Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Directed Me Here. Help please.


  • This topic is locked This topic is locked
7 replies to this topic

#1 ahberah

ahberah

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 09 January 2015 - 03:15 PM

Hijack This ran on start up, directed me here for help. I have attached the log.
 
Hijack This stated I should  to anayze the results, not try to interpret them my self, and to post here for help and guidance.
 
Issues immediately before HT generated a report which I have attached.
 
I have Malwarebytes Premium. The last two days it has been slower than ususal to open and continuously hangs up on closing (not responding).  I uninstalled with RevoPro, ran CCleaner to clean up residual files.  Shutdown. Restarted. I  then reinstalled Malwarebytes. On re-install, MBAM displayed a message: one issue has been resolved. It began a scan and hung up again. I posted a ticket to Malwarebytes support. I was informed on the site and by email that there was a back up of support issues and I would receive a reply asap. So I gathered I was not the only one with these or similar issues.
 
I downloaded Avast 2015 to assess it. This caused a Chrome window to open.  I did not previously have Chrome on my computer. (I use Firefox). I closed Chrome as I am not sure I can trust it and have had a few Google unfriendly episodes in the past. I found I do not care for this version of Avast for a number of reasons which may/maynot be relevant.
 
So, basically I need help to understand what is happening as to the HT log report.
 
I thank you all in advance if you wish to and choose to help me. I'd send cookies ( the homemade kind not the buggy kind) if possible. So just imagine I have sent you warm chocolate ship cookies as thanks.
 
ahberah
 
 
 
Attached File  hijackthis.log   8.48KB   2 downloads

Edit: Topic moved from Windows 7 to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 ahberah

ahberah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 09 January 2015 - 04:14 PM

I apologize for the attachment.  This is the HT report. I will e happy to post from notepad any further info needed.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:14:11 PM, on 1/9/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 34.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\User\PortableApps\CintaNotesPortable\App\CintaNotes\CintaNotes.exe
C:\Users\User\PortableApps\HijackThisPortable\App\HijackThis\HijackThis.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-600 Series"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-600 Series"
O4 - HKCU\..\Run: [CintaNotes] "c:\users\user\portableapps\cintanotesportable\app\cintanotes\cintanotes.exe" -m
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Users\User\PortableApps\HijackThisPortable\App\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8686 bytes
 



#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:56 PM

Posted 10 January 2015 - 10:59 AM

Hey,
HJT is very outdated, we'll use another scanner. :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 ahberah

ahberah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 11 January 2015 - 04:34 PM

Thank you for your prompt reply and for donating your time, knowledge and experience to help me.  In the interim I downloaded every tool I could find in this forum. I try very much to be a self learner before posting here or in other forums. I figured if it was swiftly arriving at an unusable state, hopefully I could find a way to help and if it completely crashed I'd start from scrath with a new instll and/or HDD.  Not all learningexperiences are pleasant and joyful ventures.  However, knowledge can be a dangerous thing. Please forgive typos (I try to proof read), have a brace on one hand due to extreme Klutzy genes.

 

I read forum post with like/similar issues and followed the suggestions I found. I then read/studied then downloaded and /or used the following:

 

RKILL (I had rkill and have used prior to), DDS, JRT, AdwCleaner.  Also, now have MWBAnt-Exploit, Tweaking.com registry backup, MWBAnti-Rootkit, Win Patrol, and Combofix and Emisoft Anti-Malware, Emisoft Decryptor.

 

I uninstalled HiJack This(you and others state it is outdated as well as HitManPro (which has failed to notify me of anything thus far).

 

I did not use ComboFix as it appears I would need guidance with this one.

 

I am not sure why but I did not download FRST(by Farbar). I will be happy to do so and reply back with info it creates if necessary. Or if there is something else I need to do.

 

Somehow in all of that my issues are gone(I think), i am no longer having issues and nothing has reared it's ugly head to growl at me thus far.

 

I still have issues with MBAM Anti-Maleware hanging up/not responding on at the end of a scan before closing (which means it can't finish it's job I think??  However, I am following this on the MVAM forums as well. It appears quite a number of users have this issue as well.  I found the suggested thread with instuction on how to COMPLETELY unistall the product and instructions as to how to reinstall properly.  Any suggestion from you will be greatly appreciated here as well.

 

I thank you again for any/all assitance or comments. Further advice greatly welcomed.



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:56 PM

Posted 11 January 2015 - 05:02 PM

Hey,
I would still recommend doing the FRST Scan. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 ahberah

ahberah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 11 January 2015 - 10:56 PM

Putting on my Village Idiot hat, how do I leave give feedback??  is there a click or button or does the reply serve as feedback?

 

I will do it in one to two days.  It's back to the coal mines for me tomorrow and I have to prepare.  I truly thank you and am so glad you suggested to go ahead and do this FRST scan, thus you can tell me hopefully if i have mucked up or did okay.

 

Hopefully I did okay for a Gramie person.

 

By the way, MBAM Anti-Maleware has decided to run all the way to end of scan, show results (there weren't any buggies) yet still hang up /failure to respond at the very end.  Ahh, perhaps it is growing pains... we'll see.

 

I will return here soon with a FRST report and virtual rum daiquiris ...yes, I did earn the girl scout badge for preparedness. :)

 

Thank you!!!

