Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got hammered by cryptowall3 - is it gone?


  • This topic is locked This topic is locked
24 replies to this topic

#1 Danbohlen

Danbohlen

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 03 February 2015 - 07:43 PM

Just want to be sure it is gone before other machines get on my network and before I copy back my archived files.  I have run macafee twice and it didn't find anything - so I'm a little concerned.
 
Thank you in advance,
 
Dan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by dan (administrator) on DADPC on 03-02-2015 19:35:00
Running from C:\Users\dan\Downloads
Loaded Profiles: dan (Available profiles: dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Webroot Software, Inc.) C:\Windows\SysWOW64\wwSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\dan\AppData\Local\Akamai\netsession_win.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\dan\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(FUJIFILM Corporation) C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(CWE Computer Services) C:\Program Files (x86)\gsak\gsak.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(CWE Computer Services) C:\Program Files (x86)\gsak\gsak.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\MapSource.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-12-04] (McAfee, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [643576 2014-11-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [Akamai NetSession Interface] => C:\Users\dan\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [74441ACFBA411D603F46C8679915925E1D3298D7._service_run] => "C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [GoogleChromeAutoLaunch_C9C96AD0D92756859D04F03C3101E464] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [Online Ad Scanner] => C:\Users\dan\AppData\Roaming\OAS\oasupd.exe [28672 2014-12-01] ()
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\dan\AppData\Local\Smartbar\Application\SnapDo.exe startup
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [olvbesb] => rundll32 "C:\Users\dan\AppData\Local\olvbesb.dll",olvbesb <===== ATTENTION
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\RunOnce: [Adobe Speed Launcher] => 1423009803
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\MountPoints2: {4c03a02c-c8a5-11e2-b272-782bcb8e2d01} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\MountPoints2: {c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey.lnk
ShortcutTarget: AutoHotkey.lnk -> C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe ()
Startup: C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
InternetURL: C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.tostotor.com/199jvtU
Startup: C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54013;https=127.0.0.1:54013
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJ_YmLtSSyoPrVrLTgRYbssspmrzuKOHnPAuKmZfn9F2ZVxp_8s2Kp34woSx4Juq8vKPECo_vHSUxkke1iejl5yLniHdWYwt86kCExidkISxqqaaTPyv3KdGo9fm9QCx40t4Wl0gRwt4m31QuN5SmdTw,,&q={searchTerms}
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJ_YmLtSSyoPrVrLTgRYbssspmrzuKOHnPAuKmZfn9F2ZVxp_8s2Kp34woSx4Juq8vKPECo_vHSUxkke1iejl5yLniHdWYwt86kCExidkISxqqaaTPyv3KdGo9fm9QCx40t4Wl0gRwt4m31QuN5SmdTw,,&q={searchTerms}
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.google.com/
URLSearchHook: HKLM-x32 - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJ_YmLtSSyoPrVrLTgRYbssspmrzuKOHnPAuKmZfn9F2ZVxp_8s2Kp34woSx4Juq8vKPECo_vHSUxkke1iejl5yLniHdWYwt86kCExidkISxqqaaTPyv3KdGo9fm9QCx40t4Wl0gRwt4m31QuN5SmdSQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJ_YmLtSSyoPrVrLTgRYbssspmrzuKOHnPAuKmZfn9F2ZVxp_8s2Kp34woSx4Juq8vKPECo_vHSUxkke1iejl5yLniHdWYwt86kCExidkISxqqaaTPyv3KdGo9fm9QCx40t4Wl0gRwt4m31QuN5SmdSQ,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001 -> DefaultScope {56BBEE6D-FEB4-4663-B981-6378099322C7} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140608&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJ_YmLtSSyoPrVrLTgRYbssspmrzuKOHnPAuKmZfn9F2ZVxp_8s2Kp34woSx4Juq8vKPECo_vHSUxkke1iejl5yLniHdWYwt86kCExidkISxqqaaTPyv3KdGo9fm9QCx40t4Wl0gRwt4m31QuN5SmdTw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001 -> {56BBEE6D-FEB4-4663-B981-6378099322C7} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140608&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> No File
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {90eee664-34b1-422a-a782-779af65cdf6d} -> No File
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://win7.connectge.com/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2012-12-30]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By Smilebox\Firefox
FF HKLM-x32\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By Smilebox\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-11-10]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl", "hxxp://www.weather.com/weather/tenday/l/45241:4:US", "https://maps.google.com/maps?hl=en&tab=wl&authuser=0&output=classic&dg=oo", "https://www.google.com/calendar/render?tab=wc#g"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Google Search) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (SiteAdvisor) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-06-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-05-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-25]
CHR Extension: (Google Wallet) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Gmail) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]
