" => Key deleted successfully.
HKCR\CLSID\{b7da57dd-9b60-11e3-9182-485b398dea3c} => Key not found. 
HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\\Windows => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKU\S-1-5-21-1451728270-2969058520-848758415-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}" => Key deleted successfully.
HKCR\CLSID\{180780f0-b348-4b44-8210-94a8f3ee15b2} => Key not found. 
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AEA3991E-3109-4C98-989E-33994FEB1A91}" => Key deleted successfully.
"HKCR\CLSID\{AEA3991E-3109-4C98-989E-33994FEB1A91}" => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} not found.
C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack.xpi not found.
C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{68d0652a-86ef-4c6a-89f4-808652357b2c}.xpi not found.
C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi not found.
 
=========  netsh winsock reset =========
 
'netsh' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej\ => Moved successfully.
C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh\ => Moved successfully.
"C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej" => File/Directory not found.
"C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh" => File/Directory not found.
Verifies and fixes application compatibility issues => Unable to stop service
Verifies and fixes application compatibility issues => Service deleted successfully.
WinHttpAutoProxySvc => Service deleted successfully.
EagleX64 => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
X6va022 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs incdfs => Deleted successfully.
C:\Windows\system32\mcvsrte.dll => Moved successfully.
C:\Users\Ryan\Downloads\Supernatural.S10E09.HDTV.x264-LOL[ettv] => Moved successfully.
"C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e09.hdtv.x264.lol.ettv.torrent" => File/Directory not found.
"C:\Users\Ryan\Downloads\Supernatural S10E08 HDTV XviD-FUM[ettv]" => File/Directory not found.
"C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e08.hdtv.xvid.fum.ettv.torrent" => File/Directory not found.
C:\Users\Ryan\Downloads\Supernatural.S10E07.HDTV.x264-LOL[ettv] => Moved successfully.
"C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e07.hdtv.x264.lol.ettv.torrent" => File/Directory not found.
C:\Users\Ryan\Downloads\Supernatural.S10E06.HDTV.x264-LOL[ettv] => Moved successfully.
"C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e06.hdtv.x264.lol.ettv.torrent" => File/Directory not found.
"C:\Users\Ryan\Downloads\Supernatural S10E05 HDTV x264-LOL[ettv]" => File/Directory not found.
"C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e05.hdtv.x264.lol.ettv.torrent" => File/Directory not found.
"C:\Users\Ryan\Downloads\Supernatural S10E04 HDTV x264-LOL[ettv]" => File/Directory not found.
"C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e04.hdtv.x264.lol.ettv.torrent" => File/Directory not found.
"C:\Users\Ryan\Downloads\Supernatural S10E03 HDTV x264-LOL[ettv]" => File/Directory not found.
"C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e03.hdtv.x264.lol.ettv.torrent" => File/Directory not found.
"C:\Users\Ryan\Downloads\Supernatural S10E02 HDTV x264-LOL[ettv]" => File/Directory not found.
"C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e02.hdtv.x264.lol.ettv.torrent" => File/Directory not found.
C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54 => Moved successfully.
"C:\Program Files (x86)\YOeutuubeuAdBluoocke" => File/Directory not found.
"C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh" => File/Directory not found.
C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54 => Moved successfully.
"C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej" => File/Directory not found.
"C:\Users\Ryan\Downloads\The Walking Dead S5 1-8" => File/Directory not found.
"C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.s5.1.8.torrent" => File/Directory not found.
"C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.season.5.first.8.episodes.with.subtitles.torrent" => File/Directory not found.
C:\Windows\Tasks\At42.job => Moved successfully.
C:\Windows\Tasks\At41.job => Moved successfully.
C:\Windows\Tasks\At40.job => Moved successfully.
C:\Windows\Tasks\At39.job => Moved successfully.
C:\Windows\Tasks\At38.job => Moved successfully.
C:\Windows\Tasks\At37.job => Moved successfully.
C:\Windows\Tasks\At36.job => Moved successfully.
C:\Windows\Tasks\At35.job => Moved successfully.
C:\Windows\Tasks\At34.job => Moved successfully.
C:\Windows\Tasks\At33.job => Moved successfully.
C:\Windows\Tasks\At32.job => Moved successfully.
C:\Windows\Tasks\At31.job => Moved successfully.
C:\Windows\Tasks\At30.job => Moved successfully.
C:\Windows\Tasks\At29.job => Moved successfully.
C:\Windows\Tasks\At28.job => Moved successfully.
C:\Windows\Tasks\At27.job => Moved successfully.
C:\Windows\Tasks\At8.job => Moved successfully.
C:\Windows\Tasks\At26.job => Moved successfully.
C:\Windows\Tasks\At24.job => Moved successfully.
C:\Windows\Tasks\At22.job => Moved successfully.
C:\Windows\Tasks\At20.job => Moved successfully.
C:\Windows\Tasks\At18.job => Moved successfully.
C:\Windows\Tasks\At16.job => Moved successfully.
C:\Windows\Tasks\At14.job => Moved successfully.
C:\Windows\Tasks\At12.job => Moved successfully.
C:\Windows\Tasks\At10.job => Moved successfully.
C:\Windows\Tasks\At9.job => Moved successfully.
C:\Windows\Tasks\At7.job => Moved successfully.
C:\Windows\Tasks\At25.job => Moved successfully.
C:\Windows\Tasks\At23.job => Moved successfully.
C:\Windows\Tasks\At21.job => Moved successfully.
C:\Windows\Tasks\At19.job => Moved successfully.
C:\Windows\Tasks\At17.job => Moved successfully.
C:\Windows\Tasks\At15.job => Moved successfully.
C:\Windows\Tasks\At13.job => Moved successfully.
C:\Windows\Tasks\At11.job => Moved successfully.
C:\Windows\Tasks\At6.job => Moved successfully.
C:\Windows\Tasks\At5.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At48.job => Moved successfully.
C:\Windows\Tasks\At46.job => Moved successfully.
C:\Windows\Tasks\At44.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At47.job => Moved successfully.
C:\Windows\Tasks\At45.job => Moved successfully.
C:\Windows\Tasks\At43.job => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\System32\consrv.dll => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
"C:\ProgramData\O4Ol0Glu.dat" => File/Directory not found.
C:\ProgramData\odbcHost64.dll => Moved successfully.
"C:\Windows\Tasks\At1.job" => File/Directory not found.
"C:\Windows\Tasks\At10.job" => File/Directory not found.
"C:\Windows\Tasks\At11.job" => File/Directory not found.
"C:\Windows\Tasks\At12.job" => File/Directory not found.
"C:\Windows\Tasks\At13.job" => File/Directory not found.
"C:\Windows\Tasks\At14.job" => File/Directory not found.
"C:\Windows\Tasks\At15.job" => File/Directory not found.
"C:\Windows\Tasks\At16.job" => File/Directory not found.
"C:\Windows\Tasks\At17.job" => File/Directory not found.
"C:\Windows\Tasks\At18.job" => File/Directory not found.
"C:\Windows\Tasks\At19.job" => File/Directory not found.
"C:\Windows\Tasks\At2.job" => File/Directory not found.
"C:\Windows\Tasks\At20.job" => File/Directory not found.
"C:\Windows\Tasks\At21.job" => File/Directory not found.
"C:\Windows\Tasks\At22.job" => File/Directory not found.
"C:\Windows\Tasks\At23.job" => File/Directory not found.
"C:\Windows\Tasks\At24.job" => File/Directory not found.
"C:\Windows\Tasks\At25.job" => File/Directory not found.
"C:\Windows\Tasks\At26.job" => File/Directory not found.
"C:\Windows\Tasks\At27.job" => File/Directory not found.
"C:\Windows\Tasks\At28.job" => File/Directory not found.
"C:\Windows\Tasks\At29.job" => File/Directory not found.
"C:\Windows\Tasks\At3.job" => File/Directory not found.
"C:\Windows\Tasks\At30.job" => File/Directory not found.
"C:\Windows\Tasks\At31.job" => File/Directory not found.
"C:\Windows\Tasks\At32.job" => File/Directory not found.
"C:\Windows\Tasks\At33.job" => File/Directory not found.
"C:\Windows\Tasks\At34.job" => File/Directory not found.
"C:\Windows\Tasks\At35.job" => File/Directory not found.
"C:\Windows\Tasks\At36.job" => File/Directory not found.
"C:\Windows\Tasks\At37.job" => File/Directory not found.
"C:\Windows\Tasks\At38.job" => File/Directory not found.
"C:\Windows\Tasks\At39.job" => File/Directory not found.
"C:\Windows\Tasks\At4.job" => File/Directory not found.
"C:\Windows\Tasks\At40.job" => File/Directory not found.
"C:\Windows\Tasks\At41.job" => File/Directory not found.
"C:\Windows\Tasks\At42.job" => File/Directory not found.
"C:\Windows\Tasks\At43.job" => File/Directory not found.
"C:\Windows\Tasks\At44.job" => File/Directory not found.
"C:\Windows\Tasks\At45.job" => File/Directory not found.
"C:\Windows\Tasks\At46.job" => File/Directory not found.
"C:\Windows\Tasks\At47.job" => File/Directory not found.
"C:\Windows\Tasks\At48.job" => File/Directory not found.
"C:\Windows\Tasks\At5.job" => File/Directory not found.
"C:\Windows\Tasks\At6.job" => File/Directory not found.
"C:\Windows\Tasks\At7.job" => File/Directory not found.
"C:\Windows\Tasks\At8.job" => File/Directory not found.
"C:\Windows\Tasks\At9.job" => File/Directory not found.
C:\Users\Ryan\AppData\Local\Temp\05596eru0p11w4S1.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\0AtJU3H08j7kIYj5.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\0han9IqtiL4v1LGy.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\0q4Efl4Xb3N460DN.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\0R3Cuh2VoU82KcWR.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\16RW2XHuevihdQDe.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\1hB87W0z47619wcL.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\1ixFGfQvu5ONuzON.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\1QAKwa7TxxaN1toB.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\20k8zzLeg55rp34J.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\217z5p9amtwhmcF4.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\2ayF2NrYv5cojV9a.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\2clV425y48NanqFo.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\2dY65R25gwCir6G1.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\2Egsrr243md7kQJC.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\2Y1c2gk03q226E9W.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\388ReHQr11iSE6t9.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\3A072xf3TSz85Bc6.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\3i2N0vP3LRN3G61M.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\3IRavuh8B62638mF.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\3jhGn3p3mb4Nxr61.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\3sLXLADZvUHh7D09.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\3USe0qa64Szkj8wL.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\40TdzDz589m7f18L.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\41Y3JDxsdUS2px0Z.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\430Et8462t3DTs4M.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\4FA1196rUH9dEQrK.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\4ZHN2b1d29QpD0Z5.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\52dU8B31Vz0f041D.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\58eUVcI5PBE8FRFP.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\5d09IokO2ZDBr2c6.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\5Jc07xDr2d6t23do.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\69r4D43n5EH3Qjy6.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\6l4mb003085T5R00.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\6l9ewc8D92sooBI9.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\6rLUGKXvk6g9518S.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\748CRTfX418umi1r.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\75kjrRNjO2R76nvy.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\7615ZtIw5BW27Yo6.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\7aLncqhS406OaP64.