OK.  I couldn't stand it.  Decided to run FRST anyway.  I truly attempted to shut down the following, MBAM, Emisoft,SuperSpyware, Firewall, UAC.  However, I have 3 reports, guess I checked a box extra.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
Ran by User (administrator) on USER-HP on 11-01-2015 22:45:20
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\ResophNotes\ResophNotes.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKU\S-1-5-21-3119543180-149146875-1484166104-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3119543180-149146875-1484166104-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3119543180-149146875-1484166104-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3119543180-149146875-1484166104-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3119543180-149146875-1484166104-1001\...\Run: [CintaNotes] => c:\users\user\portableapps\cintanotesportable\app\cintanotes\cintanotes.exe [4215304 2014-12-16] (Cinta Software)
HKU\S-1-5-21-3119543180-149146875-1484166104-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3119543180-149146875-1484166104-1001\...\MountPoints2: {5962f692-7e53-11e4-8ef2-2c27d72d16f6} - F:\VZW_Software_upgrade_assistant.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3119543180-149146875-1484166104-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-3119543180-149146875-1484166104-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {24438432-6B87-4B5A-98E6-75EAC4F82915} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {24438432-6B87-4B5A-98E6-75EAC4F82915} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3119543180-149146875-1484166104-1001 -> {24438432-6B87-4B5A-98E6-75EAC4F82915} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3119543180-149146875-1484166104-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3119543180-149146875-1484166104-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: about:newtab
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\searchplugins\swagbucks.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\searchplugins\yahoo-avast.xml
FF Extension: HTTPS-Everywhere - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\https-everywhere@eff.org [2014-12-04]
FF Extension: Print pages to PDF - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\printPages2Pdf@reinhold.ripper [2014-11-06]
FF Extension: ColorfulTabs - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-12-17]
FF Extension: Flash and Video Download - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-12-23]
FF Extension: Haga Tamaño Barra de direcciones de fuente grande - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\addressBarFontSizeBigger@papafresh.com.xpi [2014-10-30]
FF Extension: Add to Amazon Wish List Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\amznUWL2@amazon.com.xpi [2014-10-30]
FF Extension: Iconic Firefox Menu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\firefox-menu-icon@benjamin.smedbergs.us.xpi [2014-10-30]
FF Extension: NoSquint - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\nosquint@urandom.ca.xpi [2014-10-30]
FF Extension: Print Edit - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\printedit@DW-dev.xpi [2014-11-06]
FF Extension: Private Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\privateTab@infocatcher.xpi [2014-11-06]
FF Extension: TrashMail.com - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\spam@trashmail.net.xpi [2014-10-30]
FF Extension: TrafficLight - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\trafficlight@bitdefender.com.xpi [2014-12-04]
FF Extension: ScrapBook - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-12-26]
FF Extension: Sage - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}.xpi [2014-10-30]
FF Extension: Aeon Clouds - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\14bbryxl.default\Extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}.xpi [2014-10-30]
FF HKU\S-1-5-21-3119543180-149146875-1484166104-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\TheSage\extensions\firefox
FF Extension: TheSage one-click lookup - C:\Program Files (x86)\TheSage\extensions\firefox [2014-12-20]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-10-31] (Broadcom Corporation.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys 73C035299E3044636104CA7A7634A6AC
C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys D27A8B7BB0E15DFBFC6B4E774EE17AD9
C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys 05936579605018BD2BC528FF2C1AD95F
C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys B1AB7116D14667A2238DAEFE20B7F4D0
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys A87FC6E3670DB55788184FE3A3808712
C:\Windows\System32\DRIVERS\atikmpag.sys 971F3B12C24BB83B48F8CCA2ED019906
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\drivers\amd_sata.sys CAEE7C1AFC9F1C9EE8DD11ACD18D22E7
C:\Windows\System32\drivers\amd_xata.sys 23726116B4FBCC84FC45B95157C08F5F
C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 33497249626E7787AA5CEA99B226CCA6
C:\Windows\System32\drivers\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\bcbtums.sys 8F3AB137A758D19B7BF393EB36E0E55C
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\btwampfl.sys 3ACC37139CE0B2DA2053AF916DA67D22
C:\Windows\System32\drivers\btwaudio.sys A771078558477068DFD8037B82EB00F8
C:\Windows\System32\DRIVERS\btwavdt.sys 9FF58F76024D25784755B01F926B00BE
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys EDD953D635F3AA89EF902E3F82D60D22
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys B794DCF38C965FA2F93C45A7C3D582C5
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys 00C3C6C55C435810C9475C219F4D1B26
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 589B94A9B73A0E819FF873743A480834
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\KeyCrypt64.sys 249B4AB4EA96E333AA0F01BF67209817
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 9150A0F57F9BBEDA6311ACECA55229F8
C:\Windows\system32\drivers\mbam.sys B0896FB3FF31F75AEBA7F94FF99A94C3
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\mwac.sys AB92F5224C31A140246D6B82DEA11142
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 24CF1304D899124336F67F88F3C15E21
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf_amd64.sys DD3FD48D69F5FBBB21D46D1514C1C2DB
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys AFC12DFA4C7B089673AD67402CA19EDB
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Program Files\Sandboxie\SbieDrv.sys B38103F1B78072D53EC23AC8287A72C2
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\system32\drivers\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VBoxDrv.sys D6C1F7B354C49A248BD897D4B7BA3C37
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 95717FCA60876284568B5CD476A59C41
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys 15C038D331E2497DF81926A379D87FEC