CHR HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [660544 2014-12-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [604448 2014-12-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [228000 2014-12-19] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [312952 2014-12-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [221320 2014-12-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wwSecSvc; C:\Windows\SysWOW64\wwSecure.exe [486400 2005-05-20] (Webroot Software, Inc.) [File not signed]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{6FD28D3E-4440-4EA8-AEE9-8755787D8177}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70984 2014-12-19] (McAfee, Inc.)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-10-09] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [368904 2014-12-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [340192 2014-12-19] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [100080 2014-12-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [532424 2014-12-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [886488 2014-12-19] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2014-11-08] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2014-11-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [349328 2014-12-19] (McAfee, Inc.)
R1 NEOFLTR_7111_21451; C:\Windows\system32\Drivers\NEOFLTR_7111_21451.SYS [99192 2012-07-19] (Juniper Networks)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 VPROEVENTMONITOR; C:\Windows\system32\drivers\VProEventMonitor.sys [20528 2009-09-21] (Symantec Corporation)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-20] (StdLib)
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 19:35 - 2015-02-03 19:36 - 00049152 _____ () C:\Users\dan\Downloads\FRST.txt
2015-02-03 19:34 - 2015-02-03 19:35 - 00000000 ____D () C:\FRST
2015-02-03 19:34 - 2015-02-03 19:34 - 02131456 _____ (Farbar) C:\Users\dan\Downloads\FRST64.exe
2015-02-02 20:12 - 2015-02-02 20:12 - 00002998 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest-Retry
2015-02-01 11:53 - 2015-02-01 11:58 - 00000000 ____D () C:\ENCRYPTED_FILES
2015-02-01 11:49 - 2015-02-01 11:49 - 13290048 _____ (Mozy, Inc.) C:\Users\dan\Downloads\mozy-2_28_0_421-63613.exe
2015-02-01 11:16 - 2014-12-24 00:32 - 00016512 _____ () C:\Users\dan\Desktop\east_fork_hides_dec_23_2014.xlsx
2015-02-01 11:15 - 2015-02-01 11:59 - 00000000 ____D () C:\Users\dan\Desktop\Deluxe 2014
2015-02-01 10:38 - 2015-02-01 10:38 - 00018432 ___SH () C:\Users\dan\AppData\Thumbs.db
2015-02-01 09:28 - 2015-02-01 11:59 - 00000000 ____D () C:\Users\dan\Desktop\TEST
2015-02-01 09:25 - 2015-02-01 09:25 - 00001851 _____ () C:\Users\dan\Desktop\ShadowExplorer.lnk
2015-02-01 09:25 - 2015-02-01 09:25 - 00000000 ____D () C:\Users\dan\AppData\Roaming\www.shadowexplorer.com
2015-02-01 09:25 - 2015-02-01 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-02-01 09:25 - 2015-02-01 09:25 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2015-02-01 09:24 - 2015-02-01 09:24 - 00969845 _____ (ShadowExplorer.com ) C:\Users\dan\Downloads\ShadowExplorer-0.9-setup.exe
2015-02-01 09:16 - 2015-02-01 09:16 - 00000000 ____D () C:\Users\dan\AppData\Roaming\R-TT
2015-02-01 09:16 - 2015-02-01 09:16 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
2015-02-01 09:16 - 2015-02-01 09:16 - 00000000 ____D () C:\Program Files (x86)\R-Studio
2015-02-01 09:12 - 2015-02-01 09:13 - 41880320 _____ (R-Tools Technology Inc.) C:\Users\dan\Downloads\RStudio7.exe
2015-02-01 07:48 - 2015-02-01 07:48 - 00053248 _____ () C:\Windows\SysWOW64\zlib.dll
2015-02-01 07:48 - 2015-02-01 07:48 - 00001178 _____ () C:\Users\Public\Desktop\CryptoPrevent.lnk
2015-02-01 07:48 - 2015-02-01 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-02-01 07:48 - 2015-02-01 07:48 - 00000000 ____D () C:\ProgramData\Foolish IT
2015-02-01 07:48 - 2015-02-01 07:48 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
2015-02-01 07:47 - 2015-02-01 07:47 - 00971528 _____ (Foolish IT LLC ) C:\Users\dan\Downloads\CryptoPreventSetup.exe
2015-02-01 07:44 - 2015-02-01 07:44 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\dan\Downloads\sh-remover.exe
2015-02-01 07:39 - 2015-02-01 08:18 - 06496944 _____ () C:\Users\dan\Desktop\ListCWall.txt
2015-02-01 07:38 - 2015-02-01 07:39 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\dan\Downloads\ListCWall.exe
2015-01-31 06:28 - 2015-01-31 06:28 - 00000276 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-01-31 06:27 - 2015-01-31 06:27 - 00000276 _____ () C:\Users\dan\HELP_DECRYPT.URL
2015-01-30 05:33 - 2015-01-30 05:33 - 00000276 _____ () C:\Users\dan\Downloads\HELP_DECRYPT.URL
2015-01-30 01:24 - 2015-01-30 01:24 - 00000276 _____ () C:\Users\dan\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 01:24 - 2015-01-30 01:24 - 00000276 _____ () C:\Users\dan\AppData\HELP_DECRYPT.URL
2015-01-30 00:56 - 2015-01-30 00:56 - 00000276 _____ () C:\Users\dan\AppData\Local\HELP_DECRYPT.URL
2015-01-29 23:46 - 2015-01-29 23:46 - 00000276 _____ () C:\Users\dan\AppData\Local\Apps\HELP_DECRYPT.URL
2015-01-29 23:46 - 2015-01-29 23:46 - 00000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-29 23:28 - 2015-01-29 23:29 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Local Store
2015-01-29 23:22 - 2015-01-29 23:22 - 00023552 _____ () C:\Users\dan\AppData\Local\olvbesb.dll
2015-01-25 06:43 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-01-25 06:42 - 2014-10-09 14:32 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2015-01-19 17:32 - 2015-01-19 17:32 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk
2015-01-19 17:32 - 2015-01-19 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-01-15 21:31 - 2015-01-24 05:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-15 03:01 - 2015-01-15 03:01 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-01-15 03:01 - 2015-01-15 03:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-01-14 07:14 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:14 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:14 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:14 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:14 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:14 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:14 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:14 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:14 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:14 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:14 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:14 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:14 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 17:05 - 2015-01-23 16:36 - 00000000 ____D () C:\ProgramData\ZurokUfihs