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\7F3oIxKiBjs9ZwDG.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\7qJr9QZt8E04pJ8Q.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\7VDGWN832QRwh6Kv.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\7vgs9ZCs6Ts4JJR4.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\7ZacT7k5UTQxQp75.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\815516k9Y1oihRN4.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\86wazg4qxZ1u8dA8.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\8CRtmlWV5yaM6mdJ.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\8j4SXFQjPnafy7E3.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\8K1J6DB3N26Xl6T5.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\8pvmUzjrmzi169wv.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\8UEVMK325g6y2121.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\8VAOe2TgQ8mAKWkq.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\91zd92O1mTgIALdh.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\920OU0r4m5cWve83.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\934E98Q8v79jGmJs.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\9c81Kn80uiPsm724.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\9gTQF2zl55hFKx9c.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\9hA1z3d8bA7P7k0m.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\9M26iZBeOLg2q874.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\9P2A3r6cU3xBsuX9.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\a2jEG2wk8MNgYx7v.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\AmqGbLKX8jRB8Prg.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\aN84P01nMY58137m.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\au8NdmwAt09Bk7Yl.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Az5N80klXl52pM27.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\B1uB9ojw2MZo6MBi.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\b3y7iN629pE3n8Vo.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\b40QKN5u86I3mh2S.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\b5C99r4b0GcH8J6p.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\bFfAs49A366DKVZo.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\BVC7Qw7M3LzN22gu.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\BxL26qf9Dl1U11r2.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\By3JxmaojNUE2T1u.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\C6uVAdho643h28za.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\C9oWXZraSjhGOV9i.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\CRs20A6uMGzmdGcv.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\D9726JHh3B587ORy.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\dv7NI0zdaxeI53E7.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\e3G7cVuqh7w28K6k.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\eesL2agMchLsDPeg.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\EI1i5LquL9O8YtOZ.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\El0RvWOX8D2q5sUf.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\evM8HC46D5uSdw89.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\F32Um5rksk3967sz.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\FDQxtClPxIxc461s.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\fm8O5335kwQG5aB5.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\gfjUSb8lUbInQ1O7.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\gMm5j6a9etfi2a9E.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\gN8g86dF55OU1ctP.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\GtQ77y8e3qV43n34.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\H311Q6sC2UH23R06.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\H9M30S6y4g2l7YoL.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\hHk6U6x2cWD5b7nl.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\HWIqy7644kVcIF7U.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\hxkPLy6dli6wrJOC.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\I11coWvf06JQt2hG.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\i2Y6HRwBcZT43D8W.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\i3FmRQg1KcLr63D8.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\i82IUWw981xzqJ88.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\iZ77KcWerqcYhH3i.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Jl8A2YsAwxSrZB1k.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\jutoldQaY53B3t1C.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\k41V48P414u90gu8.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\kBR6bvY3Sh9P29fo.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Ke16ifOibDWMtFCE.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\KGG01P800Jo11xOQ.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\kGK3wv7vbC9i9BAc.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\LJTA48X97MFMp535.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\ll7Yh71MfRMr1YzC.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\M2s4Ezem7iSvjwRw.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\M3G0UBz44LsPn9JU.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\m45s9Daa1e2RC8pr.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\MA46v358zxrJs1Dd.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\MLeoCmOCt9sBA5g9.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Mmk2h5IrROVkW8yY.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\mv3b4NeRDWMUI361.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Mvy5As65gV23hL0q.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\N6ZD9uTkiDrt168L.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\nHq0Lk1cWd1dDsQX.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\OEL5rdM6s8mRP3zw.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\OJhPEUcXl3j50v48.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\oL7jNgrgFc1LaYsV.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\osSqUrbaypPsZS0y.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\P04nj0BuhQXY2V43.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\p0u40Fn39GiXR6Wg.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\pkz6Zu6g1tOpD5Rk.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\PPNPCk9L8go7UQcY.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\ppU28SU6UFcruh41.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\pz65cYI3z2cOsaTo.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\QH19pXMT664SEYSB.dll => Moved successfully.
"C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
C:\Users\Ryan\AppData\Local\Temp\qWL81EVrYA5lD852.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\R3JnVVfLO86ISHE8.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\R77M8829pTx75eCP.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\rBUE1Tsitj6fyyvF.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\rCXod24oH7CeO7EE.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\rp0rlDf619105OiO.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\RSRXUPbeHWZv6eZ4.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Sn5G6cIA98QC5Jb6.dll => Moved successfully.
"C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
C:\Users\Ryan\AppData\Local\Temp\ss5xN2bU3ChjmIke.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\SSOwXYg34Gu2Pa8o.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\T6Y0aSV4xFHVhMa3.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\T93rvl6g4I27oWeW.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\te8Hj2PSOElMdmi2.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\TEXsIaV5Irg3jOau.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Tf0OBF5u838eqe9l.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\tgSbhk0upiX7UE80.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\UBw9fb1Y1iZus5gL.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\uF7uqBxT66QzgxNV.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\uGQ8kKTF7ejb4N6R.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\uLNb6Pn2xQmG1mb6.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\uNhC382V8shIV665.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\UQE7L51ww11fvUs0.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\v0cQ2XcB0Tp5RE02.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Vh1dx0GUK2Ie8yn9.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\w2Y9yEBRQnBC3K3X.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\wieVi8Sg3WP3uaT9.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\wPW17GMuV8SXiQ59.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\X54qvSvm92pfPCuj.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\xcywH68sx4EOYuGc.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\xXT6PRoA2Yw7o8xB.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\y1PD668d59fYVMAT.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Y924QX9mi4BOBsPw.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\YD6y6lL7PmlrPp86.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Yn6091Hbp3j21fJ9.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\yPjj4Qa82218U6K1.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Yrw0D543Oe7LkA1F.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\YSu6zS5hb0TWjb04.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\yxmj785I5Y87070x.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\z6oqGz8ss0T1oP52.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\z7uBNhO8bO8JLAO0.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Z8HT5iOlKA45ahK0.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Zg4RNo6H3aW30e70.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\zI3vAR93SSYDpVwv.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Zm8z1QT0w5prvP01.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\ZndTk2p7pdorrG2P.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Zvw19O9o114iKITp.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\zZEmOwDH8E73eXp6.dll => Moved successfully.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.
incdfs => Service stopped successfully.
incdfs => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00217407-F410-4FCF-A5F6-19CA22A8769D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00217407-F410-4FCF-A5F6-19CA22A8769D}" => Key deleted successfully.
C:\Windows\System32\Tasks\At18 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{054E76ED-F598-42BF-81BA-2AF38518942C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{054E76ED-F598-42BF-81BA-2AF38518942C}" => Key deleted successfully.
C:\Windows\System32\Tasks\At22 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B832A70-8997-4A07-9812-41604DAF45F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B832A70-8997-4A07-9812-41604DAF45F4}" => Key deleted successfully.
C:\Windows\System32\Tasks\At33 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At33" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F256C72-B130-4B26-BE66-12310EFFD98D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F256C72-B130-4B26-BE66-12310EFFD98D}" => Key deleted successfully.
C:\Windows\System32\Tasks\At25 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At25" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10B0FC57-B1E5-49B8-BB20-1615D49752AF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10B0FC57-B1E5-49B8-BB20-1615D49752AF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At23 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11B5D21A-E56A-4C54-A122-F442816840E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11B5D21A-E56A-4C54-A122-F442816840E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At36 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25DFC395-5FEB-4ADB-8B2C-AB1BBD2ADEF5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25DFC395-5FEB-4ADB-8B2C-AB1BBD2ADEF5}" => Key deleted successfully.
C:\Windows\System32\Tasks\At21 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2650FF7A-3CE9-47C0-A51D-A02514A6C2E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2650FF7A-3CE9-47C0-A51D-A02514A6C2E0}" => Key deleted successfully.