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 93B031F740A2E1BB8B6C713DD09A897F
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 22:25 - 2015-01-11 22:26 - 00003584 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0cfc527e-593b-415c-91ca-aa2eb1d5acb9
2015-01-11 22:25 - 2015-01-11 22:26 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0cfc527e-593b-415c-91ca-aa2eb1d5acb9.job
2015-01-11 22:04 - 2015-01-11 22:42 - 00062520 _____ () C:\Users\User\Downloads\Shortcut.txt
2015-01-11 22:01 - 2015-01-11 22:04 - 00026280 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-11 22:00 - 2015-01-11 22:46 - 00036177 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-11 21:59 - 2015-01-11 22:46 - 00000000 ____D () C:\FRST
2015-01-11 21:58 - 2015-01-11 21:58 - 02124288 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-01-11 21:32 - 2015-01-11 21:42 - 00000000 ____D () C:\Users\User\.ResophNotes
2015-01-11 21:24 - 2015-01-11 21:24 - 00010186 _____ () C:\Users\User\Desktop\MY WEB SITES.odt
2015-01-11 21:22 - 2015-01-11 21:22 - 00010180 _____ () C:\Users\User\Documents.odt
2015-01-11 21:10 - 2015-01-11 21:32 - 00000000 ____D () C:\Users\User\Desktop\ELEPHANT NOTES
2015-01-11 21:10 - 2015-01-11 21:31 - 00000131 _____ () C:\Users\User\.com.pinktwins.elephant.settings
2015-01-11 21:09 - 2015-01-11 21:10 - 00000000 ____D () C:\Users\User\Desktop\elephant6_win
2015-01-11 21:08 - 2015-01-11 21:08 - 05710056 _____ () C:\Users\User\Downloads\elephant6_win.zip
2015-01-11 20:32 - 2015-01-11 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ResophNotes
2015-01-11 20:32 - 2015-01-11 20:32 - 00000000 ____D () C:\Program Files (x86)\ResophNotes
2015-01-11 20:31 - 2015-01-11 20:34 - 00000000 ____D () C:\Users\User\Desktop\ResophNotes157
2015-01-11 20:30 - 2015-01-11 20:30 - 06958054 _____ () C:\Users\User\Desktop\ResophNotes157.zip
2015-01-11 18:34 - 2015-01-11 18:34 - 00003508 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2287bfbf-8b96-41ed-99c9-8f5dc121bcf6
2015-01-11 18:34 - 2015-01-11 18:34 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2287bfbf-8b96-41ed-99c9-8f5dc121bcf6.job
2015-01-11 18:33 - 2015-01-11 18:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-11 18:33 - 2015-01-11 18:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-11 18:33 - 2015-01-11 18:33 - 00001810 _____ () C:\Users\User\Desktop\SUPERAntiSpyware Professional.lnk
2015-01-11 18:14 - 2015-01-11 18:14 - 00000000 ____D () C:\SUPERDelete
2015-01-11 18:12 - 2015-01-11 18:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2015-01-11 18:11 - 2015-01-11 18:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-11 17:24 - 2015-01-11 17:24 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-01-11 17:01 - 2015-01-11 17:02 - 165801680 _____ () C:\Users\User\Desktop\EmsisoftEmergencyKit.exe
2015-01-11 16:55 - 2015-01-11 17:14 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2015-01-11 16:47 - 2015-01-11 16:47 - 00000000 ____D () C:\Users\User\AppData\Local\Secunia PSI
2015-01-11 16:47 - 2015-01-11 16:47 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-01-11 16:46 - 2015-01-11 16:46 - 05490752 _____ (Secunia) C:\Users\User\Desktop\PSISetup.exe
2015-01-11 15:56 - 2015-01-11 15:57 - 00000000 ____D () C:\Users\User\Desktop\SysinternalsSuite
2015-01-11 15:40 - 2015-01-11 15:40 - 00000000 ____D () C:\Users\User\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2015-01-10 22:17 - 2015-01-10 22:17 - 00000000 ____D () C:\Users\User\Desktop\DDS 1.10.15
2015-01-10 22:06 - 2015-01-10 22:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-USER-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2015-01-10 22:05 - 2015-01-10 22:05 - 00002197 _____ () C:\Users\User\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-10 22:05 - 2015-01-10 22:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-10 22:05 - 2015-01-10 22:05 - 00000000 ____D () C:\RegBackup
2015-01-10 22:05 - 2015-01-10 22:05 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-10 22:00 - 2015-01-10 22:00 - 00000948 _____ () C:\Users\User\Desktop\quarantine.txt
2015-01-10 21:47 - 2015-01-10 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-01-10 21:47 - 2015-01-10 21:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-01-10 21:47 - 2015-01-10 21:47 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2015-01-10 20:43 - 2015-01-10 21:50 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-10 15:01 - 2015-01-10 15:01 - 00736736 _____ (Emsisoft Ltd) C:\Users\User\Desktop\decrypt_pclock.exe
2015-01-10 14:13 - 2015-01-11 22:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 14:13 - 2015-01-10 14:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-10 14:13 - 2015-01-10 14:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-10 14:13 - 2015-01-10 14:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 13:37 - 2015-01-10 13:37 - 00000000 ____D () C:\Windows\New folder
2015-01-09 19:57 - 2015-01-11 22:31 - 00264669 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 19:47 - 2015-01-10 19:58 - 00000000 ____D () C:\AdwCleaner
2015-01-09 19:31 - 2015-01-09 19:31 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-09 18:55 - 2015-01-09 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-09 18:54 - 2015-01-11 22:29 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-09 18:26 - 2015-01-11 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-09 18:25 - 2015-01-09 19:58 - 00000000 ____D () C:\Users\User\Desktop\BC 1.9.15
2015-01-09 18:18 - 2015-01-09 18:18 - 00000000 ____D () C:\Users\User\AppData\Local\AntiLogger Free
2015-01-09 18:18 - 2015-01-09 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-01-09 18:18 - 2015-01-09 18:18 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2015-01-09 18:18 - 2015-01-09 18:18 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2015-01-09 18:18 - 2014-12-30 13:18 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-01-09 18:05 - 2015-01-09 18:05 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 18:02 - 2015-01-10 22:30 - 00000000 ___RD () C:\Users\User\Desktop\Trouble Shooters
2015-01-09 18:00 - 2015-01-09 18:00 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.08.2.1001.exe
2015-01-09 17:59 - 2015-01-09 17:59 - 04215584 _____ () C:\Users\User\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-09 10:38 - 2015-01-09 12:19 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-01-09 10:38 - 2015-01-09 12:19 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-09 00:04 - 2015-01-11 19:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 00:04 - 2015-01-09 00:04 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-09 00:04 - 2015-01-09 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 00:03 - 2015-01-09 00:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-09 00:03 - 2014-11-21 07:08 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 00:03 - 2014-11-21 07:07 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 00:03 - 2014-11-21 07:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-08 19:17 - 2015-01-08 19:15 - 00450831 ____R () C:\Windows\system32\Drivers\etc\hosts.20150108-191705.backup