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 19:36 - 2011-04-16 20:18 - 00000000 ____D () C:\Users\dan\AppData\Roaming\gsak
2015-02-03 19:16 - 2009-07-14 00:10 - 01961250 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 19:13 - 2013-06-13 18:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 19:08 - 2014-03-22 06:45 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 19:05 - 2011-04-16 17:25 - 04494848 ___SH () C:\Users\dan\Desktop\Thumbs.db
2015-02-02 21:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration
2015-02-02 20:55 - 2013-05-21 15:22 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-02 20:44 - 2011-04-24 06:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 11:59 - 2014-08-31 09:01 - 00000000 ____D () C:\Users\dan\.gimp-2.8
2015-02-01 11:59 - 2014-06-08 12:18 - 00000000 ____D () C:\Users\dan\Desktop\my.policy_files
2015-02-01 11:59 - 2014-01-16 19:33 - 00000000 ____D () C:\Users\dan\Desktop\crap
2015-02-01 11:59 - 2013-11-24 10:39 - 00000000 ____D () C:\Users\dan\Documents\Garmin
2015-02-01 11:59 - 2013-10-29 18:37 - 00000000 ____D () C:\Users\dan\Documents\HTC
2015-02-01 11:59 - 2013-10-29 18:37 - 00000000 ____D () C:\Users\dan\.android
2015-02-01 11:59 - 2013-06-13 18:56 - 00000000 ____D () C:\Users\dan\Documents\Wondershare DVD Slideshow Builder Deluxe
2015-02-01 11:59 - 2013-05-05 13:50 - 00000000 ____D () C:\Users\dan\Desktop\Katie
2015-02-01 11:59 - 2011-04-16 13:19 - 00000000 ____D () C:\Users\dan
2015-02-01 11:59 - 2008-12-07 13:31 - 00000000 ____D () C:\Users\dan\Desktop\Unused Desktop Shortcuts
2015-02-01 11:59 - 2008-10-31 21:10 - 00000000 ____D () C:\Users\dan\Documents\chess
2015-02-01 11:59 - 2008-10-06 21:17 - 00000000 ____D () C:\Users\dan\Desktop\geocache
2015-02-01 11:59 - 2006-04-21 20:11 - 00000000 ____D () C:\Users\dan\Documents\NeroVision
2015-02-01 11:59 - 2006-04-15 18:08 - 00000000 ____D () C:\Users\dan\Documents\vobblank
2015-02-01 11:59 - 2004-02-24 17:23 - 00000000 ____D () C:\Users\dan\Documents\sharon
2015-02-01 11:59 - 2004-02-24 17:23 - 00000000 ____D () C:\Users\dan\Documents\Sarah
2015-02-01 11:59 - 2004-02-23 21:48 - 00000000 ____D () C:\Users\dan\Documents\dan
2015-02-01 11:16 - 2014-12-21 19:43 - 00000000 ___RD () C:\Users\dan\Google Drive
2015-02-01 11:00 - 2012-03-30 19:25 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-02-01 09:11 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 09:11 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 09:08 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 09:03 - 2014-09-24 19:46 - 00000000 ___RD () C:\Users\dan\iCloudDrive
2015-02-01 09:01 - 2011-04-12 00:29 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-01 09:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 09:00 - 2011-08-21 16:56 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 08:48 - 2014-12-25 19:56 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-02-01 08:38 - 2014-06-08 08:42 - 00000000 ____D () C:\Users\dan\AppData\Local\McAfee File Lock
2015-02-01 08:30 - 2014-06-08 08:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
2015-02-01 07:36 - 2014-12-25 19:53 - 00000000 ____D () C:\Users\dan\AppData\Roaming\OAS
2015-02-01 07:11 - 2012-05-16 06:15 - 00048640 ___SH () C:\Users\dan\Thumbs.db
2015-01-31 06:27 - 2011-06-04 09:26 - 00000000 ____D () C:\Users\dan\Web Cal Plus
2015-01-31 05:09 - 2011-04-23 20:42 - 00000000 ____D () C:\VProRecovery
2015-01-30 03:11 - 2009-11-30 17:20 - 00000000 ____D () C:\Users\dan\Documents\_oregon_backup
2015-01-30 03:00 - 2005-07-30 09:06 - 00000000 ____D () C:\Users\dan\Documents\sharon scans
2015-01-30 02:59 - 2012-02-19 19:53 - 00000000 ___SD () C:\Users\dan\Documents\My Data Sources
2015-01-30 02:59 - 2007-01-30 05:31 - 00000000 ____D () C:\Users\dan\Documents\ItsDeductible2006
2015-01-30 02:59 - 2006-02-19 07:20 - 00000000 ____D () C:\Users\dan\Documents\pdf995
2015-01-30 02:59 - 2005-01-17 13:28 - 00000000 ____D () C:\Users\dan\Documents\My Games
2015-01-30 02:59 - 2004-02-23 21:42 - 00000000 ____D () C:\Users\dan\Documents\OUTLOOK_FILES
2015-01-30 02:58 - 2010-02-23 05:12 - 00000000 ____D () C:\Users\dan\Documents\flash_player_update_201002_flash10
2015-01-30 02:57 - 2008-04-18 12:33 - 00000000 ____D () C:\Users\dan\Documents\donnelly_pics
2015-01-30 02:57 - 2006-06-17 12:36 - 00000000 ____D () C:\Users\dan\Documents\DVD covers
2015-01-30 02:15 - 2011-04-16 14:34 - 00000000 ____D () C:\Users\dan\Desktop\work_login
2015-01-30 02:15 - 2010-08-15 07:16 - 00000000 ____D () C:\Users\dan\Desktop\VIDEO_TS
2015-01-30 02:15 - 2009-11-09 19:47 - 00000000 ____D () C:\Users\dan\Documents\2009_1109test
2015-01-30 02:15 - 2009-11-03 21:00 - 00000000 ____D () C:\Users\dan\Documents\2009_1103test
2015-01-30 02:15 - 2007-08-20 18:42 - 00000000 ____D () C:\Users\dan\Documents\2007_08_19
2015-01-30 02:13 - 2011-05-30 09:19 - 00000000 ____D () C:\Users\dan\Desktop\SHARKS
2015-01-30 01:24 - 2011-11-19 13:40 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Trellian
2015-01-30 01:24 - 2011-04-16 15:04 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Thunderbird
2015-01-30 01:23 - 2011-04-29 09:34 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Skype
2015-01-30 01:23 - 2011-04-16 18:30 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Juniper Networks
2015-01-30 01:23 - 2011-04-16 16:00 - 00000000 ____D () C:\Users\dan\AppData\Roaming\PCDr
2015-01-30 01:23 - 2011-04-16 13:28 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Mozilla
2015-01-30 01:23 - 2011-04-16 13:24 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Roxio