C:\Windows\System32\Tasks\At27 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At27" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29650289-3C8D-4F8B-B328-85B668E3904A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29650289-3C8D-4F8B-B328-85B668E3904A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At48 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34C3BA6F-8BB5-44B7-82DA-DA3119A40AF7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34C3BA6F-8BB5-44B7-82DA-DA3119A40AF7}" => Key deleted successfully.
C:\Windows\System32\Tasks\At9 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38ED3C4B-9644-4E42-98DB-10BCFA1C48FA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38ED3C4B-9644-4E42-98DB-10BCFA1C48FA}" => Key deleted successfully.
C:\Windows\System32\Tasks\At7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AEF73E7-63A3-40DC-8B93-BE77599C0F7B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AEF73E7-63A3-40DC-8B93-BE77599C0F7B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At19 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4494368B-7030-4309-827D-5B0BB5D384C7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4494368B-7030-4309-827D-5B0BB5D384C7}" => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44982330-D4C7-4F7F-968A-ECD114AB8DD3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44982330-D4C7-4F7F-968A-ECD114AB8DD3}" => Key deleted successfully.
C:\Windows\System32\Tasks\At29 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At29" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{498E3DE2-EB7E-4C06-B072-E762A6439BDC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{498E3DE2-EB7E-4C06-B072-E762A6439BDC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At31 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At31" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B6B73AF-4476-4EDD-8008-A9BE499A5763}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B6B73AF-4476-4EDD-8008-A9BE499A5763}" => Key deleted successfully.
C:\Windows\System32\Tasks\At46 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At46" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{539AB19B-C222-496C-ADBE-9F0B2D8EA235}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{539AB19B-C222-496C-ADBE-9F0B2D8EA235}" => Key deleted successfully.
C:\Windows\System32\Tasks\At13 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54D84887-9747-4056-821E-C9AFD3E3FFDB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54D84887-9747-4056-821E-C9AFD3E3FFDB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58DCF5A0-E5B7-4127-927C-4931C8301403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58DCF5A0-E5B7-4127-927C-4931C8301403}" => Key deleted successfully.
C:\Windows\System32\Tasks\At34 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C5D2567-3A0C-4AD5-A29F-092A7B97A891}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C5D2567-3A0C-4AD5-A29F-092A7B97A891}" => Key deleted successfully.
C:\Windows\System32\Tasks\At44 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At44" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DFA52A2-0B67-4525-99E0-D640DA79A4C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DFA52A2-0B67-4525-99E0-D640DA79A4C9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F524282-6D49-4E8A-8BC3-483F5D5A2459}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F524282-6D49-4E8A-8BC3-483F5D5A2459}" => Key deleted successfully.
C:\Windows\System32\Tasks\At28 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F9E08B1-43A3-4282-A17A-FA680C12A079}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F9E08B1-43A3-4282-A17A-FA680C12A079}" => Key deleted successfully.
C:\Windows\System32\Tasks\At8 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6376A557-3B8F-4EA4-96D8-3DBEE0B9A3FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6376A557-3B8F-4EA4-96D8-3DBEE0B9A3FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At40 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64E5C6BA-9355-4651-A856-40BC9BBD4416}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64E5C6BA-9355-4651-A856-40BC9BBD4416}" => Key deleted successfully.
C:\Windows\System32\Tasks\At35 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At35" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68081B1E-3D94-4A21-BC51-566D938B811E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68081B1E-3D94-4A21-BC51-566D938B811E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At45 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At45" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68A07868-C00B-4403-A8BC-415AD0990CBF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A07868-C00B-4403-A8BC-415AD0990CBF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At41 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E7442EE-0BAC-4F82-B5EA-D8EA374BD1FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E7442EE-0BAC-4F82-B5EA-D8EA374BD1FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At39 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At39" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EE03B75-A6CD-44DF-A030-F5CE449B0489}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EE03B75-A6CD-44DF-A030-F5CE449B0489}" => Key deleted successfully.
C:\Windows\System32\Tasks\At20 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A42BC69-77CF-4D7D-9CEB-761F51443D02}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A42BC69-77CF-4D7D-9CEB-761F51443D02}" => Key deleted successfully.
C:\Windows\System32\Tasks\At4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98BFDE1F-8383-4E26-9BF7-52D3C5607033}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98BFDE1F-8383-4E26-9BF7-52D3C5607033}" => Key deleted successfully.
C:\Windows\System32\Tasks\At47 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At47" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FCF0CF0-3A68-45F0-B8AA-0CF6A5A0E33F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FCF0CF0-3A68-45F0-B8AA-0CF6A5A0E33F}" => Key deleted successfully.
C:\Windows\System32\Tasks\At43 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At43" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A594F16C-8E5F-4AB3-B79B-03F38AEF85A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A594F16C-8E5F-4AB3-B79B-03F38AEF85A1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At42 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At42" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5C7D1BE-9D76-4C4D-9A2E-D05C74D9AD2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5C7D1BE-9D76-4C4D-9A2E-D05C74D9AD2E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF1D11F7-284B-4EEF-AA53-81921779EDB5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF1D11F7-284B-4EEF-AA53-81921779EDB5}" => Key deleted successfully.
C:\Windows\System32\Tasks\At17 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B426ED23-991E-4114-921A-CFC099B0CE32}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B426ED23-991E-4114-921A-CFC099B0CE32}" => Key deleted successfully.
C:\Windows\System32\Tasks\At26 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At26" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6F873B1-4668-46D6-B261-3A7DFFB72BAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6F873B1-4668-46D6-B261-3A7DFFB72BAB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At12 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C41FD112-5424-4FF2-8F4B-E0B9546C094B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C41FD112-5424-4FF2-8F4B-E0B9546C094B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At37 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At37" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C44965DB-FB60-4AA1-A5E3-673B8550A5EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C44965DB-FB60-4AA1-A5E3-673B8550A5EF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At32 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At32" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C597DEAC-444E-45DE-B860-65430DF61DDC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C597DEAC-444E-45DE-B860-65430DF61DDC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAC3A799-2951-43AD-9757-42F180D95FD7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAC3A799-2951-43AD-9757-42F180D95FD7}" => Key deleted successfully.
C:\Windows\System32\Tasks\At38 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At38" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB9698B5-E5CA-49BE-93B7-F1F7AD1FEEAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9698B5-E5CA-49BE-93B7-F1F7AD1FEEAB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDFD6661-A2DF-49DD-BF33-88214D7132AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDFD6661-A2DF-49DD-BF33-88214D7132AB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At24 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D689F337-1E11-4CB3-A117-B1A804C7F1FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D689F337-1E11-4CB3-A117-B1A804C7F1FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At30 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD92A53B-00C2-45B0-9684-A719EB3EBC34}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD92A53B-00C2-45B0-9684-A719EB3EBC34}" => Key deleted successfully.
C:\Windows\System32\Tasks\At10 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED03EC02-C86B-4B57-BEB9-7D186A88E85A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED03EC02-C86B-4B57-BEB9-7D186A88E85A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At15 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5149501-547D-4158-A6D2-EC4796C7AFAC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5149501-547D-4158-A6D2-EC4796C7AFAC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At14 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCBC4A96-C28D-49C3-8F3C-CCE1224306D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCBC4A96-C28D-49C3-8F3C-CCE1224306D2}" => Key deleted successfully.
C:\Windows\System32\Tasks\At16 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16" => Key deleted successfully.
C:\Windows\Tasks\At1.job not found.
C:\Windows\Tasks\At10.job not found.
C:\Windows\Tasks\At11.job not found.
C:\Windows\Tasks\At12.job not found.
C:\Windows\Tasks\At13.job not found.
C:\Windows\Tasks\At14.job not found.
C:\Windows\Tasks\At15.job not found.
C:\Windows\Tasks\At16.job not found.
C:\Windows\Tasks\At17.job not found.
C:\Windows\Tasks\At18.job not found.
C:\Windows\Tasks\At19.job not found.
C:\Windows\Tasks\At2.job not found.
C:\Windows\Tasks\At20.job not found.
C:\Windows\Tasks\At21.job not found.
C:\Windows\Tasks\At22.job not found.
C:\Windows\Tasks\At23.job not found.
C:\Windows\Tasks\At24.job not found.
C:\Windows\Tasks\At25.job not found.
C:\Windows\Tasks\At26.job not found.
C:\Windows\Tasks\At27.job not found.
C:\Windows\Tasks\At28.job not found.
C:\Windows\Tasks\At29.job not found.
C:\Windows\Tasks\At3.job not found.
C:\Windows\Tasks\At30.job not found.
C:\Windows\Tasks\At31.job not found.
C:\Windows\Tasks\At32.job not found.
C:\Windows\Tasks\At33.job not found.
C:\Windows\Tasks\At34.job not found.
C:\Windows\Tasks\At35.job not found.
C:\Windows\Tasks\At36.job not found.
C:\Windows\Tasks\At37.job not found.
C:\Windows\Tasks\At38.job not found.
C:\Windows\Tasks\At39.job not found.
C:\Windows\Tasks\At4.job not found.
C:\Windows\Tasks\At40.job not found.
C:\Windows\Tasks\At41.job not found.
C:\Windows\Tasks\At42.job not found.
C:\Windows\Tasks\At43.job not found.
C:\Windows\Tasks\At44.job not found.
C:\Windows\Tasks\At45.job not found.
C:\Windows\Tasks\At46.job not found.
C:\Windows\Tasks\At47.job not found.
C:\Windows\Tasks\At48.job not found.
C:\Windows\Tasks\At5.job not found.
C:\Windows\Tasks\At6.job not found.
C:\Windows\Tasks\At7.job not found.
C:\Windows\Tasks\At8.job not found.
C:\Windows\Tasks\At9.job not found.
"C:\ProgramData\avPYOWQgOag.exe" => File/Directory not found.
EmptyTemp: => Removed 645 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 02:00:14 ====