2015-01-04 18:22 - 2015-01-04 18:22 - 13708848 _____ () C:\Users\User\Desktop\SysinternalsSuite.zip
2015-01-04 12:09 - 2015-01-04 12:09 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2015-01-04 12:09 - 2015-01-04 12:09 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2015-01-04 12:09 - 2015-01-04 12:09 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-01-04 04:52 - 2015-01-10 22:23 - 00000000 ____D () C:\Users\User\Desktop\stuff
2015-01-04 00:31 - 2015-01-04 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-01-04 00:31 - 2015-01-04 00:31 - 00000000 ____D () C:\Program Files\Speccy
2015-01-04 00:30 - 2015-01-04 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-01-04 00:30 - 2015-01-04 00:30 - 00000000 ____D () C:\Program Files\Recuva
2015-01-04 00:29 - 2015-01-04 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-01-04 00:29 - 2015-01-04 00:29 - 00000000 ____D () C:\Program Files\Defraggler
2015-01-03 15:33 - 2015-01-03 15:33 - 00005501 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-01-03 03:27 - 2015-01-03 15:33 - 00000000 ____D () C:\Users\User\AppData\Local\enchant
2015-01-02 14:35 - 2015-01-03 02:11 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-02 14:35 - 2015-01-02 14:35 - 00000000 ___RD () C:\Users\User\OneDrive
2015-01-02 14:35 - 2015-01-02 14:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-02 14:31 - 2015-01-02 14:31 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-02 11:23 - 2015-01-11 21:30 - 00000000 ____D () C:\Users\User\Desktop\TECH HELP
2015-01-01 20:54 - 2015-01-01 20:54 - 00000000 _____ () C:\Windows\SysWOW64\FAP92A3.tmp
2015-01-01 20:53 - 2015-01-01 20:53 - 00000000 _____ () C:\Windows\SysWOW64\FAPCDCC.tmp
2015-01-01 20:53 - 2015-01-01 20:53 - 00000000 _____ () C:\Windows\SysWOW64\FAP253B.tmp
2015-01-01 20:52 - 2015-01-01 20:52 - 00000000 _____ () C:\Windows\SysWOW64\FAP4814.tmp
2015-01-01 20:52 - 2015-01-01 20:52 - 00000000 _____ () C:\Windows\SysWOW64\FAP2D02.tmp
2015-01-01 20:51 - 2015-01-01 20:51 - 00000000 _____ () C:\Windows\SysWOW64\FAPFBDE.tmp
2015-01-01 20:51 - 2015-01-01 20:51 - 00000000 _____ () C:\Windows\SysWOW64\FAPE12B.tmp
2015-01-01 20:51 - 2015-01-01 20:51 - 00000000 _____ () C:\Windows\SysWOW64\FAPCF3D.tmp
2015-01-01 20:51 - 2015-01-01 20:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP93.tmp
2015-01-01 20:50 - 2015-01-01 20:50 - 00000000 _____ () C:\Windows\SysWOW64\FAPCF69.tmp
2015-01-01 20:47 - 2015-01-01 20:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP2A61.tmp
2015-01-01 20:45 - 2015-01-01 20:45 - 00000000 _____ () C:\Windows\SysWOW64\FAP57C4.tmp
2015-01-01 20:45 - 2015-01-01 20:45 - 00000000 _____ () C:\Windows\SysWOW64\FAP158.tmp
2015-01-01 20:35 - 2015-01-01 20:35 - 00000000 _____ () C:\Windows\SysWOW64\FAPEF0A.tmp
2015-01-01 20:35 - 2015-01-01 20:35 - 00000000 _____ () C:\Windows\SysWOW64\FAPD46.tmp
2015-01-01 20:34 - 2015-01-01 20:34 - 00000000 _____ () C:\Windows\SysWOW64\FAPBC82.tmp
2015-01-01 20:22 - 2015-01-01 20:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP4C40.tmp
2015-01-01 20:18 - 2015-01-01 20:18 - 00000000 _____ () C:\Windows\SysWOW64\FAPC217.tmp
2015-01-01 20:18 - 2015-01-01 20:18 - 00000000 _____ () C:\Windows\SysWOW64\FAPA9F2.tmp
2015-01-01 20:18 - 2015-01-01 20:18 - 00000000 _____ () C:\Windows\SysWOW64\FAP8DE7.tmp
2015-01-01 20:17 - 2015-01-01 20:17 - 00000000 _____ () C:\Windows\SysWOW64\FAP942.tmp
2015-01-01 20:17 - 2015-01-01 20:17 - 00000000 _____ () C:\Windows\SysWOW64\FAP4956.tmp
2015-01-01 20:17 - 2015-01-01 20:17 - 00000000 _____ () C:\Windows\SysWOW64\FAP48B7.tmp
2015-01-01 20:17 - 2015-01-01 20:17 - 00000000 _____ () C:\Windows\SysWOW64\FAP282A.tmp
2015-01-01 20:13 - 2015-01-01 20:13 - 00000000 _____ () C:\Windows\SysWOW64\FAP758.tmp
2015-01-01 20:13 - 2015-01-01 20:13 - 00000000 _____ () C:\Windows\SysWOW64\FAP24BA.tmp
2015-01-01 20:04 - 2015-01-01 20:04 - 00000000 _____ () C:\Windows\SysWOW64\FAPF99F.tmp
2015-01-01 20:04 - 2015-01-01 20:04 - 00000000 _____ () C:\Windows\SysWOW64\FAPF75B.tmp
2015-01-01 20:04 - 2015-01-01 20:04 - 00000000 _____ () C:\Windows\SysWOW64\FAPE139.tmp
2015-01-01 20:02 - 2015-01-01 20:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPF0FE.tmp
2015-01-01 20:02 - 2015-01-01 20:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPDA5F.tmp
2015-01-01 19:55 - 2015-01-01 19:55 - 00000000 _____ () C:\Windows\SysWOW64\FAP8432.tmp
2015-01-01 19:55 - 2015-01-01 19:55 - 00000000 _____ () C:\Windows\SysWOW64\FAP81BF.tmp
2015-01-01 19:55 - 2015-01-01 19:55 - 00000000 _____ () C:\Windows\SysWOW64\FAP63FF.tmp
2015-01-01 19:52 - 2015-01-01 19:52 - 00000000 _____ () C:\Windows\SysWOW64\FAP1F4F.tmp
2015-01-01 19:44 - 2015-01-01 19:44 - 00000000 _____ () C:\Windows\SysWOW64\FAP4E28.tmp
2015-01-01 19:44 - 2015-01-01 19:44 - 00000000 _____ () C:\Windows\SysWOW64\FAP3104.tmp
2015-01-01 19:39 - 2015-01-01 19:39 - 00000000 _____ () C:\Windows\SysWOW64\FAP4F2B.tmp
2015-01-01 19:39 - 2015-01-01 19:39 - 00000000 _____ () C:\Windows\SysWOW64\FAP4B13.tmp
2015-01-01 19:39 - 2015-01-01 19:39 - 00000000 _____ () C:\Windows\SysWOW64\FAP43CF.tmp
2015-01-01 19:38 - 2015-01-01 19:38 - 00000000 _____ () C:\Windows\SysWOW64\FAPD1E.tmp
2015-01-01 19:38 - 2015-01-01 19:38 - 00000000 _____ () C:\Windows\SysWOW64\FAP3184.tmp
2015-01-01 19:38 - 2015-01-01 19:38 - 00000000 _____ () C:\Windows\SysWOW64\FAP2033.tmp
2015-01-01 19:38 - 2015-01-01 19:38 - 00000000 _____ () C:\Windows\SysWOW64\FAP1F08.tmp
2015-01-01 19:38 - 2015-01-01 19:38 - 00000000 _____ () C:\Windows\SysWOW64\FAP1E3A.tmp
2015-01-01 19:38 - 2015-01-01 19:38 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C63.tmp
2015-01-01 19:38 - 2015-01-01 19:38 - 00000000 _____ () C:\Windows\SysWOW64\FAP1AAB.tmp
2015-01-01 19:38 - 2015-01-01 19:38 - 00000000 _____ () C:\Windows\SysWOW64\FAP1A4A.tmp
2015-01-01 19:33 - 2015-01-01 19:33 - 00000000 _____ () C:\Windows\SysWOW64\FAP6B50.tmp
2015-01-01 19:33 - 2015-01-01 19:33 - 00000000 _____ () C:\Windows\SysWOW64\FAP4660.tmp
2015-01-01 19:31 - 2015-01-01 19:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP6A51.tmp
2015-01-01 19:28 - 2015-01-01 19:28 - 00000000 _____ () C:\Windows\SysWOW64\FAPAAA7.tmp
2015-01-01 19:28 - 2015-01-01 19:28 - 00000000 _____ () C:\Windows\SysWOW64\FAPAA56.tmp
2015-01-01 19:28 - 2015-01-01 19:28 - 00000000 _____ () C:\Windows\SysWOW64\FAPA120.tmp
2015-01-01 19:28 - 2015-01-01 19:28 - 00000000 _____ () C:\Windows\SysWOW64\FAP9CC9.tmp