2015-01-30 00:59 - 2013-06-06 18:25 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Foxit Software
2015-01-30 00:59 - 2011-04-16 14:28 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Garmin
2015-01-30 00:58 - 2011-05-30 09:07 - 00000000 ____D () C:\Users\dan\AppData\Roaming\FileZilla
2015-01-30 00:58 - 2011-04-16 13:25 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Dell
2015-01-30 00:57 - 2011-09-18 08:56 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Canon
2015-01-30 00:57 - 2011-08-05 21:23 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Apple Computer
2015-01-30 00:57 - 2011-04-16 13:25 - 00000000 ____D () C:\Users\dan\AppData\Roaming\Adobe
2015-01-30 00:56 - 2014-08-31 09:21 - 00000000 ____D () C:\Users\dan\AppData\Local\webkit
2015-01-30 00:56 - 2011-04-16 13:24 - 00000000 ____D () C:\Users\dan\AppData\Local\VirtualStore
2015-01-30 00:55 - 2014-12-25 20:05 - 00000000 ____D () C:\Users\dan\AppData\Local\Smartbar
2015-01-30 00:55 - 2014-07-04 12:05 - 00000000 ____D () C:\Users\dan\AppData\Local\Skype
2015-01-30 00:55 - 2011-04-16 19:45 - 00000000 ____D () C:\Users\dan\AppData\Local\TopoGrafix
2015-01-30 00:55 - 2011-04-16 15:04 - 00000000 ____D () C:\Users\dan\AppData\Local\Thunderbird
2015-01-30 00:03 - 2014-12-25 20:05 - 00000000 ____D () C:\Users\dan\AppData\Local\LPT
2015-01-30 00:03 - 2011-11-20 07:32 - 00000000 ____D () C:\Users\dan\AppData\Local\IM
2015-01-30 00:02 - 2014-02-04 20:39 - 00000000 ____D () C:\Users\dan\AppData\Local\iLivid
2015-01-29 23:47 - 2013-10-29 18:37 - 00000000 ____D () C:\Users\dan\AppData\Local\HTC MediaHub
2015-01-29 23:47 - 2011-04-24 06:20 - 00000000 ____D () C:\Users\dan\AppData\Local\Google
2015-01-29 23:47 - 2011-04-16 14:28 - 00000000 ____D () C:\Users\dan\AppData\Local\Garmin
2015-01-29 23:47 - 2011-04-16 13:25 - 00000000 ____D () C:\Users\dan\AppData\Local\Dell
2015-01-29 23:46 - 2014-09-24 19:46 - 00000000 ____D () C:\Users\dan\AppData\Local\603D8178-101D-491C-A7F1-AD963A1591A2.aplzod
2015-01-29 23:46 - 2011-12-08 17:45 - 00000000 ____D () C:\Users\dan\AppData\Local\Akamai
2015-01-29 23:46 - 2011-04-23 16:25 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-29 23:46 - 2011-04-16 15:45 - 00000000 ____D () C:\Users\dan\AppData\Local\Apple Computer
2015-01-29 23:46 - 2011-04-16 13:41 - 00000000 ____D () C:\Users\dan\AppData\Local\Apps\2.0
2015-01-29 23:46 - 2011-04-12 00:34 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-29 23:46 - 2011-04-12 00:18 - 00000000 ____D () C:\ProgramData\Skype
2015-01-29 23:44 - 2012-03-30 19:24 - 00000000 ____D () C:\ProgramData\Intuit
2015-01-29 23:44 - 2011-04-12 00:29 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-29 23:41 - 2011-04-16 14:28 - 00000000 ____D () C:\ProgramData\Garmin
2015-01-29 23:39 - 2011-04-16 14:26 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-29 03:05 - 2011-04-16 19:36 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-28 16:11 - 2014-12-21 19:41 - 00002004 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-28 16:11 - 2014-12-21 19:41 - 00002002 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-28 16:11 - 2014-12-21 19:41 - 00001992 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-28 16:11 - 2014-12-21 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 20:28 - 2013-06-13 18:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 20:27 - 2013-06-13 18:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 20:27 - 2013-06-13 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 18:01 - 2012-10-29 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 06:43 - 2011-04-12 00:29 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-01-23 16:46 - 2014-12-25 19:56 - 00000000 ____D () C:\Users\dan\AppData\Roaming\VOPackage
2015-01-19 17:34 - 2012-03-30 19:27 - 00001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-15 03:08 - 2013-08-12 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2011-04-17 21:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-05-24 06:03 - 2014-05-24 06:03 - 14936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-11-21 23:23 - 2011-11-21 23:23 - 0300416 _____ () C:\Users\dan\AppData\Roaming\BtvStack.dll
2015-01-30 01:24 - 2015-01-30 01:24 - 0045614 _____ () C:\Users\dan\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-30 01:24 - 2015-01-30 01:24 - 0000276 _____ () C:\Users\dan\AppData\Roaming\HELP_DECRYPT.URL
2011-04-16 17:59 - 2011-01-04 09:26 - 0076407 _____ () C:\Users\dan\AppData\Roaming\Smiley.ico
2011-10-30 15:57 - 2011-10-30 15:57 - 0003584 _____ () C:\Users\dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 00:56 - 2015-01-30 00:56 - 0045614 _____ () C:\Users\dan\AppData\Local\HELP_DECRYPT.PNG
2015-01-30 00:56 - 2015-01-30 00:56 - 0000276 _____ () C:\Users\dan\AppData\Local\HELP_DECRYPT.URL
2015-01-29 23:22 - 2015-01-29 23:22 - 0023552 _____ () C:\Users\dan\AppData\Local\olvbesb.dll
2014-09-06 06:31 - 2014-09-06 06:31 - 0004267 _____ () C:\Users\dan\AppData\Local\recently-used.xbel
2011-04-17 10:33 - 2011-04-17 10:33 - 0007605 _____ () C:\Users\dan\AppData\Local\Resmon.ResmonCfg
2011-12-08 16:45 - 2011-12-08 16:45 - 0000041 ___SH () C:\ProgramData\.zreglib
2015-01-29 23:46 - 2015-01-29 23:46 - 0045614 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-29 23:46 - 2015-01-29 23:46 - 0000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
2012-03-30 19:27 - 2015-01-19 17:34 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-12-25 20:24 - 2014-12-25 20:24 - 0001506 _____ () C:\ProgramData\tempimage.bmp