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:06 PM

Posted 09 January 2015 - 08:33 AM

Please run FRST as you did the forst time you ran it and post the FRST.txt?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 GuyGun

GuyGun
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 09 January 2015 - 09:52 AM

Hello, here is a new FRST.txt.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Ryan (administrator) on RYAN-PC on 09-01-2015 09:43:38
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files\010\duuwysugju32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\Temp\db21.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
() C:\Windows\Temp\db21.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [65309168 2012-10-11] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [610776 2012-12-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Ryuvkcjkhoi] => C:\Windows\system32\regsvr32.exe /s "C:\Windows\TEMP\lcclokw.dll"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2010-12-16] (AOL Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe [3303000 2011-11-17] (Akamai Technologies, Inc)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-25] (Google Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {0d0036b2-558f-11e0-83a1-485b398dea3c} - D:\setup.exe -a
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {b7da57dd-9b60-11e3-9182-485b398dea3c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate09072013
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://asus.msn.com
URLSearchHook: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A6775F7C-C096-4A0D-9CAF-C9A78F38C57B}: [NameServer] 4.2.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default
FF SelectedSearchEngine: uTorrentControl_v2 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN26823413642493690&UM=false&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @livecode.runrev.com/LiveCode Player;version=1 -> C:\Users\Ryan\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll ()
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll (Tamarack Software, Inc.)
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
FF Extension: MaskMe - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\idme@abine.com [2014-11-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-01-06]
FF HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (uTorrentControl_v2) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2015-01-09]
CHR Extension: (Xfinity) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-07-15]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Ryan\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
S2 CouponarificService64; C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed]
R2 duuwysugju32; C:\Program Files\010\duuwysugju32.exe [682992 2014-12-01] ()
R2 incdfs; C:\Windows\system32\mcvsrte.dll [6656 2009-07-13] (Oak Technology Inc.) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1270744 2012-12-03] (Cisco Systems, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859640 2010-02-23] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-31] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-24] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: incdfs -> C:\Windows\system32\mcvsrte.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 09:43 - 2015-01-09 09:46 - 00029460 _____ () C:\Users\Ryan\Desktop\FRST.txt
2015-01-09 09:43 - 2015-01-09 09:43 - 00000000 ____D () C:\Users\Ryan\Desktop\FRST-OlderVersion
2015-01-09 09:42 - 2015-01-09 09:42 - 00000000 ____D () C:\Users\Ryan\Desktop\olds
2015-01-09 01:06 - 2015-01-09 01:06 - 00000000 ____D () C:\Program Files\Couponarific
2015-01-08 23:52 - 2015-01-08 23:54 - 00000000 ____D () C:\Users\Ryan\Desktop\Backups
2015-01-08 23:34 - 2015-01-08 23:40 - 00000000 ____D () C:\AdwCleaner
2015-01-08 22:10 - 2015-01-08 22:10 - 00026536 _____ () C:\Users\Ryan\Desktop\dds.txt
2015-01-08 22:10 - 2015-01-08 22:10 - 00002831 _____ () C:\Users\Ryan\Desktop\attach.txt
2015-01-05 22:10 - 2015-01-09 09:43 - 00000000 ____D () C:\FRST
2015-01-05 22:08 - 2015-01-09 09:43 - 02124288 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2015-01-05 18:25 - 2015-01-05 18:25 - 00000000 ____D () C:\zoek_backup
2015-01-05 18:23 - 2015-01-05 18:23 - 01295360 _____ () C:\Users\Ryan\Desktop\zoek.exe
2015-01-05 16:44 - 2015-01-05 16:44 - 03514358 _____ () C:\Users\Ryan\Desktop\WVCheck.exe
2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\MGADiagToolOutput
2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-01-05 16:39 - 2015-01-05 16:39 - 02031992 _____ (Microsoft Corporation) C:\Users\Ryan\Desktop\MGADiag.exe
2015-01-05 16:37 - 2015-01-05 16:37 - 00025088 _____ () C:\Users\Ryan\Desktop\codecheck.exe
2015-01-05 16:19 - 2015-01-09 05:10 - 00000000 ____D () C:\Users\Ryan\Desktop\S
2015-01-05 15:27 - 2015-01-05 15:27 - 00468480 _____ () C:\Users\Ryan\Desktop\CKScanner.exe
2015-01-02 02:17 - 2015-01-02 02:17 - 00688992 ____R (Swearware) C:\Users\Ryan\Desktop\dds.scr
2015-01-01 19:55 - 2015-01-01 19:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online.exe
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-01-01 02:52 - 2015-01-01 14:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 02:51 - 2015-01-01 02:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 02:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 02:51 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-31 19:29 - 2015-01-09 02:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2014-12-31 19:29 - 2015-01-09 02:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-31 02:59 - 2015-01-09 05:11 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E09.HDTV.x264-LOL[ettv]
2014-12-30 00:13 - 2015-01-09 05:11 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E07.HDTV.x264-LOL[ettv]
2014-12-29 21:37 - 2015-01-09 05:11 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E06.HDTV.x264-LOL[ettv]
2014-12-27 01:48 - 2015-01-09 05:11 - 00000000 ____D () C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:46 - 2015-01-09 05:11 - 00000000 ____D () C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh
2014-12-27 01:46 - 2015-01-09 05:11 - 00000000 ____D () C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:46 - 2015-01-09 04:03 - 00000000 ____D () C:\ProgramData\5558131108867548629
2014-12-27 01:46 - 2015-01-09 04:03 - 00000000 ____D () C:\Program Files\010
2014-12-27 01:45 - 2015-01-09 05:11 - 00000000 ____D () C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej
2014-12-14 23:33 - 2014-12-14 23:33 - 00883712 _____ () C:\Users\Ryan\Downloads\Chap020.ppt
2014-12-11 11:45 - 2014-12-11 11:45 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 09:42 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 09:42 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 09:38 - 2012-08-25 12:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At8.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At18.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At16.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At14.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At12.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At10.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At9.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At7.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At17.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At15.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At13.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At11.job
2015-01-09 09:38 - 2010-06-14 21:18 - 01477440 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 05:11 - 2014-07-10 01:57 - 00000000 ____D () C:\Users\DefaultAppPool
2015-01-09 05:11 - 2012-05-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-09 05:11 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-09 05:11 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-09 05:11 - 2010-06-14 21:53 - 00000000 ____D () C:\ProgramData\P4G
2015-01-09 05:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-09 05:08 - 2010-08-31 21:13 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Mozilla
2015-01-09 04:03 - 2012-12-03 20:56 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-01-09 04:03 - 2011-11-27 22:18 - 00000000 ____D () C:\ProgramData\PC Drivers HeadQuarters
2015-01-09 04:03 - 2011-11-27 22:16 - 00000000 ____D () C:\Program Files (x86)\PC Drivers HeadQuarters
2015-01-09 04:03 - 2011-08-17 09:22 - 00000000 ____D () C:\Program Files (x86)\Driver-Soft
2015-01-09 04:03 - 2011-04-24 23:20 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Toolbar
2015-01-09 03:15 - 2011-11-15 20:59 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Akamai
2015-01-09 02:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At6.job
2015-01-09 02:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At5.job
2015-01-09 02:22 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 02:22 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 02:13 - 2010-08-30 05:42 - 00000000 ____D () C:\Users\Ryan
2015-01-09 02:12 - 2012-12-29 14:09 - 00222568 _____ () C:\Windows\setupact.log
2015-01-09 02:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 01:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At4.job
2015-01-08 01:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At3.job
2015-01-08 01:33 - 2012-08-25 12:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001Core.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At48.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At46.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At44.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At2.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At47.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At45.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At43.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At1.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At42.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At40.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At38.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At36.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At34.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At32.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At30.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At41.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At39.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At37.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At35.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At33.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At31.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At29.job
2015-01-07 13:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At28.job
2015-01-07 13:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At27.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At26.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At24.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At22.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At20.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At25.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At23.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At21.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At19.job
2015-01-01 14:41 - 2013-01-14 10:00 - 00277542 _____ () C:\Windows\PFRO.log
2015-01-01 14:40 - 2013-01-13 02:25 - 00000000 ____D () C:\Users\Ryan\AppData\Local\PMB Files
2015-01-01 14:19 - 2010-12-27 22:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2015-01-01 14:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-01 02:53 - 2012-09-05 20:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-01 02:52 - 2012-09-05 20:55 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
2015-01-01 02:51 - 2012-09-05 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 02:10 - 2010-06-14 21:53 - 00001254 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-31 03:54 - 2012-12-03 20:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\uTorrent
2014-12-14 23:33 - 2012-12-19 17:56 - 00308736 ___SH () C:\Users\Ryan\Downloads\Thumbs.db
2014-12-12 01:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 16:35 - 2012-08-25 12:23 - 00002362 _____ () C:\Users\Ryan\Desktop\Google Chrome.lnk
2014-12-11 11:54 - 2009-07-14 00:13 - 00866832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 11:49 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-11 11:47 - 2012-06-12 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 11:45 - 2014-04-30 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 11:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 09:45 - 2011-04-24 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
ZeroAccess:
C:\Windows\System32\consrv.dll
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
C:\ProgramData\odbcHost64.dll
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
 