2015-01-01 19:28 - 2015-01-01 19:28 - 00000000 _____ () C:\Windows\SysWOW64\FAP9B40.tmp
2015-01-01 19:28 - 2015-01-01 19:28 - 00000000 _____ () C:\Windows\SysWOW64\FAP9A24.tmp
2015-01-01 19:28 - 2015-01-01 19:28 - 00000000 _____ () C:\Windows\SysWOW64\FAP82AB.tmp
2015-01-01 19:17 - 2015-01-01 19:17 - 00000000 _____ () C:\Windows\SysWOW64\FAP3100.tmp
2015-01-01 19:17 - 2015-01-01 19:17 - 00000000 _____ () C:\Windows\SysWOW64\FAP2FC5.tmp
2015-01-01 19:17 - 2015-01-01 19:17 - 00000000 _____ () C:\Windows\SysWOW64\FAP2853.tmp
2015-01-01 19:17 - 2015-01-01 19:17 - 00000000 _____ () C:\Windows\SysWOW64\FAP1E90.tmp
2015-01-01 19:16 - 2015-01-01 19:16 - 00000000 _____ () C:\Windows\SysWOW64\FAP85E.tmp
2015-01-01 19:15 - 2015-01-01 19:15 - 00000000 _____ () C:\Windows\SysWOW64\FAPB5C9.tmp
2015-01-01 19:15 - 2015-01-01 19:15 - 00000000 _____ () C:\Windows\SysWOW64\FAPB588.tmp
2015-01-01 19:15 - 2015-01-01 19:15 - 00000000 _____ () C:\Windows\SysWOW64\FAPB288.tmp
2015-01-01 19:15 - 2015-01-01 19:15 - 00000000 _____ () C:\Windows\SysWOW64\FAPAEAF.tmp
2015-01-01 19:15 - 2015-01-01 19:15 - 00000000 _____ () C:\Windows\SysWOW64\FAPA901.tmp
2015-01-01 19:15 - 2015-01-01 19:15 - 00000000 _____ () C:\Windows\SysWOW64\FAP935C.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAPFBB5.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAPF47.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAPF433.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAPF06.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAPED9B.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAPDEA.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAPB29.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP858.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP75C.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP581D.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP4391.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP3674.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP322D.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP2C9E.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP1F53.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP1E18.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C02.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP19DD.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP1651.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP1507.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP14A6.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP1417.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP13C6.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP1375.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP1297.tmp
2015-01-01 19:10 - 2015-01-01 19:10 - 00000000 _____ () C:\Windows\SysWOW64\FAP1072.tmp
2015-01-01 19:09 - 2015-01-01 19:09 - 00000000 _____ () C:\Windows\SysWOW64\FAPFFA9.tmp
2015-01-01 19:09 - 2015-01-01 19:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP1860.tmp
2015-01-01 19:09 - 2015-01-01 19:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP15ED.tmp
2015-01-01 19:09 - 2015-01-01 19:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP159C.tmp
2015-01-01 19:08 - 2015-01-01 19:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPAB4.tmp
2015-01-01 19:08 - 2015-01-01 19:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP2040.tmp
2015-01-01 19:08 - 2015-01-01 19:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP1FFE.tmp
2015-01-01 19:08 - 2015-01-01 19:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP1F21.tmp
2014-12-26 15:53 - 2014-12-26 15:58 - 704116294 _____ () C:\Users\User\Desktop\FalconFour's Ultimate Boot CD v4.61.7z
2014-12-25 20:06 - 2015-01-09 00:32 - 00000000 ____D () C:\Users\User\Desktop\RSMS
2014-12-25 17:26 - 2015-01-09 20:35 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-12-25 12:34 - 2014-12-25 12:34 - 00000000 ____D () C:\Users\User\Documents\txtooo
2014-12-22 10:24 - 2014-12-22 10:24 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-12-22 00:12 - 2014-12-22 00:13 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-12-21 23:01 - 2014-12-21 23:01 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-12-21 22:39 - 2014-12-21 22:39 - 00001230 _____ () C:\Users\User\Desktop\DOWNLOADS rp - Shortcut.lnk
2014-12-21 22:37 - 2014-12-21 22:38 - 00000000 ____D () C:\Users\User\Desktop\Exited from snd to menu
2014-12-21 22:33 - 2014-12-21 22:33 - 00000151 _____ () C:\Users\User\Downloads\Add_Copy_To_Folder.reg
2014-12-21 20:48 - 2014-12-21 22:57 - 00000000 ____D () C:\Users\User\Documents\QUOTES
2014-12-21 20:08 - 2014-12-21 20:09 - 00000000 ____D () C:\Users\User\Documents\DANE
2014-12-20 22:45 - 2014-12-21 02:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\TheSage
2014-12-20 22:43 - 2014-12-20 22:45 - 00000000 ____D () C:\Program Files (x86)\TheSage
2014-12-20 22:43 - 2014-12-20 22:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheSage
2014-12-20 21:00 - 2014-12-21 20:02 - 00000000 ____D () C:\Users\User\Documents\CHANCE
2014-12-19 22:44 - 2014-12-19 22:48 - 621283886 _____ () C:\Users\User\Desktop\Hirens.BootCD.15.2.zip
2014-12-19 21:22 - 2014-12-22 00:01 - 00000000 ____D () C:\Users\User\.pdfsam
2014-12-19 21:18 - 2014-12-25 08:21 - 16198517 _____ () C:\Users\User\Downloads\pdfsam-2.2.4-out.zip
2014-12-19 21:18 - 2014-12-19 21:22 - 00000000 ____D () C:\Users\User\Desktop\pdfsam-2.2.4-out
2014-12-19 19:16 - 2014-12-19 19:16 - 00772032 _____ ( ) C:\Users\User\Desktop\pdfsam-2.2.4-out.exe
2014-12-19 18:02 - 2015-01-10 20:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-17 14:08 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 14:08 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 19:08 - 2015-01-11 17:46 - 00000000 ____D () C:\Users\User\Desktop\DK TP STUFF
2014-12-16 18:54 - 2014-12-21 20:32 - 00000000 ____D () C:\Users\User\Documents\LANE BRYANT
2014-12-16 17:21 - 2015-01-03 02:54 - 00000000 ____D () C:\Users\User\Documents\VERIZON 2014
2014-12-14 22:22 - 2014-12-14 22:22 - 00000000 ____D () C:\ProgramData\ATI
2014-12-14 22:21 - 2014-12-14 22:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\library_dir
2014-12-14 22:20 - 2014-12-15 07:15 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-14 22:20 - 2014-12-14 22:20 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201412142220063883.log
2014-12-14 22:20 - 2014-12-14 22:20 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-14 22:19 - 2014-12-14 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-14 22:13 - 2014-12-14 22:13 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-13 11:17 - 2014-12-13 11:19 - 00000000 ____D () C:\Users\User\AppData\Local\WiFi Guard
2014-12-13 11:17 - 2014-12-13 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard
2014-12-13 11:17 - 2014-12-13 11:17 - 00000000 ____D () C:\Program Files\SoftPerfect WiFi Guard

