Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Cannot Remove "Loopback" Exception Error Proxy Issue


  • This topic is locked This topic is locked
6 replies to this topic

#1 SpecterVlog

SpecterVlog

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 14 January 2015 - 11:56 PM

Hello!

 

I have a personal laptop (not on a secure domain / network, that has never run / needed a proxy setting change) with the same issue as the forum post:

 

http://www.bleepingcomputer.com/forums/t/531194/cannot-turn-off-proxy-use/page-2

 

I have downloaded OTC and TweekingComputer Tools, run the scans and backup, and I am assuming the custom fix script in the that post is for that specific computer so it wont necessarily work with mine?

 

I have both logs from the scans and the registry is backed and ready to go. I wont lie, I did try the script and reboot but no change occurred.

 

Any help would be greatly appreciated.

 

Also, as a side note I'm curious if there is a manual way to delete the exception, or if the issue is caused by a virus or something of that nature. My goal is just to have future knowledge of why the "custom fix" script is required.

 

I did indeed like a n00b attempt to change the sever it pointed to, uncheck the proxy server settings (which immediately reset) and manually delete the "loopback" exception script from the box and save the settings but each time the window disappears it never keeps those settings.

 

Feedback Requested :P



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 PM

Posted 15 January 2015 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 SpecterVlog

SpecterVlog
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 16 January 2015 - 02:40 PM

OK for the record I was able to get the internet to work with the previous fix, and I tested LAN and WiFi and its working now BUT BUT BUT BUT:

 

Im not an expert and this isn't my pc so Im running these scans anyway - The computer still behaves sporadically and it took tries of the "custom fix" to make any progress. Ive seen good feedback and results on this site and I feel there's too many opinions about anit-virus and scanning software so Im trusting this pc could benefit from these steps anyway...

 

AdwCleaner Log

 

# AdwCleaner v4.107 - Report created 16/01/2015 at 13:30:37
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 8  (64 bits)
# Username : Aperture Laboratory - GLADOS
# Running from : C:\Users\Aperture Laboratory\Desktop\adwcleaner_4.107.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : nethfdrv
Service Found : pastaleadsServiceCore
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
File Found : C:\Users\Aperture Laboratory\AppData\Local\omesuperv.exe
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\BlitzMediaPlayer
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\pastaleads
Folder Found : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrEeSoFtOdAy
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\ProgramData\pastaleads
Folder Found : C:\Users\Aperture Laboratory\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Found : C:\Users\Aperture Laboratory\AppData\Local\Conduit
Folder Found : C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito
Folder Found : C:\Users\Aperture Laboratory\AppData\Local\simple_new_tab
Folder Found : C:\Users\Aperture Laboratory\AppData\LocalLow\Conduit
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\Common\LuaRT
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\DataMgr
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\fbDownloader
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\Intermediate
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\OfferMosquito
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\SCheck
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\Seventh
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\Sixth
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\Snz
Folder Found : C:\Users\Aperture Laboratory\AppData\Roaming\SSync
Folder Found : C:\Users\Aperture Laboratory\Documents\Information
Folder Found : C:\Users\Aperture Laboratory\Documents\Updater
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5C2DD58F-613F-4580-8AC0-F10D760AF938}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C2DD58F-613F-4580-8AC0-F10D760AF938}
Key Found : HKCU\Software\OfferMosquito
Key Found : HKCU\Software\Protector
Key Found : HKCU\Software\Smartbar
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\OfferMosquito
Key Found : [x64] HKCU\Software\Protector
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\Smartbar
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\TutoTag
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C2DD58F-613F-4580-8AC0-F10D760AF938}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\Wajam
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17183
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sGizYMkeoM3febNCFubPYQGF7EO6nuyj1mcBkELaK3RCAcb6uooByBMmi0BNOP8gJ2Bg26bUsn2bvxM95tJTgQv_E5Pvz9EyXtXZrLplNGJPvCBxgAqM7QdZ1x9hro,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sGizYMkeoM3febNCFubPYQGF7EO6nuyj1mcBkELaK3RCAcb6uooByBMmi0BNOP8gJ2Bg26bUsn2bvxM95tJTgQv_E5Pvz9EyXtXZrLplNGJPvCBxgAqM7QdZ1x9hro,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sGizYMkeoM3febNCFubPYQGF7EO6nuyj1mcBkELaK3RCAcb6uooByBMmi0BNOP8gJ2Bg26bUsn2bvxM95tJTgQv_E5Pvz9EyXtXZrLplNGJPvCBxgAqM7QdZ1x9hro,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sGizYMkeoM3febNCFubPYQGF7EO6nuyj1mcBkELaK3RCAcb6uooByBMmi0BNOP8gJ2Bg26bUsn2bvxM95tJTgQv_E5Pvz9EyXtXZrLplNGJPvCBxgAqM7QdZ1x9hro,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6sGizYMkeoM3febNCFubPYQGF7EO6nuyj1mcBkELaK3RCAcb6uooByBMmi0BNOP8gJ2Bg26bUsn2bvxM95tJTgQv_E5Pvz9EyXtXZrLplNGJPvCBxgAqM7QdZ1x9hr0,&q={searchTerms}
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}
[C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}
 