 
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\05596eru0p11w4S1.dll
C:\Users\Ryan\AppData\Local\Temp\0AtJU3H08j7kIYj5.dll
C:\Users\Ryan\AppData\Local\Temp\0han9IqtiL4v1LGy.dll
C:\Users\Ryan\AppData\Local\Temp\0q4Efl4Xb3N460DN.dll
C:\Users\Ryan\AppData\Local\Temp\0R3Cuh2VoU82KcWR.dll
C:\Users\Ryan\AppData\Local\Temp\16RW2XHuevihdQDe.dll
C:\Users\Ryan\AppData\Local\Temp\1hB87W0z47619wcL.dll
C:\Users\Ryan\AppData\Local\Temp\1ixFGfQvu5ONuzON.dll
C:\Users\Ryan\AppData\Local\Temp\1QAKwa7TxxaN1toB.dll
C:\Users\Ryan\AppData\Local\Temp\20k8zzLeg55rp34J.dll
C:\Users\Ryan\AppData\Local\Temp\217z5p9amtwhmcF4.dll
C:\Users\Ryan\AppData\Local\Temp\2ayF2NrYv5cojV9a.dll
C:\Users\Ryan\AppData\Local\Temp\2clV425y48NanqFo.dll
C:\Users\Ryan\AppData\Local\Temp\2dY65R25gwCir6G1.dll
C:\Users\Ryan\AppData\Local\Temp\2Egsrr243md7kQJC.dll
C:\Users\Ryan\AppData\Local\Temp\2Y1c2gk03q226E9W.dll
C:\Users\Ryan\AppData\Local\Temp\388ReHQr11iSE6t9.dll
C:\Users\Ryan\AppData\Local\Temp\3A072xf3TSz85Bc6.dll
C:\Users\Ryan\AppData\Local\Temp\3i2N0vP3LRN3G61M.dll
C:\Users\Ryan\AppData\Local\Temp\3IRavuh8B62638mF.dll
C:\Users\Ryan\AppData\Local\Temp\3jhGn3p3mb4Nxr61.dll
C:\Users\Ryan\AppData\Local\Temp\3sLXLADZvUHh7D09.dll
C:\Users\Ryan\AppData\Local\Temp\3USe0qa64Szkj8wL.dll
C:\Users\Ryan\AppData\Local\Temp\40TdzDz589m7f18L.dll
C:\Users\Ryan\AppData\Local\Temp\41Y3JDxsdUS2px0Z.dll
C:\Users\Ryan\AppData\Local\Temp\430Et8462t3DTs4M.dll
C:\Users\Ryan\AppData\Local\Temp\4FA1196rUH9dEQrK.dll
C:\Users\Ryan\AppData\Local\Temp\4ZHN2b1d29QpD0Z5.dll
C:\Users\Ryan\AppData\Local\Temp\52dU8B31Vz0f041D.dll
C:\Users\Ryan\AppData\Local\Temp\58eUVcI5PBE8FRFP.dll
C:\Users\Ryan\AppData\Local\Temp\5d09IokO2ZDBr2c6.dll
C:\Users\Ryan\AppData\Local\Temp\5Jc07xDr2d6t23do.dll
C:\Users\Ryan\AppData\Local\Temp\69r4D43n5EH3Qjy6.dll
C:\Users\Ryan\AppData\Local\Temp\6l4mb003085T5R00.dll
C:\Users\Ryan\AppData\Local\Temp\6l9ewc8D92sooBI9.dll
C:\Users\Ryan\AppData\Local\Temp\6rLUGKXvk6g9518S.dll
C:\Users\Ryan\AppData\Local\Temp\748CRTfX418umi1r.dll
C:\Users\Ryan\AppData\Local\Temp\75kjrRNjO2R76nvy.dll
C:\Users\Ryan\AppData\Local\Temp\7615ZtIw5BW27Yo6.dll
C:\Users\Ryan\AppData\Local\Temp\7aLncqhS406OaP64.dll
C:\Users\Ryan\AppData\Local\Temp\7F3oIxKiBjs9ZwDG.dll
C:\Users\Ryan\AppData\Local\Temp\7qJr9QZt8E04pJ8Q.dll
C:\Users\Ryan\AppData\Local\Temp\7VDGWN832QRwh6Kv.dll
C:\Users\Ryan\AppData\Local\Temp\7vgs9ZCs6Ts4JJR4.dll
C:\Users\Ryan\AppData\Local\Temp\7ZacT7k5UTQxQp75.dll
C:\Users\Ryan\AppData\Local\Temp\815516k9Y1oihRN4.dll
C:\Users\Ryan\AppData\Local\Temp\86wazg4qxZ1u8dA8.dll
C:\Users\Ryan\AppData\Local\Temp\8CRtmlWV5yaM6mdJ.dll
C:\Users\Ryan\AppData\Local\Temp\8j4SXFQjPnafy7E3.dll
C:\Users\Ryan\AppData\Local\Temp\8K1J6DB3N26Xl6T5.dll
C:\Users\Ryan\AppData\Local\Temp\8pvmUzjrmzi169wv.dll
C:\Users\Ryan\AppData\Local\Temp\8UEVMK325g6y2121.dll
C:\Users\Ryan\AppData\Local\Temp\8VAOe2TgQ8mAKWkq.dll
C:\Users\Ryan\AppData\Local\Temp\91zd92O1mTgIALdh.dll
C:\Users\Ryan\AppData\Local\Temp\920OU0r4m5cWve83.dll
C:\Users\Ryan\AppData\Local\Temp\934E98Q8v79jGmJs.dll
C:\Users\Ryan\AppData\Local\Temp\9c81Kn80uiPsm724.dll
C:\Users\Ryan\AppData\Local\Temp\9gTQF2zl55hFKx9c.dll
C:\Users\Ryan\AppData\Local\Temp\9hA1z3d8bA7P7k0m.dll
C:\Users\Ryan\AppData\Local\Temp\9M26iZBeOLg2q874.dll
C:\Users\Ryan\AppData\Local\Temp\9P2A3r6cU3xBsuX9.dll
C:\Users\Ryan\AppData\Local\Temp\a2jEG2wk8MNgYx7v.dll
C:\Users\Ryan\AppData\Local\Temp\AmqGbLKX8jRB8Prg.dll
C:\Users\Ryan\AppData\Local\Temp\aN84P01nMY58137m.dll
C:\Users\Ryan\AppData\Local\Temp\au8NdmwAt09Bk7Yl.dll
C:\Users\Ryan\AppData\Local\Temp\Az5N80klXl52pM27.dll
C:\Users\Ryan\AppData\Local\Temp\B1uB9ojw2MZo6MBi.dll
C:\Users\Ryan\AppData\Local\Temp\b3y7iN629pE3n8Vo.dll
C:\Users\Ryan\AppData\Local\Temp\b40QKN5u86I3mh2S.dll
C:\Users\Ryan\AppData\Local\Temp\b5C99r4b0GcH8J6p.dll
C:\Users\Ryan\AppData\Local\Temp\bFfAs49A366DKVZo.dll
C:\Users\Ryan\AppData\Local\Temp\BVC7Qw7M3LzN22gu.dll
C:\Users\Ryan\AppData\Local\Temp\BxL26qf9Dl1U11r2.dll
C:\Users\Ryan\AppData\Local\Temp\By3JxmaojNUE2T1u.dll
C:\Users\Ryan\AppData\Local\Temp\C6uVAdho643h28za.dll
C:\Users\Ryan\AppData\Local\Temp\C9oWXZraSjhGOV9i.dll
C:\Users\Ryan\AppData\Local\Temp\CRs20A6uMGzmdGcv.dll
C:\Users\Ryan\AppData\Local\Temp\D9726JHh3B587ORy.dll
C:\Users\Ryan\AppData\Local\Temp\dv7NI0zdaxeI53E7.dll
C:\Users\Ryan\AppData\Local\Temp\e3G7cVuqh7w28K6k.dll
C:\Users\Ryan\AppData\Local\Temp\eesL2agMchLsDPeg.dll
C:\Users\Ryan\AppData\Local\Temp\EI1i5LquL9O8YtOZ.dll
C:\Users\Ryan\AppData\Local\Temp\El0RvWOX8D2q5sUf.dll
C:\Users\Ryan\AppData\Local\Temp\evM8HC46D5uSdw89.dll
C:\Users\Ryan\AppData\Local\Temp\F32Um5rksk3967sz.dll
C:\Users\Ryan\AppData\Local\Temp\FDQxtClPxIxc461s.dll
C:\Users\Ryan\AppData\Local\Temp\fm8O5335kwQG5aB5.dll
C:\Users\Ryan\AppData\Local\Temp\gfjUSb8lUbInQ1O7.dll
C:\Users\Ryan\AppData\Local\Temp\gMm5j6a9etfi2a9E.dll
C:\Users\Ryan\AppData\Local\Temp\gN8g86dF55OU1ctP.dll
C:\Users\Ryan\AppData\Local\Temp\GtQ77y8e3qV43n34.dll
C:\Users\Ryan\AppData\Local\Temp\H311Q6sC2UH23R06.dll
C:\Users\Ryan\AppData\Local\Temp\H9M30S6y4g2l7YoL.dll
C:\Users\Ryan\AppData\Local\Temp\hHk6U6x2cWD5b7nl.dll
C:\Users\Ryan\AppData\Local\Temp\HWIqy7644kVcIF7U.dll
C:\Users\Ryan\AppData\Local\Temp\hxkPLy6dli6wrJOC.dll
C:\Users\Ryan\AppData\Local\Temp\I11coWvf06JQt2hG.dll
C:\Users\Ryan\AppData\Local\Temp\i2Y6HRwBcZT43D8W.dll
C:\Users\Ryan\AppData\Local\Temp\i3FmRQg1KcLr63D8.dll
C:\Users\Ryan\AppData\Local\Temp\i82IUWw981xzqJ88.dll
C:\Users\Ryan\AppData\Local\Temp\iZ77KcWerqcYhH3i.dll
C:\Users\Ryan\AppData\Local\Temp\Jl8A2YsAwxSrZB1k.dll
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jutoldQaY53B3t1C.dll
C:\Users\Ryan\AppData\Local\Temp\k41V48P414u90gu8.dll
C:\Users\Ryan\AppData\Local\Temp\kBR6bvY3Sh9P29fo.dll
C:\Users\Ryan\AppData\Local\Temp\Ke16ifOibDWMtFCE.dll
C:\Users\Ryan\AppData\Local\Temp\KGG01P800Jo11xOQ.dll
C:\Users\Ryan\AppData\Local\Temp\kGK3wv7vbC9i9BAc.dll
C:\Users\Ryan\AppData\Local\Temp\LJTA48X97MFMp535.dll
C:\Users\Ryan\AppData\Local\Temp\ll7Yh71MfRMr1YzC.dll
C:\Users\Ryan\AppData\Local\Temp\M2s4Ezem7iSvjwRw.dll
C:\Users\Ryan\AppData\Local\Temp\M3G0UBz44LsPn9JU.dll
C:\Users\Ryan\AppData\Local\Temp\m45s9Daa1e2RC8pr.dll
C:\Users\Ryan\AppData\Local\Temp\MA46v358zxrJs1Dd.dll
C:\Users\Ryan\AppData\Local\Temp\MLeoCmOCt9sBA5g9.dll
C:\Users\Ryan\AppData\Local\Temp\Mmk2h5IrROVkW8yY.dll
C:\Users\Ryan\AppData\Local\Temp\mv3b4NeRDWMUI361.dll
C:\Users\Ryan\AppData\Local\Temp\Mvy5As65gV23hL0q.dll
C:\Users\Ryan\AppData\Local\Temp\N6ZD9uTkiDrt168L.dll
C:\Users\Ryan\AppData\Local\Temp\nHq0Lk1cWd1dDsQX.dll
C:\Users\Ryan\AppData\Local\Temp\OEL5rdM6s8mRP3zw.dll
C:\Users\Ryan\AppData\Local\Temp\OJhPEUcXl3j50v48.dll
C:\Users\Ryan\AppData\Local\Temp\oL7jNgrgFc1LaYsV.dll
C:\Users\Ryan\AppData\Local\Temp\osSqUrbaypPsZS0y.dll
C:\Users\Ryan\AppData\Local\Temp\P04nj0BuhQXY2V43.dll
C:\Users\Ryan\AppData\Local\Temp\p0u40Fn39GiXR6Wg.dll
C:\Users\Ryan\AppData\Local\Temp\pkz6Zu6g1tOpD5Rk.dll
C:\Users\Ryan\AppData\Local\Temp\PPNPCk9L8go7UQcY.dll
C:\Users\Ryan\AppData\Local\Temp\ppU28SU6UFcruh41.dll
C:\Users\Ryan\AppData\Local\Temp\pz65cYI3z2cOsaTo.dll
C:\Users\Ryan\AppData\Local\Temp\QH19pXMT664SEYSB.dll
C:\Users\Ryan\AppData\Local\Temp\qWL81EVrYA5lD852.dll
C:\Users\Ryan\AppData\Local\Temp\R3JnVVfLO86ISHE8.dll
C:\Users\Ryan\AppData\Local\Temp\R77M8829pTx75eCP.dll
C:\Users\Ryan\AppData\Local\Temp\rBUE1Tsitj6fyyvF.dll
C:\Users\Ryan\AppData\Local\Temp\rCXod24oH7CeO7EE.dll
C:\Users\Ryan\AppData\Local\Temp\rp0rlDf619105OiO.dll
C:\Users\Ryan\AppData\Local\Temp\RSRXUPbeHWZv6eZ4.dll
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ryan\AppData\Local\Temp\Sn5G6cIA98QC5Jb6.dll
C:\Users\Ryan\AppData\Local\Temp\ss5xN2bU3ChjmIke.dll
C:\Users\Ryan\AppData\Local\Temp\SSOwXYg34Gu2Pa8o.dll
C:\Users\Ryan\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Ryan\AppData\Local\Temp\T6Y0aSV4xFHVhMa3.dll
C:\Users\Ryan\AppData\Local\Temp\T93rvl6g4I27oWeW.dll
C:\Users\Ryan\AppData\Local\Temp\te8Hj2PSOElMdmi2.dll
C:\Users\Ryan\AppData\Local\Temp\TEXsIaV5Irg3jOau.dll
C:\Users\Ryan\AppData\Local\Temp\Tf0OBF5u838eqe9l.dll
C:\Users\Ryan\AppData\Local\Temp\tgSbhk0upiX7UE80.dll
C:\Users\Ryan\AppData\Local\Temp\UBw9fb1Y1iZus5gL.dll
C:\Users\Ryan\AppData\Local\Temp\uF7uqBxT66QzgxNV.dll
C:\Users\Ryan\AppData\Local\Temp\uGQ8kKTF7ejb4N6R.dll
C:\Users\Ryan\AppData\Local\Temp\uLNb6Pn2xQmG1mb6.dll
C:\Users\Ryan\AppData\Local\Temp\uNhC382V8shIV665.dll
C:\Users\Ryan\AppData\Local\Temp\UQE7L51ww11fvUs0.dll
C:\Users\Ryan\AppData\Local\Temp\v0cQ2XcB0Tp5RE02.dll
C:\Users\Ryan\AppData\Local\Temp\Vh1dx0GUK2Ie8yn9.dll
C:\Users\Ryan\AppData\Local\Temp\w2Y9yEBRQnBC3K3X.dll
C:\Users\Ryan\AppData\Local\Temp\wieVi8Sg3WP3uaT9.dll
C:\Users\Ryan\AppData\Local\Temp\wPW17GMuV8SXiQ59.dll
C:\Users\Ryan\AppData\Local\Temp\X54qvSvm92pfPCuj.dll
C:\Users\Ryan\AppData\Local\Temp\xcywH68sx4EOYuGc.dll
C:\Users\Ryan\AppData\Local\Temp\xXT6PRoA2Yw7o8xB.dll
C:\Users\Ryan\AppData\Local\Temp\y1PD668d59fYVMAT.dll
C:\Users\Ryan\AppData\Local\Temp\Y924QX9mi4BOBsPw.dll
C:\Users\Ryan\AppData\Local\Temp\YD6y6lL7PmlrPp86.dll
C:\Users\Ryan\AppData\Local\Temp\Yn6091Hbp3j21fJ9.dll
C:\Users\Ryan\AppData\Local\Temp\yPjj4Qa82218U6K1.dll
C:\Users\Ryan\AppData\Local\Temp\Yrw0D543Oe7LkA1F.dll
C:\Users\Ryan\AppData\Local\Temp\YSu6zS5hb0TWjb04.dll
C:\Users\Ryan\AppData\Local\Temp\yxmj785I5Y87070x.dll
C:\Users\Ryan\AppData\Local\Temp\z6oqGz8ss0T1oP52.dll
C:\Users\Ryan\AppData\Local\Temp\z7uBNhO8bO8JLAO0.dll
C:\Users\Ryan\AppData\Local\Temp\Z8HT5iOlKA45ahK0.dll
C:\Users\Ryan\AppData\Local\Temp\Zg4RNo6H3aW30e70.dll
C:\Users\Ryan\AppData\Local\Temp\zI3vAR93SSYDpVwv.dll
C:\Users\Ryan\AppData\Local\Temp\Zm8z1QT0w5prvP01.dll
C:\Users\Ryan\AppData\Local\Temp\ZndTk2p7pdorrG2P.dll
C:\Users\Ryan\AppData\Local\Temp\Zvw19O9o114iKITp.dll
C:\Users\Ryan\AppData\Local\Temp\zZEmOwDH8E73eXp6.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-05 18:04
 