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 21:49 - 2014-11-17 10:59 - 00000394 _____ () C:\Windows\Tasks\WpsNotifyTask_User.job
2015-01-11 21:25 - 2011-07-21 02:26 - 00000000 ____D () C:\ProgramData\PDFC
2015-01-11 19:05 - 2014-11-02 19:05 - 00000258 _____ () C:\Windows\Tasks\CCleanerClean.job
2015-01-11 18:14 - 2014-12-08 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-01-11 17:11 - 2014-10-31 14:36 - 00000000 ____D () C:\Users\User\Documents\My Digital Editions
2015-01-11 13:50 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-11 09:56 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 09:56 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 09:55 - 2014-10-30 23:04 - 00000000 ___RD () C:\Users\User\Dropbox
2015-01-11 09:51 - 2014-10-30 23:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-01-11 09:49 - 2014-11-26 12:36 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-11 09:48 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 22:19 - 2014-11-07 20:17 - 00000000 ____D () C:\Users\User\Documents\EMP
2015-01-10 20:07 - 2014-11-23 22:09 - 00000000 ____D () C:\Windows\CryptoGuard
2015-01-10 19:52 - 2014-11-20 13:19 - 00000000 ___RD () C:\Users\User\Desktop\LINUX BOOKS
2015-01-10 18:07 - 2014-11-02 18:02 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-10 14:14 - 2014-10-31 18:00 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-01-10 00:03 - 2014-10-31 10:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-09 20:31 - 2011-02-11 11:00 - 00000000 ____D () C:\Windows\Panther
2015-01-09 19:52 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-09 16:43 - 2014-10-30 20:27 - 00001716 _____ () C:\Windows\Sandboxie.ini
2015-01-09 13:08 - 2014-10-30 21:56 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 11:41 - 2014-10-31 00:30 - 00000000 ____D () C:\Users\User\Documents\Spreadsheets
2015-01-09 11:02 - 2014-11-30 21:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-09 10:44 - 2014-10-30 09:02 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-08 23:56 - 2014-10-17 15:29 - 00078992 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-08 23:56 - 2009-07-13 22:45 - 00359536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 20:12 - 2014-11-28 19:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-08 19:52 - 2014-10-30 09:02 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2015-01-08 19:52 - 2014-10-17 16:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-01-08 08:16 - 2009-07-13 23:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 19:06 - 2014-12-02 02:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-03 02:55 - 2014-11-29 03:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\gtk-2.0
2015-01-02 16:54 - 2014-11-10 12:39 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-02 14:49 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-01 19:14 - 2014-11-02 19:05 - 00002830 _____ () C:\Windows\System32\Tasks\CCleanerClean
2014-12-31 05:14 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-26 14:54 - 2009-07-13 20:34 - 00450831 ____R () C:\Windows\system32\Drivers\etc\hosts.20150108-191545.backup
2014-12-26 14:48 - 2009-07-13 20:34 - 00450831 ____R () C:\Windows\system32\Drivers\etc\hosts.20141226-145456.backup
2014-12-24 12:01 - 2014-10-31 09:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-23 00:20 - 2014-12-07 15:38 - 00000000 ____D () C:\ProgramData\EPSON
2014-12-22 00:12 - 2014-12-11 18:52 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-12-21 23:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-21 22:07 - 2014-10-31 00:31 - 00000000 ____D () C:\Users\User\Documents\PDFs
2014-12-21 20:08 - 2014-11-11 11:30 - 00000000 ____D () C:\Users\User\Documents\OpenOffice 4.1.1 (en-US) Installation Files
2014-12-21 19:05 - 2014-12-02 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-21 12:50 - 2014-11-20 10:59 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-16 19:09 - 2014-11-16 17:24 - 00000000 ____D () C:\Users\User\Desktop\SANDBOXIE
2014-12-14 22:20 - 2014-10-17 16:00 - 00000000 ____D () C:\ProgramData\AMD
2014-12-14 22:19 - 2014-10-17 15:59 - 00000000 ____D () C:\Program Files\AMD
2014-12-14 22:16 - 2014-10-17 15:53 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-14 22:10 - 2014-10-17 15:52 - 00000000 ____D () C:\AMD
2014-12-14 10:21 - 2009-07-13 20:34 - 00450831 ____R () C:\Windows\system32\Drivers\etc\hosts.20141226-144820.backup
2014-12-12 15:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 02:46 - 2014-10-31 00:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\LibreOffice
2014-12-12 00:44 - 2014-10-31 14:28 - 00000000 ____D () C:\Users\User\Documents\My Kindle Content