-\\ Comodo Dragon v31.0.0.0
 
[C:\Users\Aperture Laboratory\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : cmaiofennmphjldldcpphcechfnnohja
 
*************************
 
AdwCleaner[R0].txt - [9557 octets] - [16/01/2015 13:30:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9617 octets] ##########
 
 
 
FRST.txt
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Aperture Laboratory (administrator) on GLADOS on 16-01-2015 13:35:23
Running from C:\Users\Aperture Laboratory\Desktop
Loaded Profiles: Aperture Laboratory (Available profiles: Aperture Laboratory)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Dragon)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\pastaleads\PastaLeadsService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Users\Aperture Laboratory\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
() C:\Program Files (x86)\pastaleads\PastaLeadsWinApp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
() C:\Users\Aperture Laboratory\Desktop\adwcleaner_4.107.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1374328 2013-05-29] (Trend Micro Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-03-19] (IDT, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [209712 2013-02-04] (Trend Micro Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\Run: [Amazon Cloud Player] => C:\Users\Aperture Laboratory\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-10-22] ()
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\Run: [SSync] => C:\Users\Aperture Laboratory\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] ()
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22058592 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\Run: [Intermediate] => C:\Users\Aperture Laboratory\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\RunOnce: [Application Restart #3] => C:\Users\Aperture Laboratory\AppData\Local\Pokki\Engine\pokki.exe [8285512 2013-12-05] (Pokki)
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\MountPoints2: {4fc425ee-5525-11e2-be71-806e6f6e6963} - "E:\Startup.exe" 
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\MountPoints2: {6b49e2d4-e140-11e3-bf01-6c3be581cba1} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\MountPoints2: {6f5a7737-dae9-11e2-beb4-6c3be581cba1} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\MountPoints2: {7e20cad0-2020-11e4-bf12-6c3be581cba1} - "F:\DMMdSetup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PastaQuotes.lnk
ShortcutTarget: PastaQuotes.lnk -> C:\Program Files (x86)\pastaleads\PastaLeadsWinApp.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\Aperture Laboratory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Aperture Laboratory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [.DEFAULT] => 1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-61134264-272785017-1473440739-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-61134264-272785017-1473440739-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-61134264-272785017-1473440739-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1209\1.0.1209\TmopIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: FavGenius -> {3FB16A3D-F03E-4565-A532-666B219C9FF3} -> C:\Users\Aperture Laboratory\AppData\Local\ext_favgenius\ext_favgenius.dll ()
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Simple New Tab -> {5C2DD58F-613F-4580-8AC0-F10D760AF938} -> C:\Users\Aperture Laboratory\AppData\Local\simple_new_tab\simple_new_tab.dll ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-61134264-272785017-1473440739-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1209\1.0.1209\TmopIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CA3E3FAB-8EB8-43FE-A144-F708A1A3951E}: [NameServer] 156.154.70.22,156.154.71.22
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-61134264-272785017-1473440739-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-03-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.fbdownloader.com/?channel=fpo
CHR StartupUrls: Default -> "hxxp://search.fbdownloader.com/?channel=fpo"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Simple Pass) - C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\npgcwloplugin.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [Not Found]
CHR HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Aperture Laboratory\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
CHR HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