==================== End Of Log ============================


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:06 PM

Posted 09 January 2015 - 10:11 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   6.8KB   2 downloads


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 GuyGun

GuyGun
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 09 January 2015 - 10:38 AM

Hi, I ran the fixlist. This time it didn't prompt me to restart, so I don't know if it will boot properly or not. Below is Fixlog.txt.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Ryan at 2015-01-09 10:34:52 Run:3
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [Ryuvkcjkhoi] => C:\Windows\system32\regsvr32.exe /s "C:\Windows\TEMP\lcclokw.dll"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
C:\Windows\System32\consrv.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
2014-12-27 01:46 - 2015-01-09 05:11 - 00000000 ____D () C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh
2014-12-27 01:46 - 2015-01-09 05:11 - 00000000 ____D () C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:46 - 2015-01-09 04:03 - 00000000 ____D () C:\ProgramData\5558131108867548629
2014-12-27 01:46 - 2015-01-09 04:03 - 00000000 ____D () C:\Program Files\010
2014-12-27 01:45 - 2015-01-09 05:11 - 00000000 ____D () C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej
NETSVC: incdfs -> C:\Windows\system32\mcvsrte.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
R2 incdfs; C:\Windows\system32\mcvsrte.dll [6656 2009-07-13] (Oak Technology Inc.) [File not signed] 
C:\Windows\system32\mcvsrte.dll
S3 WinHttpAutoProxySvc; winhttp.dll [X]
R2 duuwysugju32; C:\Program Files\010\duuwysugju32.exe [682992 2014-12-01] ()
S2 CouponarificService64; C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed]
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-31] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
cmd: netsh winsock reset
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ryuvkcjkhoi => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
"HKCR\PROTOCOLS\Filter\application/octet-stream" => Key deleted successfully.
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Key Deleted successfully.
"HKCR\PROTOCOLS\Filter\application/x-complus" => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found. 
"HKCR\PROTOCOLS\Filter\application/x-msdownload" => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found. 
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
C:\Windows\System32\consrv.dll => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh => Moved successfully.
C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54 => Moved successfully.
C:\ProgramData\5558131108867548629 => Moved successfully.
C:\Program Files\010 => Moved successfully.
C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs incdfs => Deleted successfully.
incdfs => Service stopped successfully.
incdfs => Service deleted successfully.
C:\Windows\system32\mcvsrte.dll => Moved successfully.
WinHttpAutoProxySvc => Service deleted successfully.
duuwysugju32 => Service stopped successfully.
duuwysugju32 => Service deleted successfully.
CouponarificService64 => Service deleted successfully.
Verifies and fixes application compatibility issues => Service stopped successfully.
Verifies and fixes application compatibility issues => Service deleted successfully.
EagleX64 => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
X6va022 => Service deleted successfully.
 
=========  netsh winsock reset =========
 
'netsh' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
==== End of Fixlog 10:34:55 ====


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:06 PM

Posted 09 January 2015 - 11:22 AM

Please post a new FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 GuyGun

GuyGun
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 09 January 2015 - 12:11 PM

Hello, here is a new FRST.txt.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Ryan (administrator) on RYAN-PC on 09-01-2015 12:08:33
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\Temp\db21.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
() C:\Windows\Temp\db21.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [65309168 2012-10-11] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [610776 2012-12-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2010-12-16] (AOL Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe [3303000 2011-11-17] (Akamai Technologies, Inc)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-25] (Google Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {0d0036b2-558f-11e0-83a1-485b398dea3c} - D:\setup.exe -a
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {b7da57dd-9b60-11e3-9182-485b398dea3c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate09072013
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://asus.msn.com
URLSearchHook: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 08 C:\Windows\System32\mswsock.dll [327168] ()
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A6775F7C-C096-4A0D-9CAF-C9A78F38C57B}: [NameServer] 4.2.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default
FF SelectedSearchEngine: uTorrentControl_v2 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN26823413642493690&UM=false&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @livecode.runrev.com/LiveCode Player;version=1 -> C:\Users\Ryan\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll ()
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll (Tamarack Software, Inc.)
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
FF Extension: MaskMe - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\idme@abine.com [2014-11-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-01-06]
FF HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (uTorrentControl_v2) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2015-01-09]
CHR Extension: (Xfinity) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-07-15]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Ryan\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1270744 2012-12-03] (Cisco Systems, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859640 2010-02-23] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-24] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 09:49 - 2015-01-09 09:51 - 00046587 _____ () C:\Users\Ryan\Desktop\Addition.txt
2015-01-09 09:43 - 2015-01-09 12:08 - 00027739 _____ () C:\Users\Ryan\Desktop\FRST.txt
2015-01-09 09:43 - 2015-01-09 09:43 - 00000000 ____D () C:\Users\Ryan\Desktop\FRST-OlderVersion
2015-01-09 09:42 - 2015-01-09 10:34 - 00000000 ____D () C:\Users\Ryan\Desktop\olds
2015-01-09 01:06 - 2015-01-09 01:06 - 00000000 ____D () C:\Program Files\Couponarific
2015-01-08 23:52 - 2015-01-08 23:54 - 00000000 ____D () C:\Users\Ryan\Desktop\Backups
2015-01-08 23:34 - 2015-01-08 23:40 - 00000000 ____D () C:\AdwCleaner
2015-01-08 22:10 - 2015-01-08 22:10 - 00026536 _____ () C:\Users\Ryan\Desktop\dds.txt
2015-01-08 22:10 - 2015-01-08 22:10 - 00002831 _____ () C:\Users\Ryan\Desktop\attach.txt
2015-01-05 22:10 - 2015-01-09 12:08 - 00000000 ____D () C:\FRST
2015-01-05 22:08 - 2015-01-09 09:43 - 02124288 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2015-01-05 18:25 - 2015-01-05 18:25 - 00000000 ____D () C:\zoek_backup
2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\MGADiagToolOutput
2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-01-05 16:19 - 2015-01-09 10:32 - 00000000 ____D () C:\Users\Ryan\Desktop\S
2015-01-02 02:17 - 2015-01-02 02:17 - 00688992 ____R (Swearware) C:\Users\Ryan\Desktop\dds.scr
2015-01-01 19:55 - 2015-01-01 19:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online.exe
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-01-01 02:52 - 2015-01-01 14:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 02:51 - 2015-01-01 02:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 02:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 02:51 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-31 19:29 - 2015-01-09 02:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2014-12-31 19:29 - 2015-01-09 02:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-31 02:59 - 2015-01-09 05:11 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E09.HDTV.x264-LOL[ettv]
2014-12-30 00:13 - 2015-01-09 05:11 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E07.HDTV.x264-LOL[ettv]
2014-12-29 21:37 - 2015-01-09 05:11 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E06.HDTV.x264-LOL[ettv]
2014-12-27 01:48 - 2015-01-09 05:11 - 00000000 ____D () C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-14 23:33 - 2014-12-14 23:33 - 00883712 _____ () C:\Users\Ryan\Downloads\Chap020.ppt
2014-12-11 11:45 - 2014-12-11 11:45 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 09:42 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 09:42 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 11:33 - 2012-08-25 12:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA.job
2015-01-09 10:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At22.job
2015-01-09 10:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At21.job
2015-01-09 10:40 - 2011-11-15 20:59 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Akamai
2015-01-09 09:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At20.job
2015-01-09 09:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At19.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At8.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At18.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At16.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At14.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At12.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At10.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At9.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At7.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At17.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At15.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At13.job
2015-01-09 09:38 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At11.job
2015-01-09 09:38 - 2010-06-14 21:18 - 01477440 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 05:11 - 2014-07-10 01:57 - 00000000 ____D () C:\Users\DefaultAppPool
2015-01-09 05:11 - 2012-05-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-09 05:11 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-09 05:11 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-09 05:11 - 2010-06-14 21:53 - 00000000 ____D () C:\ProgramData\P4G
2015-01-09 05:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-09 05:08 - 2010-08-31 21:13 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Mozilla
2015-01-09 04:03 - 2012-12-03 20:56 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-01-09 04:03 - 2011-11-27 22:18 - 00000000 ____D () C:\ProgramData\PC Drivers HeadQuarters
2015-01-09 04:03 - 2011-11-27 22:16 - 00000000 ____D () C:\Program Files (x86)\PC Drivers HeadQuarters
2015-01-09 04:03 - 2011-08-17 09:22 - 00000000 ____D () C:\Program Files (x86)\Driver-Soft
2015-01-09 04:03 - 2011-04-24 23:20 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Toolbar
2015-01-09 02:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At6.job
2015-01-09 02:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At5.job
2015-01-09 02:22 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 02:22 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 02:13 - 2010-08-30 05:42 - 00000000 ____D () C:\Users\Ryan
2015-01-09 02:12 - 2012-12-29 14:09 - 00222568 _____ () C:\Windows\setupact.log
2015-01-09 02:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 01:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At4.job
2015-01-08 01:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At3.job
2015-01-08 01:33 - 2012-08-25 12:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001Core.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At48.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At46.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At44.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At2.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At47.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At45.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At43.job
2015-01-08 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At1.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At42.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At40.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At38.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At36.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At34.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At32.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At30.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At41.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At39.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At37.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At35.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At33.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At31.job
2015-01-08 00:01 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At29.job
2015-01-07 13:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At28.job
2015-01-07 13:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At27.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At26.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At24.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At25.job
2015-01-07 13:18 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At23.job
2015-01-01 14:41 - 2013-01-14 10:00 - 00277542 _____ () C:\Windows\PFRO.log
2015-01-01 14:40 - 2013-01-13 02:25 - 00000000 ____D () C:\Users\Ryan\AppData\Local\PMB Files
2015-01-01 14:19 - 2010-12-27 22:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2015-01-01 14:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-01 02:53 - 2012-09-05 20:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-01 02:52 - 2012-09-05 20:55 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
2015-01-01 02:51 - 2012-09-05 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 02:10 - 2010-06-14 21:53 - 00001254 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-31 03:54 - 2012-12-03 20:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\uTorrent
2014-12-14 23:33 - 2012-12-19 17:56 - 00308736 ___SH () C:\Users\Ryan\Downloads\Thumbs.db
2014-12-12 01:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 16:35 - 2012-08-25 12:23 - 00002362 _____ () C:\Users\Ryan\Desktop\Google Chrome.lnk
2014-12-11 11:54 - 2009-07-14 00:13 - 00866832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 11:49 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-11 11:47 - 2012-06-12 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 11:45 - 2014-04-30 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 11:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 09:45 - 2011-04-24 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
Files to move or delete:
====================
C:\ProgramData\odbcHost64.dll
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
 