Files to move or delete:
====================
C:\Users\User\Start.exe


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhg48y.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 13:14

==================== End Of Log ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
Ran by User at 2015-01-11 22:46:31
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.)
calibre (HKLM-x32\...\{75EA944A-4C53-4A0A-8B3B-E195EDAA626C}) (Version: 2.12.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-3119543180-149146875-1484166104-1001\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-600 Series Printer Uninstall (HKLM\...\EPSON XP-600 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LibreOffice 4.3 Help Pack (English (United States)) (HKLM-x32\...\{6B888EAE-4BA5-4422-A059-542A8D1A24AE}) (Version: 4.3.5.2 - The Document Foundation)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Moffsoft FreeCalc (HKLM-x32\...\MoffFreeCalc_is1) (Version: 1.1 - Moffsoft)
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PeaZip 5.5.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
ResophNotes (HKLM-x32\...\{96620F43-9E25-4452-ACE8-6C408C96659B}) (Version: 1.5.7 - C.Y.Yen)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SoftPerfect WiFi Guard version 1.0.5 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.5 - SoftPerfect Research)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
TheSage (HKLM\...\TheSage) (Version: 6.2.1802 - Sequence Publishing)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
WinRAR 5.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3119543180-149146875-1484166104-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3119543180-149146875-1484166104-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3119543180-149146875-1484166104-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3119543180-149146875-1484166104-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3119543180-149146875-1484166104-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3119543180-149146875-1484166104-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3119543180-149146875-1484166104-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3119543180-149146875-1484166104-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3119543180-149146875-1484166104-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