Files to move or delete:
====================
C:\Users\dan\gotomypc.exe
C:\Users\dan\neoteris_read_12919296.reg
C:\Users\dan\neoteris_read_9131644.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 07:00

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by dan at 2015-02-03 19:36:40
Running from C:\Users\dan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy Utility (HKLM-x32\...\Copy Utility) (Version: - )
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
FileZilla Client 3.5.0 (HKLM-x32\...\FileZilla Client) (Version: 3.5.0 - )
FinePixViewer Ver.5.5 (HKLM-x32\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.5 - FUJIFILM Corporation)
Florida Topo Map (HKLM-x32\...\Florida Topo) (Version: 1.60 - GPSFileDepot.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
Garmin BaseCamp (HKLM-x32\...\{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}) (Version: 3.3.3 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2010.10 (HKLM-x32\...\{6E2B7A41-5ACC-4797-95C7-2BE64388028B}) (Version: 13.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2012.20 Update (HKLM-x32\...\{E11CFDDC-6442-4E90-AA6C-B938E6DB0A74}) (Version: 15.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2014.30 Update (HKLM-x32\...\{6D30B301-7D44-4D64-9369-638E0101F922}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2014.40 Update (HKLM-x32\...\{82B42DF2-2ECF-4C4B-B939-A275664028E2}) (Version: 17.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{5CA74EDC-CFC3-4FA0-AED7-1415CA19F250}) (Version: 2.7.2 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{A0357047-7949-4D34-B41F-6F444E7A5159}) (Version: 3.6.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPSBabel 1.4.2 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version: - GPSBabel)
Groundspeak Wherigo Builder (HKLM-x32\...\{523D8C1B-3309-4F8E-A15B-6C0E8A0B7D72}) (Version: 2.0.5129 - Groundspeak)
GSAK 8.4.1.67 (HKLM-x32\...\GSAK_is1) (Version: - CWE computer services)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.8.0.002 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.3.32.0 - HTC)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IncrediMail (x32 Version: 6.2.9.5139 - IncrediMail) Hidden
INDIANA TOPO (HKLM-x32\...\intopo11) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java™ 6 Update 38 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216038FF}) (Version: 6.0.380 - Oracle)
Juniper Networks Host Checker (HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Neoteris_Host_Checker) (Version: 7.1.11.21451 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.1.11.21451 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Juniper_Term_Services) (Version: 7.1.11.21451 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KENTUCKY TOPO (HKLM-x32\...\kytopo11) (Version: - )
KNCTR (HKLM-x32\...\Itibiti_is1) (Version: - Itibiti Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.182 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.207 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower)
Multimedia Card Reader (x32 Version: 1.6.915.87 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Trail Maps (HKLM-x32\...\My Trails) (Version: - )
MyApps Anywhere (HKLM-x32\...\MyApps Anywhere) (Version: 1.0.8.0 - General Electric)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
OAS (HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Online Ad Scanner) (Version: 1.00 - OAS Corp)
OHIO TOPO (HKLM-x32\...\ohtopo11) (Version: - )
Ohio Wildernesses Map (HKLM-x32\...\Ohio Wildernesses) (Version: - )
OSM generic routable (HKLM-x32\...\OSM generic routable) (Version: - )
PageBreeze Free HTML Editor (HKLM-x32\...\PageBreeze Free HTML Editor) (Version: - )
Pdf995 (HKLM-x32\...\Pdf995) (Version: - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
R-Studio 7.5 (HKLM-x32\...\R-Studio 7.5NSIS) (Version: 7.5.156292 - R-Tools Technology Inc.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{DF7124A7-0580-46B7-8243-8CFB924F851A}) (Version: 11.126.1.20709 - ReSoft Ltd.) <==== ATTENTION
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios)
TextPad 7 (HKLM-x32\...\{3DE3E4EE-F270-4A31-AB76-475515C661BD}) (Version: 7.4.0 - Helios)
TRAIL_100K (HKLM-x32\...\trail100) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Urwigo (HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\d3b4051a8f45e697) (Version: 1.20.0.141 - Urwigo)
US Planimetric NC (HKLM-x32\...\us_p_nc) (Version: - )
Window Washer (HKLM-x32\...\Window Washer) (Version: - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.11.66) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.1.11.66 - WonderShare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files (x86)\TextPad 7\System\shellext64.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001_Classes\CLSID\{aa691964-bde1-4ccf-89e2-5167121f56c0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions)