 
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\05596eru0p11w4S1.dll
C:\Users\Ryan\AppData\Local\Temp\0AtJU3H08j7kIYj5.dll
C:\Users\Ryan\AppData\Local\Temp\0han9IqtiL4v1LGy.dll
C:\Users\Ryan\AppData\Local\Temp\0q4Efl4Xb3N460DN.dll
C:\Users\Ryan\AppData\Local\Temp\0R3Cuh2VoU82KcWR.dll
C:\Users\Ryan\AppData\Local\Temp\16RW2XHuevihdQDe.dll
C:\Users\Ryan\AppData\Local\Temp\1hB87W0z47619wcL.dll
C:\Users\Ryan\AppData\Local\Temp\1ixFGfQvu5ONuzON.dll
C:\Users\Ryan\AppData\Local\Temp\1QAKwa7TxxaN1toB.dll
C:\Users\Ryan\AppData\Local\Temp\20k8zzLeg55rp34J.dll
C:\Users\Ryan\AppData\Local\Temp\217z5p9amtwhmcF4.dll
C:\Users\Ryan\AppData\Local\Temp\2ayF2NrYv5cojV9a.dll
C:\Users\Ryan\AppData\Local\Temp\2clV425y48NanqFo.dll
C:\Users\Ryan\AppData\Local\Temp\2dY65R25gwCir6G1.dll
C:\Users\Ryan\AppData\Local\Temp\2Egsrr243md7kQJC.dll
C:\Users\Ryan\AppData\Local\Temp\2Y1c2gk03q226E9W.dll
C:\Users\Ryan\AppData\Local\Temp\388ReHQr11iSE6t9.dll
C:\Users\Ryan\AppData\Local\Temp\3A072xf3TSz85Bc6.dll
C:\Users\Ryan\AppData\Local\Temp\3i2N0vP3LRN3G61M.dll
C:\Users\Ryan\AppData\Local\Temp\3IRavuh8B62638mF.dll
C:\Users\Ryan\AppData\Local\Temp\3jhGn3p3mb4Nxr61.dll
C:\Users\Ryan\AppData\Local\Temp\3sLXLADZvUHh7D09.dll
C:\Users\Ryan\AppData\Local\Temp\3USe0qa64Szkj8wL.dll
C:\Users\Ryan\AppData\Local\Temp\40TdzDz589m7f18L.dll
C:\Users\Ryan\AppData\Local\Temp\41Y3JDxsdUS2px0Z.dll
C:\Users\Ryan\AppData\Local\Temp\430Et8462t3DTs4M.dll
C:\Users\Ryan\AppData\Local\Temp\4FA1196rUH9dEQrK.dll
C:\Users\Ryan\AppData\Local\Temp\4ZHN2b1d29QpD0Z5.dll
C:\Users\Ryan\AppData\Local\Temp\52dU8B31Vz0f041D.dll
C:\Users\Ryan\AppData\Local\Temp\58eUVcI5PBE8FRFP.dll
C:\Users\Ryan\AppData\Local\Temp\5d09IokO2ZDBr2c6.dll
C:\Users\Ryan\AppData\Local\Temp\5Jc07xDr2d6t23do.dll
C:\Users\Ryan\AppData\Local\Temp\69r4D43n5EH3Qjy6.dll
C:\Users\Ryan\AppData\Local\Temp\6l4mb003085T5R00.dll
C:\Users\Ryan\AppData\Local\Temp\6l9ewc8D92sooBI9.dll
C:\Users\Ryan\AppData\Local\Temp\6rLUGKXvk6g9518S.dll
C:\Users\Ryan\AppData\Local\Temp\748CRTfX418umi1r.dll
C:\Users\Ryan\AppData\Local\Temp\75kjrRNjO2R76nvy.dll
C:\Users\Ryan\AppData\Local\Temp\7615ZtIw5BW27Yo6.dll
C:\Users\Ryan\AppData\Local\Temp\7aLncqhS406OaP64.dll
C:\Users\Ryan\AppData\Local\Temp\7F3oIxKiBjs9ZwDG.dll
C:\Users\Ryan\AppData\Local\Temp\7qJr9QZt8E04pJ8Q.dll
C:\Users\Ryan\AppData\Local\Temp\7VDGWN832QRwh6Kv.dll
C:\Users\Ryan\AppData\Local\Temp\7vgs9ZCs6Ts4JJR4.dll
C:\Users\Ryan\AppData\Local\Temp\7ZacT7k5UTQxQp75.dll
C:\Users\Ryan\AppData\Local\Temp\815516k9Y1oihRN4.dll
C:\Users\Ryan\AppData\Local\Temp\86wazg4qxZ1u8dA8.dll
C:\Users\Ryan\AppData\Local\Temp\8CRtmlWV5yaM6mdJ.dll
C:\Users\Ryan\AppData\Local\Temp\8j4SXFQjPnafy7E3.dll
C:\Users\Ryan\AppData\Local\Temp\8K1J6DB3N26Xl6T5.dll
C:\Users\Ryan\AppData\Local\Temp\8pvmUzjrmzi169wv.dll
C:\Users\Ryan\AppData\Local\Temp\8UEVMK325g6y2121.dll
C:\Users\Ryan\AppData\Local\Temp\8VAOe2TgQ8mAKWkq.dll
C:\Users\Ryan\AppData\Local\Temp\91zd92O1mTgIALdh.dll
C:\Users\Ryan\AppData\Local\Temp\920OU0r4m5cWve83.dll
C:\Users\Ryan\AppData\Local\Temp\934E98Q8v79jGmJs.dll
C:\Users\Ryan\AppData\Local\Temp\9c81Kn80uiPsm724.dll
C:\Users\Ryan\AppData\Local\Temp\9gTQF2zl55hFKx9c.dll
C:\Users\Ryan\AppData\Local\Temp\9hA1z3d8bA7P7k0m.dll
C:\Users\Ryan\AppData\Local\Temp\9M26iZBeOLg2q874.dll
C:\Users\Ryan\AppData\Local\Temp\9P2A3r6cU3xBsuX9.dll
C:\Users\Ryan\AppData\Local\Temp\a2jEG2wk8MNgYx7v.dll
C:\Users\Ryan\AppData\Local\Temp\AmqGbLKX8jRB8Prg.dll
C:\Users\Ryan\AppData\Local\Temp\aN84P01nMY58137m.dll
C:\Users\Ryan\AppData\Local\Temp\au8NdmwAt09Bk7Yl.dll
C:\Users\Ryan\AppData\Local\Temp\Az5N80klXl52pM27.dll
C:\Users\Ryan\AppData\Local\Temp\B1uB9ojw2MZo6MBi.dll
C:\Users\Ryan\AppData\Local\Temp\b3y7iN629pE3n8Vo.dll
C:\Users\Ryan\AppData\Local\Temp\b40QKN5u86I3mh2S.dll
C:\Users\Ryan\AppData\Local\Temp\b5C99r4b0GcH8J6p.dll
C:\Users\Ryan\AppData\Local\Temp\bFfAs49A366DKVZo.dll
C:\Users\Ryan\AppData\Local\Temp\BVC7Qw7M3LzN22gu.dll
C:\Users\Ryan\AppData\Local\Temp\BxL26qf9Dl1U11r2.dll
C:\Users\Ryan\AppData\Local\Temp\By3JxmaojNUE2T1u.dll
C:\Users\Ryan\AppData\Local\Temp\C6uVAdho643h28za.dll
C:\Users\Ryan\AppData\Local\Temp\C9oWXZraSjhGOV9i.dll
C:\Users\Ryan\AppData\Local\Temp\CRs20A6uMGzmdGcv.dll
C:\Users\Ryan\AppData\Local\Temp\D9726JHh3B587ORy.dll
C:\Users\Ryan\AppData\Local\Temp\dv7NI0zdaxeI53E7.dll
C:\Users\Ryan\AppData\Local\Temp\e3G7cVuqh7w28K6k.dll
C:\Users\Ryan\AppData\Local\Temp\eesL2agMchLsDPeg.dll
C:\Users\Ryan\AppData\Local\Temp\EI1i5LquL9O8YtOZ.dll
C:\Users\Ryan\AppData\Local\Temp\El0RvWOX8D2q5sUf.dll
C:\Users\Ryan\AppData\Local\Temp\evM8HC46D5uSdw89.dll
C:\Users\Ryan\AppData\Local\Temp\F32Um5rksk3967sz.dll
C:\Users\Ryan\AppData\Local\Temp\FDQxtClPxIxc461s.dll
C:\Users\Ryan\AppData\Local\Temp\fm8O5335kwQG5aB5.dll
C:\Users\Ryan\AppData\Local\Temp\gfjUSb8lUbInQ1O7.dll
C:\Users\Ryan\AppData\Local\Temp\gMm5j6a9etfi2a9E.dll
C:\Users\Ryan\AppData\Local\Temp\gN8g86dF55OU1ctP.dll
C:\Users\Ryan\AppData\Local\Temp\GtQ77y8e3qV43n34.dll
C:\Users\Ryan\AppData\Local\Temp\H311Q6sC2UH23R06.dll
C:\Users\Ryan\AppData\Local\Temp\H9M30S6y4g2l7YoL.dll