08-01-2015 11:24:36 Windows Update
08-01-2015 23:42:57 Revo Uninstaller Pro's restore point - SeaMonkey 2.31 (x86 en-US)
08-01-2015 23:46:49 Revo Uninstaller Pro's restore point - PDF Combine
08-01-2015 23:49:52 Revo Uninstaller Pro's restore point - OpenOffice 4.1.1
08-01-2015 23:53:18 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.0.4.1028
09-01-2015 10:36:36 avast! antivirus system restore point
09-01-2015 11:00:22 Revo Uninstaller Pro's restore point - Java™ 6 Update 27
09-01-2015 11:01:04 Removed Java™ 6 Update 27
09-01-2015 11:03:11 Revo Uninstaller Pro's restore point - Hugin 2014.0.0
09-01-2015 12:18:46 Revo Uninstaller Pro's restore point - Google Chrome
09-01-2015 12:45:17 Revo Uninstaller Pro's restore point - Avast Free Antivirus
09-01-2015 12:46:18 avast! antivirus system restore point
09-01-2015 12:59:08 Revo Uninstaller Pro's restore point - Adobe Flash Player 16 ActiveX
09-01-2015 12:59:59 Revo Uninstaller Pro's restore point - Adobe Flash Player 16 NPAPI
09-01-2015 20:19:09 Windows Modules Installer
10-01-2015 20:12:45 Revo Uninstaller Pro's restore point - HitmanPro.Alert
10-01-2015 20:14:44 Revo Uninstaller Pro's restore point - HitmanPro 3.7
11-01-2015 20:36:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-01-08 19:17 - 00450831 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08946954-CF96-4BD9-A6FB-87A5227796EB} - System32\Tasks\Uninstaller_SkipUac_User => C:\\Users\\User\\PortableApps\\IObitUninstallerPortable\\App\\uninstaller\\IObitUninstaler.exe [2014-11-07] (IObit)
Task: {0BFC7969-F167-4CFF-ABD5-35008C0C2782} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0cfc527e-593b-415c-91ca-aa2eb1d5acb9 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {15E9BB9E-F9CD-4F8F-B030-056A5C1585C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {17F6922A-531E-4B7E-B30D-8D6C9EEF7BB6} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {45D77DEB-0B12-430F-B578-F67C99AAA58E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4EEE1766-6A4E-4C2C-89F2-E4719F00FCE5} - System32\Tasks\WpsNotifyTask_User => C:\Users\User\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-11-17] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {6ABB1F9A-0C90-4938-BD29-04E529589946} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {77A5A048-1C5E-4DCE-92AD-FDFD45245EB5} - System32\Tasks\FileTransfer => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
Task: {912143A7-DDC3-45DA-8A2E-F2B4F035BB50} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - User => C:\Program Files (x86)\LTCM Client\ltcmClient.exe
Task: {AB9CCF3F-1610-43BF-84F2-502B1A96405C} - System32\Tasks\WpsUpdateTask_User => C:\Users\User\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-11-17] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {DEF602D2-FB0A-463E-A4AE-C9DA17C3CF05} - System32\Tasks\Accessories => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
Task: {EDA2B26F-82D0-4E2C-B2E5-92BE38AEBCE0} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2287bfbf-8b96-41ed-99c9-8f5dc121bcf6 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {EF0FB7D7-1BD6-42CA-96D5-9D792C47EBEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-10] (Adobe Systems Incorporated)
Task: {F41FEE07-3E78-4D06-8893-79436325BE5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {FECA1574-83F1-4AEC-84DF-BC5C223E2E7D} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0cfc527e-593b-415c-91ca-aa2eb1d5acb9.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2287bfbf-8b96-41ed-99c9-8f5dc121bcf6.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\WpsNotifyTask_User.job => C:\Users\User\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_User.job => C:\Users\User\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-14 13:41 - 2014-04-14 13:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2013-10-14 23:37 - 2013-10-14 23:37 - 00696320 _____ () C:\Program Files (x86)\ResophNotes\ResophNotes.exe
2014-10-21 18:22 - 2014-12-16 16:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-11 09:51 - 2015-01-11 09:51 - 00043008 ____N () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhg48y.dll
2014-10-21 18:22 - 2014-12-16 16:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-08 20:12 - 2014-12-16 16:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-08 20:12 - 2014-12-16 16:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-02 02:19 - 2014-12-02 02:19 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HijackThis startup scan => C:\Users\User\PortableApps\HijackThisPortable\App\HijackThis\HijackThis.exe /startupscan
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3119543180-149146875-1484166104-500 - Administrator - Disabled)
Guest (S-1-5-21-3119543180-149146875-1484166104-501 - Limited - Enabled)
User (S-1-5-21-3119543180-149146875-1484166104-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2015 07:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e5c

Start Time: 01d02db630cac94e

Termination Time: 16

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 552d1b4e-99f7-11e4-a068-2c27d72d16f6


System errors:
=============
Error: (01/11/2015 10:25:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error:
%%183

Error: (01/11/2015 08:25:10 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office Sessions:
=========================
Error: (01/11/2015 07:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711e5c01d02db630cac94e16C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe552d1b4e-99f7-11e4-a068-2c27d72d16f6


CodeIntegrity Errors:
===================================
  Date: 2015-01-10 20:13:14.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-10 20:00:21.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-10 19:58:25.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-10 19:35:22.829
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-10 19:25:40.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-10 19:14:37.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-10 18:59:07.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-10 18:42:56.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-10 18:35:41.480
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-10 18:09:20.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ II X4 645 Processor
Percentage of memory in use: 30%
Total physical RAM: 6143.28 MB
Available physical RAM: 4273.55 MB
Total Pagefile: 12284.73 MB
Available Pagefile: 9299.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.2 GB) (Free:844.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.22 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data) (Fixed) (Total:298.09 GB) (Free:297.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 823AB04C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E4DF062A)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

The last log reported was Shortcuts , if you wish I will post as well. I DID NOT CLICK  Fix.  Thank you again.


Edited by ahberah, 12 January 2015 - 12:07 AM.


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:56 PM

Posted 12 January 2015 - 01:02 AM

Hey my friend. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:56 PM

Posted 16 January 2015 - 08:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users