==================== Restore Points =========================

31-01-2015 09:37:57 Scheduled Checkpoint
01-02-2015 12:11:06 Installed MozyHome
02-02-2015 20:12:28 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02B8FBBA-1E58-4640-92E2-D782D65D82AD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {0372823B-1CEC-40DA-9529-C7D8F4B00982} - System32\Tasks\{8D08F193-E530-4CDC-993D-59C92D260230} => pcalua.exe -a "C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6ZOORLE\MapSource_6163[1].exe" -d C:\Users\dan\Desktop
Task: {04FCB835-411C-4695-8CE2-16B82714F138} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {0B560205-99D3-4CD1-8DDA-D4FA8120DC93} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {348D3B27-6FA4-4FFC-8EB4-77110727B61D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {366A9B06-1449-4906-B736-2C93820497D7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6390C4F1-9C81-4992-83B1-1AA1C8F4B5DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {64B38A43-900A-49E5-87C8-B7E697AAA083} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {82C175B9-D20D-43C5-BE41-C072E5E8E440} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {907F2CC1-0131-4CBE-94BA-F7152E7E4A5B} - System32\Tasks\{DE48785A-8931-49AD-B192-449B7AF75DCB} => pcalua.exe -a C:\Users\dan\Downloads\53-5374-My_Trails_install.exe -d C:\Users\dan\Downloads
Task: {938F695B-A85A-41B6-9926-DFACD4B78D42} - System32\Tasks\SystemToolsDailyTest-Retry => uaclauncher.exe
Task: {98540084-69FA-4445-8272-6584137090AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {AA95C263-E00C-48AE-BC35-A11CF969A46D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {B479358E-EDA0-4926-BC92-313B2525D4ED} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {C9786354-CBB7-4238-98D3-877FCFEAFAE6} - System32\Tasks\Chrome => C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION
Task: {E751806D-C764-45EE-86C9-4656C7F32ED4} - System32\Tasks\{07DD1568-6688-4354-A1E3-44FACBA0B9F6} => pcalua.exe -a "C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KY2231UV\ps2pdf995[1].exe" -d C:\Users\dan\Desktop
Task: {FE7D5C7C-AF5F-4520-8FC3-973E44341EB0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-18 20:18 - 2006-10-19 20:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-08-21 17:03 - 2010-04-05 14:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-10-17 15:41 - 2013-10-17 15:41 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2009-09-25 13:57 - 2009-09-25 13:57 - 00245248 _____ () C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-17 15:40 - 2013-10-17 15:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-10-17 15:40 - 2013-10-17 15:40 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-10-17 15:40 - 2013-10-17 15:40 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-10-17 15:40 - 2013-10-17 15:40 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-10-17 15:40 - 2013-10-17 15:40 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-10-17 15:42 - 2013-10-17 15:42 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2013-10-17 15:43 - 2013-10-17 15:43 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2011-05-22 12:21 - 2011-05-22 12:21 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-29 23:22 - 2015-01-29 23:22 - 00023552 _____ () C:\Users\dan\AppData\Local\olvbesb.dll
2011-09-04 12:42 - 2007-02-16 19:01 - 00081920 _____ () C:\Program Files (x86)\FinePixViewer\wia_register_event.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2015-01-26 20:29 - 2015-01-25 01:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-26 20:29 - 2015-01-25 01:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-26 20:29 - 2015-01-25 01:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2012-03-31 06:18 - 2012-03-31 06:18 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2012-03-31 06:18 - 2012-03-31 06:18 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-04-16 14:21 - 2004-04-22 08:56 - 00137728 _____ () C:\Program Files (x86)\gsak\oziapi.dll
2011-04-16 14:21 - 2012-07-30 08:31 - 01679872 _____ () C:\Program Files (x86)\gsak\gss.dll
2012-07-27 17:56 - 2012-02-07 14:29 - 01145344 _____ () C:\Program Files (x86)\gsak\png.dll
2014-09-18 05:57 - 2014-03-25 04:42 - 01310208 _____ () C:\Program Files (x86)\gsak\mtp.dll
2012-07-27 17:56 - 2012-08-06 16:38 - 00577536 _____ () C:\Windows\SysWow64\ChilkatCsv.dll
2015-01-26 20:29 - 2015-01-25 01:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
2011-11-21 23:23 - 2011-11-21 23:23 - 00300416 _____ () C:\Users\dan\AppData\Roaming\BtvStack.dll
2015-01-29 23:29 - 2015-01-29 23:29 - 38714368 _____ () C:\Users\dan\AppData\Roaming\Local Store\libcef.dll
2015-01-29 23:29 - 2015-01-29 23:29 - 00873472 _____ () C:\Users\dan\AppData\Roaming\Local Store\ffmpegsumo.dll
2015-01-29 23:29 - 2015-01-29 23:29 - 16840880 _____ () C:\Users\dan\AppData\Roaming\Local Store\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:15BB53C4BE20EF1B
AlternateDataStreams: C:\ProgramData\Temp:5F64C164
AlternateDataStreams: C:\Users\dan\Downloads\NBA 2K15 Hack Tool Downloader__3687_i1431674723_il902867.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2942160000-1570739608-1532913844-500 - Administrator - Disabled)
dan (S-1-5-21-2942160000-1570739608-1532913844-1001 - Administrator - Enabled) => C:\Users\dan
Guest (S-1-5-21-2942160000-1570739608-1532913844-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2942160000-1570739608-1532913844-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 07:05:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/03/2015 07:05:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/02/2015 08:01:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/02/2015 08:01:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/02/2015 05:01:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/02/2015 05:01:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/01/2015 06:41:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/01/2015 06:41:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (01/31/2015 01:54:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (01/31/2015 01:54:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)


System errors:
=============
Error: (02/01/2015 09:21:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

Error: (02/01/2015 06:46:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

Error: (02/01/2015 06:45:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}

Error: (01/31/2015 05:18:40 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume \\?\Volume{8b1fb27e-6dea-11e0-b34c-782bcb8e2d01} were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (01/31/2015 05:13:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}

Error: (01/30/2015 05:32:32 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/30/2015 06:23:02 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\wisptis.exe -Embedding740{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}

Error: (01/29/2015 11:22:22 PM) (Source: DCOM) (EventID: 10016) (User: DADPC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}DADPCdanS-1-5-21-2942160000-1570739608-1532913844-1001LocalHost (Using LRPC)

Error: (01/28/2015 05:38:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}

Error: (01/25/2015 06:42:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Proxy Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (02/03/2015 07:05:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/03/2015 07:05:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/02/2015 08:01:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/02/2015 08:01:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/02/2015 05:01:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/02/2015 05:01:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/01/2015 06:41:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (02/01/2015 06:41:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (01/31/2015 01:54:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (01/31/2015 01:54:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)


CodeIntegrity Errors:
===================================
Date: 2013-02-07 17:51:22.920
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\SET6491.tmp because the set of per-page image hashes could not be found on the system.

Date: 2013-02-07 17:51:22.918
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\SET6491.tmp because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 46%
Total physical RAM: 7991.12 MB
Available physical RAM: 4311.56 MB
Total Pagefile: 15980.42 MB
Available Pagefile: 10284.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:763.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B0AA1DEE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 08 February 2015 - 09:44 AM.
Posted logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:06 PM

Posted 08 February 2015 - 09:50 AM

Greetings Dan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review what you have posted and I will reply back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:06 PM

Posted 08 February 2015 - 10:24 AM

Thank you for your patience.

I would caution you against the downloading of crack software as these are the means by which computer systems can be infected, sometimes irreversably so.

Can you tell me if you set this Proxy?
 

ProxyServer: [.DEFAULT] => http=127.0.0.1:54013;https=127.0.0.1:54013



Please run the below for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [olvbesb] => rundll32 "C:\Users\dan\AppData\Local\olvbesb.dll",olvbesb <===== ATTENTION
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\MountPoints2: {c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963} - D:\setup.exe
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll File Not Found
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> No File
BHO-x32: No Name -> {90eee664-34b1-422a-a782-779af65cdf6d} -> No File
Toolbar: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
U2 V2iMount; No ImagePath
2015-01-12 17:05 - 2015-01-23 16:36 - 00000000 ____D () C:\ProgramData\ZurokUfihs
C:\Users\dan\gotomypc.exe
C:\Users\dan\neoteris_read_12919296.reg
C:\Users\dan\neoteris_read_9131644.reg
Task: {C9786354-CBB7-4238-98D3-877FCFEAFAE6} - System32\Tasks\Chrome => C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:15BB53C4BE20EF1B
AlternateDataStreams: C:\ProgramData\Temp:5F64C164
AlternateDataStreams: C:\Users\dan\Downloads\NBA 2K15 Hack Tool Downloader__3687_i1431674723_il902867.exe:typelib
C:\Users\dan\AppData\Local\olvbesb.dll
C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
*decrypt*
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Search.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Danbohlen

Danbohlen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 08 February 2015 - 12:43 PM

Thanks for your help!