CHR HKU\S-1-5-21-61134264-272785017-1473440739-1001\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Aperture Laboratory\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Aperture Laboratory\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-08-27]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx [2013-02-10]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-08-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-22] (Adobe Systems) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-10-15] (HP)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 pastaleadsServiceCore; C:\Program Files (x86)\pastaleads\PastaLeadsService.exe [361368 2014-04-22] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-03-19] (IDT, Inc.) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-30] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671512 2014-12-22] (Wacom Technology, Corp.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [108584 2012-12-21] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-12-21] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-23] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-26] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [77184 2012-12-21] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2012-12-26] (Trend Micro Inc.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 13:34 - 2015-01-16 13:35 - 00021491 _____ () C:\Users\Aperture Laboratory\Desktop\Addition.txt
2015-01-16 13:33 - 2015-01-16 13:35 - 00032517 _____ () C:\Users\Aperture Laboratory\Desktop\FRST.txt
2015-01-16 13:33 - 2015-01-16 13:35 - 00000000 ____D () C:\FRST
2015-01-16 13:30 - 2015-01-16 13:32 - 00000000 ____D () C:\AdwCleaner
2015-01-16 13:29 - 2015-01-16 13:28 - 02125312 _____ (Farbar) C:\Users\Aperture Laboratory\Desktop\FRST64.exe
2015-01-16 13:29 - 2015-01-16 13:27 - 02191360 _____ () C:\Users\Aperture Laboratory\Desktop\adwcleaner_4.107.exe
2015-01-14 23:21 - 2015-01-14 23:23 - 00000000 ____D () C:\Users\Aperture Laboratory\Desktop\Proxy Fix Stuff (Only Remove After Successful Use On Your Internets)
2015-01-14 22:40 - 2015-01-14 22:40 - 00000000 ____D () C:\_OTL
2015-01-14 22:23 - 2015-01-14 22:41 - 00000912 _____ () C:\Windows\PFRO.log
2015-01-14 22:18 - 2015-01-14 22:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-GLADOS-Microsoft-Windows-8-(64-bit).dat
2015-01-14 22:18 - 2015-01-14 22:18 - 00000000 ____D () C:\RegBackup
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-14 22:03 - 2015-01-14 22:03 - 00000794 _____ () C:\Windows\setupact.log
2015-01-14 22:03 - 2015-01-14 22:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 15:52 - 2015-01-16 13:34 - 01592028 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 15:22 - 2015-01-14 15:22 - 00000000 ____D () C:\Users\Aperture Laboratory\AppData\Roaming\VIPRE
2015-01-14 15:22 - 2015-01-14 15:22 - 00000000 ____D () C:\Users\Aperture Laboratory\AppData\Local\VIPRE
2015-01-14 15:22 - 2015-01-14 15:22 - 00000000 ____D () C:\Program Files (x86)\VIPRE
2015-01-14 15:10 - 2015-01-14 15:10 - 00653760 _____ () C:\Users\Aperture Laboratory\Documents\cc_20150114_151000.reg
2015-01-14 15:08 - 2015-01-14 15:08 - 00002800 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-14 15:08 - 2015-01-14 15:08 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-14 15:08 - 2015-01-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-14 15:08 - 2015-01-14 15:08 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-14 14:52 - 2014-11-26 20:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 14:52 - 2014-11-26 19:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-14 14:52 - 2014-11-15 00:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 14:52 - 2014-11-14 23:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 14:52 - 2014-11-14 23:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 14:52 - 2014-11-14 23:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 14:52 - 2014-11-14 23:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 14:52 - 2014-11-14 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 14:52 - 2014-11-14 23:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 14:52 - 2014-11-14 23:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 14:52 - 2014-11-14 23:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-14 14:52 - 2014-11-14 21:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 14:52 - 2014-11-14 21:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 14:52 - 2014-11-14 21:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 14:52 - 2014-11-14 21:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 14:51 - 2014-12-11 00:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 14:51 - 2014-11-05 00:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-14 14:51 - 2014-11-05 00:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-14 14:51 - 2014-11-01 00:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-14 14:51 - 2014-10-29 08:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 14:51 - 2014-10-27 16:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-14 14:50 - 2014-12-19 00:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 14:50 - 2014-12-18 22:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:50 - 2014-12-11 01:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 14:50 - 2014-12-06 01:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 14:50 - 2014-12-06 01:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 14:50 - 2014-12-06 01:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 14:50 - 2014-12-06 01:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 14:50 - 2014-12-06 01:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 14:50 - 2014-12-06 01:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 14:50 - 2014-12-06 01:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 14:50 - 2014-12-06 01:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 14:50 - 2014-12-06 00:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 14:50 - 2014-12-06 00:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 14:50 - 2014-12-06 00:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 14:50 - 2014-12-06 00:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 13:41 - 2015-01-14 13:41 - 00000000 ____D () C:\Windows\pss
2015-01-10 13:19 - 2015-01-10 13:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-08 19:50 - 2014-10-08 22:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-01-08 19:50 - 2014-10-08 22:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-01-08 19:50 - 2014-10-08 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-01-08 19:50 - 2014-10-08 21:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-01-08 19:50 - 2014-10-08 21:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-01-08 19:24 - 2014-12-09 01:12 - 00590816 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-01-08 19:24 - 2014-12-09 01:12 - 00467408 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-01-08 19:22 - 2014-12-04 19:41 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-08 19:22 - 2014-12-04 19:41 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-08 19:22 - 2014-12-04 19:41 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-08 19:22 - 2014-12-04 19:40 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-08 19:22 - 2014-12-02 19:48 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-08 19:22 - 2014-12-02 19:48 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-08 19:22 - 2014-12-02 19:48 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-08 19:22 - 2014-11-21 02:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-08 19:22 - 2014-11-21 02:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-08 19:22 - 2014-11-21 02:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-08 19:22 - 2014-11-21 02:37 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-01-08 19:22 - 2014-11-21 02:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-08 19:22 - 2014-11-21 02:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-08 19:22 - 2014-11-21 02:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-08 19:22 - 2014-11-21 01:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-08 19:22 - 2014-11-21 01:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-08 19:22 - 2014-11-21 01:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-08 19:22 - 2014-11-21 01:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-08 19:22 - 2014-11-21 01:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-08 19:22 - 2014-11-21 01:17 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-08 19:22 - 2014-11-21 01:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-08 19:22 - 2014-11-21 01:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-08 19:22 - 2014-11-21 01:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-08 19:22 - 2014-11-21 00:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-08 19:22 - 2014-11-20 22:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-01-08 19:22 - 2014-10-11 01:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-08 19:22 - 2014-10-10 23:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-08 19:22 - 2014-10-08 21:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-01-08 19:22 - 2014-10-08 21:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-01-08 19:22 - 2014-10-08 21:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-01-08 19:22 - 2014-09-21 23:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-01-08 19:22 - 2014-09-21 21:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2015-01-08 19:21 - 2014-11-06 00:50 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-08 19:21 - 2014-11-05 23:03 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-08 19:21 - 2014-10-30 01:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-08 19:21 - 2014-10-29 23:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-08 19:09 - 2015-01-08 19:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2015-01-08 19:06 - 2015-01-08 19:06 - 00000000 ____D () C:\Users\Aperture Laboratory\AppData\Roaming\Snz