C:\Users\Ryan\AppData\Local\Temp\hHk6U6x2cWD5b7nl.dll
C:\Users\Ryan\AppData\Local\Temp\HWIqy7644kVcIF7U.dll
C:\Users\Ryan\AppData\Local\Temp\hxkPLy6dli6wrJOC.dll
C:\Users\Ryan\AppData\Local\Temp\I11coWvf06JQt2hG.dll
C:\Users\Ryan\AppData\Local\Temp\i2Y6HRwBcZT43D8W.dll
C:\Users\Ryan\AppData\Local\Temp\i3FmRQg1KcLr63D8.dll
C:\Users\Ryan\AppData\Local\Temp\i82IUWw981xzqJ88.dll
C:\Users\Ryan\AppData\Local\Temp\iZ77KcWerqcYhH3i.dll
C:\Users\Ryan\AppData\Local\Temp\Jl8A2YsAwxSrZB1k.dll
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jutoldQaY53B3t1C.dll
C:\Users\Ryan\AppData\Local\Temp\k41V48P414u90gu8.dll
C:\Users\Ryan\AppData\Local\Temp\kBR6bvY3Sh9P29fo.dll
C:\Users\Ryan\AppData\Local\Temp\Ke16ifOibDWMtFCE.dll
C:\Users\Ryan\AppData\Local\Temp\KGG01P800Jo11xOQ.dll
C:\Users\Ryan\AppData\Local\Temp\kGK3wv7vbC9i9BAc.dll
C:\Users\Ryan\AppData\Local\Temp\LJTA48X97MFMp535.dll
C:\Users\Ryan\AppData\Local\Temp\ll7Yh71MfRMr1YzC.dll
C:\Users\Ryan\AppData\Local\Temp\M2s4Ezem7iSvjwRw.dll
C:\Users\Ryan\AppData\Local\Temp\M3G0UBz44LsPn9JU.dll
C:\Users\Ryan\AppData\Local\Temp\m45s9Daa1e2RC8pr.dll
C:\Users\Ryan\AppData\Local\Temp\MA46v358zxrJs1Dd.dll
C:\Users\Ryan\AppData\Local\Temp\MLeoCmOCt9sBA5g9.dll
C:\Users\Ryan\AppData\Local\Temp\Mmk2h5IrROVkW8yY.dll
C:\Users\Ryan\AppData\Local\Temp\mv3b4NeRDWMUI361.dll
C:\Users\Ryan\AppData\Local\Temp\Mvy5As65gV23hL0q.dll
C:\Users\Ryan\AppData\Local\Temp\N6ZD9uTkiDrt168L.dll
C:\Users\Ryan\AppData\Local\Temp\nHq0Lk1cWd1dDsQX.dll
C:\Users\Ryan\AppData\Local\Temp\OEL5rdM6s8mRP3zw.dll
C:\Users\Ryan\AppData\Local\Temp\OJhPEUcXl3j50v48.dll
C:\Users\Ryan\AppData\Local\Temp\oL7jNgrgFc1LaYsV.dll
C:\Users\Ryan\AppData\Local\Temp\osSqUrbaypPsZS0y.dll
C:\Users\Ryan\AppData\Local\Temp\P04nj0BuhQXY2V43.dll
C:\Users\Ryan\AppData\Local\Temp\p0u40Fn39GiXR6Wg.dll
C:\Users\Ryan\AppData\Local\Temp\pkz6Zu6g1tOpD5Rk.dll
C:\Users\Ryan\AppData\Local\Temp\PPNPCk9L8go7UQcY.dll
C:\Users\Ryan\AppData\Local\Temp\ppU28SU6UFcruh41.dll
C:\Users\Ryan\AppData\Local\Temp\pz65cYI3z2cOsaTo.dll
C:\Users\Ryan\AppData\Local\Temp\QH19pXMT664SEYSB.dll
C:\Users\Ryan\AppData\Local\Temp\qWL81EVrYA5lD852.dll
C:\Users\Ryan\AppData\Local\Temp\R3JnVVfLO86ISHE8.dll
C:\Users\Ryan\AppData\Local\Temp\R77M8829pTx75eCP.dll
C:\Users\Ryan\AppData\Local\Temp\rBUE1Tsitj6fyyvF.dll
C:\Users\Ryan\AppData\Local\Temp\rCXod24oH7CeO7EE.dll
C:\Users\Ryan\AppData\Local\Temp\rp0rlDf619105OiO.dll
C:\Users\Ryan\AppData\Local\Temp\RSRXUPbeHWZv6eZ4.dll
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ryan\AppData\Local\Temp\Sn5G6cIA98QC5Jb6.dll
C:\Users\Ryan\AppData\Local\Temp\ss5xN2bU3ChjmIke.dll
C:\Users\Ryan\AppData\Local\Temp\SSOwXYg34Gu2Pa8o.dll
C:\Users\Ryan\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Ryan\AppData\Local\Temp\T6Y0aSV4xFHVhMa3.dll
C:\Users\Ryan\AppData\Local\Temp\T93rvl6g4I27oWeW.dll
C:\Users\Ryan\AppData\Local\Temp\te8Hj2PSOElMdmi2.dll
C:\Users\Ryan\AppData\Local\Temp\TEXsIaV5Irg3jOau.dll
C:\Users\Ryan\AppData\Local\Temp\Tf0OBF5u838eqe9l.dll
C:\Users\Ryan\AppData\Local\Temp\tgSbhk0upiX7UE80.dll
C:\Users\Ryan\AppData\Local\Temp\UBw9fb1Y1iZus5gL.dll
C:\Users\Ryan\AppData\Local\Temp\uF7uqBxT66QzgxNV.dll
C:\Users\Ryan\AppData\Local\Temp\uGQ8kKTF7ejb4N6R.dll
C:\Users\Ryan\AppData\Local\Temp\uLNb6Pn2xQmG1mb6.dll
C:\Users\Ryan\AppData\Local\Temp\uNhC382V8shIV665.dll
C:\Users\Ryan\AppData\Local\Temp\UQE7L51ww11fvUs0.dll
C:\Users\Ryan\AppData\Local\Temp\v0cQ2XcB0Tp5RE02.dll
C:\Users\Ryan\AppData\Local\Temp\Vh1dx0GUK2Ie8yn9.dll
C:\Users\Ryan\AppData\Local\Temp\w2Y9yEBRQnBC3K3X.dll
C:\Users\Ryan\AppData\Local\Temp\wieVi8Sg3WP3uaT9.dll
C:\Users\Ryan\AppData\Local\Temp\wPW17GMuV8SXiQ59.dll
C:\Users\Ryan\AppData\Local\Temp\X54qvSvm92pfPCuj.dll
C:\Users\Ryan\AppData\Local\Temp\xcywH68sx4EOYuGc.dll
C:\Users\Ryan\AppData\Local\Temp\xXT6PRoA2Yw7o8xB.dll
C:\Users\Ryan\AppData\Local\Temp\y1PD668d59fYVMAT.dll
C:\Users\Ryan\AppData\Local\Temp\Y924QX9mi4BOBsPw.dll
C:\Users\Ryan\AppData\Local\Temp\YD6y6lL7PmlrPp86.dll
C:\Users\Ryan\AppData\Local\Temp\Yn6091Hbp3j21fJ9.dll
C:\Users\Ryan\AppData\Local\Temp\yPjj4Qa82218U6K1.dll
C:\Users\Ryan\AppData\Local\Temp\Yrw0D543Oe7LkA1F.dll
C:\Users\Ryan\AppData\Local\Temp\YSu6zS5hb0TWjb04.dll
C:\Users\Ryan\AppData\Local\Temp\yxmj785I5Y87070x.dll
C:\Users\Ryan\AppData\Local\Temp\z6oqGz8ss0T1oP52.dll
C:\Users\Ryan\AppData\Local\Temp\z7uBNhO8bO8JLAO0.dll
C:\Users\Ryan\AppData\Local\Temp\Z8HT5iOlKA45ahK0.dll
C:\Users\Ryan\AppData\Local\Temp\Zg4RNo6H3aW30e70.dll
C:\Users\Ryan\AppData\Local\Temp\zI3vAR93SSYDpVwv.dll
C:\Users\Ryan\AppData\Local\Temp\Zm8z1QT0w5prvP01.dll
C:\Users\Ryan\AppData\Local\Temp\ZndTk2p7pdorrG2P.dll
C:\Users\Ryan\AppData\Local\Temp\Zvw19O9o114iKITp.dll
C:\Users\Ryan\AppData\Local\Temp\zZEmOwDH8E73eXp6.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-05 18:04
 
==================== End Of Log ============================


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:06 PM

Posted 09 January 2015 - 12:34 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   24.24KB   1 downloads

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users