 

1) NO I didn't set that proxy....

 

2) fixlog

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by dan at 2015-02-08 12:23:29 Run:1
Running from C:\Users\dan\Desktop
Loaded Profiles: dan (Available profiles: dan)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [olvbesb] => rundll32 "C:\Users\dan\AppData\Local\olvbesb.dll",olvbesb <===== ATTENTION
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\MountPoints2: {c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963} - D:\setup.exe
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll File Not Found
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> No File
BHO-x32: No Name -> {90eee664-34b1-422a-a782-779af65cdf6d} -> No File
Toolbar: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
U2 V2iMount; No ImagePath
2015-01-12 17:05 - 2015-01-23 16:36 - 00000000 ____D () C:\ProgramData\ZurokUfihs
C:\Users\dan\gotomypc.exe
C:\Users\dan\neoteris_read_12919296.reg
C:\Users\dan\neoteris_read_9131644.reg
Task: {C9786354-CBB7-4238-98D3-877FCFEAFAE6} - System32\Tasks\Chrome => C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:15BB53C4BE20EF1B
AlternateDataStreams: C:\ProgramData\Temp:5F64C164
AlternateDataStreams: C:\Users\dan\Downloads\NBA 2K15 Hack Tool Downloader__3687_i1431674723_il902867.exe:typelib
C:\Users\dan\AppData\Local\olvbesb.dll
C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe
 
*****************
 
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Windows\CurrentVersion\Run\\olvbesb => Value not found.
"HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963} => Key not found. 
"C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll" => Value Data removed successfully.
"C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found. 
HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90eee664-34b1-422a-a782-779af65cdf6d}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{90eee664-34b1-422a-a782-779af65cdf6d} => Key not found. 
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. 
V2iMount => Service deleted successfully.
C:\ProgramData\ZurokUfihs => Moved successfully.
C:\Users\dan\gotomypc.exe => Moved successfully.
C:\Users\dan\neoteris_read_12919296.reg => Moved successfully.
C:\Users\dan\neoteris_read_9131644.reg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9786354-CBB7-4238-98D3-877FCFEAFAE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9786354-CBB7-4238-98D3-877FCFEAFAE6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Chrome => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chrome" => Key deleted successfully.
C:\Windows => ":15BB53C4BE20EF1B" ADS removed successfully.
C:\ProgramData\Temp => ":5F64C164" ADS removed successfully.
"C:\Users\dan\Downloads\NBA 2K15 Hack Tool Downloader__3687_i1431674723_il902867.exe" => ":typelib" ADS not found.
"C:\Users\dan\AppData\Local\olvbesb.dll" => File/Directory not found.
"C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe" => File/Directory not found.
 
==== End of Fixlog 12:23:32 ====


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:06 PM

Posted 08 February 2015 - 02:02 PM

Thank you. Once you are able to complete the Search portion of the instructions and attach the System Summary report we can continue on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Danbohlen

Danbohlen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 09 February 2015 - 04:57 AM

try to but website froze



#7 Danbohlen

Danbohlen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 09 February 2015 - 04:59 AM

summary 


search 

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:06 PM

Posted 09 February 2015 - 08:38 AM

Thank you, please do this.

===================================================

Farbar's Recovery Scan Tool Decrypt Fixlist

--------------------
  • Double click the Search.txt document on your Desktop
  • Delete the following information which can be located at the top and the bottom of the document
 
Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by dan at 2015-02-08 12:28:53
Running from C:\Users\dan\Desktop
Boot Mode: Normal

================== Search Files: "*decrypt*" =============
  • Click File, Save As..., and save the document to your Desktop as Fixlist.txt
  • Close all documents
  • Delete Search.txt from your Desktop
  • Double click FRST.exe
  • Click Fix
  • Ignore any error messages you may see in the report
  • Attach the new Fixlog.txt report to your reply
  • Copy/paste the following in the Search Field
*decrypt*
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached Fixlog document
  • Search.txt

Edited by Oh My!, 09 February 2015 - 09:05 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 Danbohlen

Danbohlen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 10 February 2015 - 06:50 PM

I tried to cut and paste before but the webpage kept freezing.



#10 Danbohlen

Danbohlen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 10 February 2015 - 06:52 PM

attached as requested

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by dan at 2015-02-10 18:49:14 Run:2
Running from C:\Users\dan\Desktop
Loaded Profiles: dan (Available profiles: dan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

Content of fixlist:
*****************
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\Run: [olvbesb] => rundll32 "C:\Users\dan\AppData\Local\olvbesb.dll",olvbesb <===== ATTENTION
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\...\MountPoints2: {c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963} - D:\setup.exe
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll File Not Found
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> No File
BHO-x32: No Name -> {90eee664-34b1-422a-a782-779af65cdf6d} -> No File
Toolbar: HKU\S-1-5-21-2942160000-1570739608-1532913844-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
U2 V2iMount; No ImagePath
2015-01-12 17:05 - 2015-01-23 16:36 - 00000000 ____D () C:\ProgramData\ZurokUfihs
C:\Users\dan\gotomypc.exe
C:\Users\dan\neoteris_read_12919296.reg
C:\Users\dan\neoteris_read_9131644.reg
Task: {C9786354-CBB7-4238-98D3-877FCFEAFAE6} - System32\Tasks\Chrome => C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:15BB53C4BE20EF1B
AlternateDataStreams: C:\ProgramData\Temp:5F64C164
AlternateDataStreams: C:\Users\dan\Downloads\NBA 2K15 Hack Tool Downloader__3687_i1431674723_il902867.exe:typelib
C:\Users\dan\AppData\Local\olvbesb.dll
C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe

*****************

HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Windows\CurrentVersion\Run\\olvbesb => Value not found.
"HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963} => Key not found.
"C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll" => Value Data removed successfully.
"C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90eee664-34b1-422a-a782-779af65cdf6d}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{90eee664-34b1-422a-a782-779af65cdf6d} => Key not found.
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
V2iMount => Service deleted successfully.
C:\ProgramData\ZurokUfihs => Moved successfully.
C:\Users\dan\gotomypc.exe => Moved successfully.
C:\Users\dan\neoteris_read_12919296.reg => Moved successfully.
C:\Users\dan\neoteris_read_9131644.reg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9786354-CBB7-4238-98D3-877FCFEAFAE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9786354-CBB7-4238-98D3-877FCFEAFAE6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Chrome => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chrome" => Key deleted successfully.
C:\Windows => ":15BB53C4BE20EF1B" ADS removed successfully.
C:\ProgramData\Temp => ":5F64C164" ADS removed successfully.
"C:\Users\dan\Downloads\NBA 2K15 Hack Tool Downloader__3687_i1431674723_il902867.exe" => ":typelib" ADS not found.
"C:\Users\dan\AppData\Local\olvbesb.dll" => File/Directory not found.
"C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe" => File/Directory not found.

==== End of Fixlog 12:23:32 ====
*****************

Content of fixlist: => Error: No automatic fix found for this entry.
***************** => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Windows\CurrentVersion\Run\\olvbesb => Value not found.
"HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963} => Key not found.
"C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll" => Value Data not found.
"C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll" => Value Data not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key not found.
HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90eee664-34b1-422a-a782-779af65cdf6d} => Key not found.
HKCR\Wow6432Node\CLSID\{90eee664-34b1-422a-a782-779af65cdf6d} => Key not found.
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
V2iMount => Service not found.
"C:\ProgramData\ZurokUfihs" => File/Directory not found.
"C:\Users\dan\gotomypc.exe" => File/Directory not found.
"C:\Users\dan\neoteris_read_12919296.reg" => File/Directory not found.
"C:\Users\dan\neoteris_read_9131644.reg" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9786354-CBB7-4238-98D3-877FCFEAFAE6} => Key not found.
C:\Windows\System32\Tasks\Chrome not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chrome => Key not found.
"C:\Windows" => ":15BB53C4BE20EF1B" ADS not found.
"C:\ProgramData\Temp" => ":5F64C164" ADS not found.
"C:\Users\dan\Downloads\NBA 2K15 Hack Tool Downloader__3687_i1431674723_il902867.exe" => ":typelib" ADS not found.
"C:\Users\dan\AppData\Local\olvbesb.dll" => File/Directory not found.
"C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe" => File/Directory not found.
***************** => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Windows\CurrentVersion\Run\\olvbesb => Value not found. => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963}" => Key deleted successfully. => Error: No automatic fix found for this entry.
HKCR\CLSID\{c9e0d6ad-64d2-11e0-a3fb-806e6f6e6963} => Key not found. => Error: No automatic fix found for this entry.
"C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll => Value Data removed successfully." => File/Directory not found.
"C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll => Value Data removed successfully." => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully. => Error: No automatic fix found for this entry.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully. => Error: No automatic fix found for this entry.
"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully. => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found. => Error: No automatic fix found for this entry.
HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found. => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90eee664-34b1-422a-a782-779af65cdf6d}" => Key deleted successfully. => Error: No automatic fix found for this entry.
HKCR\Wow6432Node\CLSID\{90eee664-34b1-422a-a782-779af65cdf6d} => Key not found. => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2942160000-1570739608-1532913844-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully. => Error: No automatic fix found for this entry.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. => Error: No automatic fix found for this entry.
V2iMount => Service deleted successfully. => Error: No automatic fix found for this entry.
"C:\ProgramData\ZurokUfihs => Moved successfully." => File/Directory not found.
"C:\Users\dan\gotomypc.exe => Moved successfully." => File/Directory not found.
"C:\Users\dan\neoteris_read_12919296.reg => Moved successfully." => File/Directory not found.
"C:\Users\dan\neoteris_read_9131644.reg => Moved successfully." => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9786354-CBB7-4238-98D3-877FCFEAFAE6}" => Key deleted successfully. => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9786354-CBB7-4238-98D3-877FCFEAFAE6}" => Key deleted successfully. => Error: No automatic fix found for this entry.
"C:\Windows\System32\Tasks\Chrome => Moved successfully." => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chrome" => Key deleted successfully. => Error: No automatic fix found for this entry.
"C:\Windows => :15BB53C4BE20EF1B" ADS removed successfully." => File/Directory not found.
"C:\ProgramData\Temp => :5F64C164" ADS removed successfully." => File/Directory not found.
"C:\Users\dan\Downloads\NBA 2K15 Hack Tool Downloader__3687_i1431674723_il902867.exe => ":typelib" ADS not found." => File/Directory not found.
"C:\Users\dan\AppData\Local\olvbesb.dll => File/Directory not found." => File/Directory not found.
"C:\Users\dan\AppData\Local\Temp\Rau\PackerV2.exe => File/Directory not found." => File/Directory not found.
==== End of Fixlog 12:23:32 ==== => Error: No automatic fix found for this entry.

==== End of Fixlog 18:49:15 ====

Attached Files


Edited by Oh My!, 10 February 2015 - 07:46 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:06 PM

Posted 10 February 2015 - 07:54 PM

Greetings,

Unfortunately this is not the right log information. Were you able to successfully complete the steps in Post #8? That is the post where we are using the Search.txt document and deleting the top and bottom portion as directed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Danbohlen

Danbohlen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 11 February 2015 - 06:35 PM

I thought I did. What do you need?

#13 Danbohlen

Danbohlen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 11 February 2015 - 07:29 PM

OK did it again attached is the new fixlog.txt

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:06 PM

Posted 11 February 2015 - 07:59 PM

No file is attached. In order to make sure we have the right log open it up and see if you find the word decrypt inside.  This should be a large file.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#15 Danbohlen

Danbohlen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 13 February 2015 - 07:34 PM

Attached File  Fixlog.zip   43.61KB   1 downloadsAttached File  Search (2).zip   18.78KB   1 downloads
attached now




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users