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 13:32 - 2013-09-07 14:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 13:28 - 2014-10-03 20:23 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 13:28 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-14 23:13 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 23:10 - 2012-07-26 01:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-14 22:40 - 2014-10-03 20:23 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 22:04 - 2012-07-26 01:28 - 00942994 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 22:02 - 2014-10-22 14:45 - 00000000 ____D () C:\Users\Aperture Laboratory\AppData\Roaming\Skype
2015-01-14 19:32 - 2013-09-07 14:35 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 19:05 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-14 16:03 - 2013-02-09 15:43 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-61134264-272785017-1473440739-1001
2015-01-14 15:22 - 2014-08-09 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-01-14 15:21 - 2014-08-03 19:31 - 00000000 ____D () C:\ProgramData\paltiosoft
2015-01-14 15:12 - 2013-04-09 21:00 - 00000000 ____D () C:\Users\Aperture Laboratory\AppData\Roaming\uTorrent
2015-01-14 15:11 - 2013-02-12 16:33 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 15:11 - 2012-08-03 17:21 - 00000000 ____D () C:\Windows\Panther
2015-01-14 14:58 - 2013-08-19 02:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 14:53 - 2013-02-13 22:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 13:19 - 2014-07-12 09:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-10 13:19 - 2012-07-26 02:12 - 00000000 ___RD () C:\Windows\ToastData
2015-01-10 13:19 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AppCompat
2015-01-08 19:55 - 2013-02-15 15:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-08 19:55 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\rescache
2015-01-08 19:11 - 2012-07-25 23:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-08 19:09 - 2014-11-12 17:19 - 00000000 ____D () C:\Users\Aperture Laboratory\AppData\Local\Wacom Help
2015-01-08 19:09 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-01-08 19:08 - 2013-04-28 19:00 - 00000000 ____D () C:\Program Files\Tablet
2015-01-08 19:06 - 2013-07-18 20:57 - 00000000 ____D () C:\Users\Aperture Laboratory\AppData\Roaming\DataMgr
2015-01-05 17:28 - 2014-11-16 18:18 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 17:28 - 2014-11-16 18:18 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-22 14:42 - 2014-09-16 16:08 - 01997592 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2014-12-22 14:42 - 2014-09-16 16:08 - 01990936 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2014-12-22 14:42 - 2014-09-16 16:08 - 01618712 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2014-12-22 14:42 - 2014-09-16 16:08 - 01612056 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2014-12-22 14:42 - 2013-04-28 19:00 - 02029336 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2014-12-22 14:42 - 2013-04-28 19:00 - 01863960 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2014-12-22 14:42 - 2013-04-28 19:00 - 01626392 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2014-12-22 14:42 - 2013-04-28 19:00 - 01497368 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
 
Some content of TEMP:
====================
C:\Users\Aperture Laboratory\AppData\Local\Temp\Quarantine.exe
C:\Users\Aperture Laboratory\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-08 19:41
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 PM

Posted 17 January 2015 - 08:50 AM

Please run the AdwCleaner tool and clean everything that is found.

Restart as requested after the clean up.

Run the Farbar tool and post a fresh FRST log for my review.

Post also the Addition.txt file that the Farbar tool created when you first run it.

Let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 PM

Posted 22 January 2015 - 09:31 AM

Are you still with me?

#6 SpecterVlog

SpecterVlog
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 25 January 2015 - 06:34 AM

I had to rerun the pc and have been trying to get me to send them the scans but it's futile. Now that it's "fixed" that's all that matters lol! Thanks anyway for all your help :(

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:21 PM

Posted 25 January 2015 - 08:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users